• VMware

    Learn about VMware virtualization for its products like vsphere, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • A successful man is one who can lay a firm foundation with the bricks others have thrown at him!!!

    Friday, October 05, 2012

    Give individual permission on directories using setfacl in linux

    Generally we use chmod and chown to give user wise or group wise permission and ownership on directories and files in linux but again if you want to five some special permission to a particular user or group on any particular directory then both the above commands won't help you. In such conditions 'setfacl' utility plays its vital role and is very useful. Using 'setfacl' you can give individual permission on the basis of user or group name on any particular directory or files.

    Syntax:
    To set the permission for any user
    # setfacl -m u:username:permission /path/to/directory
    To set the permission for any group
    # setfacl -m g:groupname:permission /path/to/directory
    To view the permission
    # getfacl /path/to/directory
    To remove individual acl for any user
    # setfacl -x username /path/to/directory
    To remove all the acl added by setfacl
    # setfacl -b /path/to/directory
    To remove the default acls on any directory
    # setfacl -d /path/to/directory
    Examples:
    To add an acl for user deepak with read and execute permission on mydata directory
    # setfacl -m u:deepak:r-x /mydata
    To add an acl for group admin on any directories
    # setfacl -m g:admin:rwx /mydata
    To add the acl recusively on all the sub directories
    # setfacl -Rm -u:deepak:r-x /mydata/
    To view the acl entries on mydata
    # getfacl /mydata
    # file: new
    # owner: root
    # group: root
    user:deepak:r-x
    group:admin:rwx
    group::r-x
    mask::r-x
    other::r-x

    # ls -l / | grep mydata
    drwxr-xr-x+ 2 root root 4096 Oct 3 16:49 mydata

    So here you can see '+' sign is added at the last of permission section of the directory which means that acl is active on that directory.

    To remove a particular acl from the directory
    # setfacl -x u:deepak /mydata
    To remove all the acls from any directories
    # setfacl -b /mydata
    For further examples you can go to man page for setfacl

    Follow below links for more tutorials

    0 comments:

    Post a Comment