setfacl命令是用来在命令行里设置ACL(访问控制列表)。在命令行里,一系列的命令跟随以一系列的文件名。
1、属主和属组为root,任何人都不能执行:
[[email protected]]# chmod 644 hosts
[[email protected]]# ll
total 4
-rw-r--r-- 1root root 218 May 7 16:33 hosts
2、用户tom能够读取;
[[email protected] ~]#setfacl -m u:tom:r /var/tmp/hosts
3、用户jerry没有任何权限;
[[email protected] ~]#setfacl -m u:jerry:- /var/tmp/hosts
4、其它和将来新增加的用户能够读
[[email protected] ~]# setfacl -m o::r /var/tmp/hosts
[[email protected] ~]# ll /var/tmp/hosts
-rw-r--r--+ 1 root root 218 May 7 16:33 /var/tmp/hosts
[[email protected] ~]# getfacl /var/tmp/hosts
getfacl: Removing leading ‘/‘ from absolutepath names
# file: var/tmp/hosts
# owner: root
# group: root
user::rw-
user:tom:r--
user:jerry:---
group::r--
mask::r--
other::r--
时间: 2024-12-24 19:35:49