setfacl - set file access control lists / getfacl - get file access control lists
作用
chmod命令可以把文件权限分为u、g、o三个组,而setfacl可以对每一个文件或目录设置更精确的文件权限,setfacl可以更精确的控制权限的分配。
help
# setfacl --help
setfacl 2.2.51 -- set file access control lists
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL of file(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask
-d, --default operations apply to the default ACL
-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
--restore=file restore ACLs (inverse of `getfacl -R')
--test test mode (ACLs are not modified)
-v, --version print version and exit
-h, --help this help text
使用
- 添加:
setfacl -m user:xiexianbin:rw- ./test.txt
- 查看:
getfacl ./test.txt / getfacl --omit-header ./test.txt
- 删除:
setfacl -b ./test.txt