Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 701 — #727
i
i
i
i
i
i
i
i
27
Access Control Lists in Linux
entries owner, owning group, and other. In fact, in the case of this min-
imum ACL, the getfacl command does not produce any informa-
tion you could not have obtained with ls.
Your first modification of the ACL is the assignment of read, write,
and execute permissions to an additional user jane and an addi-
tional group djungle.
setfacl -m user:jane:rwx,group:djungle:rwx mydir
The option -m prompts setfacl to modify the existing ACL. The
following argument indicates the ACL entries to modify (several en-
tries are separated by commas). The final part specifies the name of
the directory to which these modifications should be applied. Use the
getfacl command to take a look at the resulting ACL.
# file: mydir
# owner: tux
# group: project3
user::rwx
user:jane:rwx
group::r-x
group:djungle:rwx
mask::rwx
other::---
In addition to the entries initiated for the user jane and the group
djungle, a mask entry has been generated. This mask entry is set au-
tomatically to reduce all entries in the group class to a common de-
nominator. Furthermore, setfacl automatically adapts existing
mask entries to the settings modified, provided you do not deactivate
this feature with -n. mask defines the maximum effective access per-
missions for all entries in the group class. This includes named user,
named group, and owning group. The group class permission bits that
would be displayed by ls -dl mydir now correspond to the mask
entry.
drwxrwx---+ ... tux project3 ... mydir
The first column of the output now contains an additional + to indi-
cate that there is an extended ACL for this item.
701
SUSE LINUX Enterprise Server