510 lines
98 KiB
HTML
510 lines
98 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="zh-CN">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="renderer" content="webkit">
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"/>
|
||
<meta name="description" content="setfacl:设置文件访问控制列表 - 最专业的Linux命令大全,内容包含Linux命令手册、详解、学习,值得收藏的Linux命令速查手册。">
|
||
<meta name="keywords" content="Linux,Command,命令大全,Linux命令手册,setfacl,设置文件访问控制列表">
|
||
<title>setfacl 命令,Linux setfacl 命令详解:设置文件访问控制列表 - Linux 命令搜索引擎</title>
|
||
<link rel="shortcut icon" href="../img/favicon.ico">
|
||
<link rel="stylesheet" type="text/css" href="../css/index.css?v=1752771430401">
|
||
<script src="../js/dark-mode.min.js"></script>
|
||
<script type="module" src="../js/github-corners.js"></script>
|
||
</head>
|
||
<body>
|
||
<dark-mode permanent dark="Dark" light="Light" style="position: fixed;left: 10px;top: 8px; z-index: 999;"></dark-mode>
|
||
<github-corners target="__blank" z-index="999" position="fixed" href="https://github.com/jaywcjlove/linux-command"></github-corners>
|
||
<div class="header header_list">
|
||
<div class="header_inner">
|
||
<div class="logo">
|
||
<a href="/">
|
||
<svg width="183px" height="48px" viewBox="0 0 183 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <!-- kenny wang <wowohoo@qq.com> https://github.com/jaywcjlove --> <title>logo</title> <desc>Linux Command Logo. https://github.com/jaywcjlove</desc><g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> <g transform="translate(-576.000000, -261.000000)" fill="currentColor"> <g id="logo" transform="translate(576.000000, 261.000000)"> <path d="M20.4917792,0.000336524232 C20.1886146,-0.000100520225 19.8723998,0.0124863601 19.542641,0.0387964365 C11.2083649,0.710004944 13.4186692,9.51473754 13.2949769,12.4631618 C13.1427718,14.6193207 12.7056049,16.3185233 11.2226825,18.426428 C9.48047033,20.4982285 7.02763261,23.8514609 5.86566251,27.3420607 C5.3172635,28.9894735 5.05630425,30.6686289 5.29730805,32.2578406 C5.22181299,32.325447 5.14994103,32.3962788 5.08160039,32.469239 C4.57008792,33.0153217 4.19213625,33.6769851 3.77100458,34.1224689 C3.37755968,34.5149436 2.81698897,34.6642292 2.20097918,34.8852382 C1.58472464,35.1063477 0.908127379,35.4323261 0.497432332,36.2204265 C0.497432332,36.2204265 0.497432332,36.2207368 0.49712203,36.2207368 C0.496684986,36.222048 0.495373852,36.2233591 0.494936808,36.2246702 L0.494936808,36.2246702 C0.123151829,36.919077 0.233680372,37.718746 0.347224522,38.4596325 C0.460773043,39.2004972 0.575720105,39.9005856 0.423139144,40.3755699 C-0.0645762474,41.7086473 -0.126850712,42.6307542 0.216491414,43.2996202 C0.560563403,43.9698759 1.2680029,44.2657113 2.06756262,44.432706 C3.66668644,44.7666954 5.83232039,44.6837094 7.53908826,45.5883128 L7.68579097,45.3115063 L7.54060917,45.5891344 C9.36778716,46.5444437 11.2201913,46.8837519 12.698079,46.5461831 C13.7695766,46.3014513 14.6393781,45.6634363 15.0860725,44.6816946 C16.2420201,44.6760567 17.5104717,44.1864315 19.5423657,44.0745568 C20.9208039,43.9635213 22.6427241,44.564051 24.6233484,44.4540775 C24.6751207,44.6689591 24.750052,44.8756375 24.8526175,45.0720452 C24.8539287,45.0742305 24.8548028,45.0759786 24.8556769,45.0780328 C25.6234722,46.6133699 27.0500902,47.3156173 28.570428,47.1956355 C30.0927718,47.075492 31.711331,46.1778551 33.0196848,44.6208231 L32.7798304,44.4192582 L33.0215204,44.618616 C34.2685787,43.1065034 36.3384911,42.4794975 37.7110118,41.6516741 C38.3972721,41.2377581 38.9541192,40.7194802 38.9971462,39.966706 C39.0401514,39.2142991 38.5984218,38.3711223 37.5826868,37.2436088 L37.5823765,37.2432985 C37.5820662,37.2428614 37.5815024,37.2424244 37.5810654,37.2415503 C37.2473295,36.8644028 37.0881185,36.1654026 36.91702,35.4210285 C36.7460395,34.6771089 36.5551865,33.8746254 35.9444344,33.3545687 L35.9444344,33.3545687 C35.9431233,33.3532575 35.9418121,33.3523835 35.940938,33.3515094 L35.940938,33.3515094 C35.6978714,33.1397045 35.4452772,32.9959518 35.1909042,32.8993694 C36.0400422,30.3810493 35.7068789,27.8734149 34.8497254,25.6073831 C33.7977638,22.8263338 31.9611937,20.4030752 30.5585738,18.7453569 C28.9885703,16.7650385 27.4529665,14.8848863 27.4832187,12.1079627 C27.5299825,7.86977213 27.9494053,0.0101787654 20.4914689,0 L20.4917792,0.000336524232 Z M21.5014393,6.5296802 C21.9246338,6.5296802 22.2860696,6.65372652 22.6573476,6.92320377 C23.0345213,7.1969553 23.3062494,7.53965497 23.5252523,8.01821865 C23.7401952,8.48461502 23.843613,8.94086321 23.8537568,9.48229573 C23.8537568,9.49649968 23.8537568,9.50864951 23.8576902,9.52285346 C23.8616236,10.0784681 23.7664397,10.5509481 23.5555483,11.0335676 C23.4352081,11.3089536 23.2970146,11.540089 23.1316064,11.7401941 C23.0754506,11.7132285 23.0171357,11.6873118 22.9566488,11.6624396 L22.9566488,11.6624396 C22.5373789,11.4828667 22.2157491,11.3685884 21.9476879,11.2755722 C22.044856,11.158772 22.1257661,11.0202464 22.1969169,10.8470719 C22.3043949,10.5854877 22.3571155,10.3299784 22.367255,10.025813 C22.367255,10.0136631 22.3711884,10.00348 22.3711884,9.98931975 C22.3772633,9.69732161 22.3387597,9.44789596 22.2535753,9.19239103 C22.1643483,8.92472316 22.0507955,8.73208707 21.886541,8.57188842 C21.722291,8.41168541 21.5580366,8.33869024 21.361336,8.33260221 C21.3521143,8.33216517 21.3429364,8.33216517 21.3338459,8.33216517 C21.1488275,8.33260221 20.9881699,8.39616596 20.8219532,8.53532529 C20.6475593,8.6813331 20.5177834,8.86788115 20.4103054,9.12744186 C20.3028318,9.38699819 20.2501067,9.64452664 20.239976,9.95073309 C20.2377908,9.96288293 20.2377908,9.97306607 20.2377908,9.9852159 C20.2342945,10.1535261 20.2449584,10.307711 20.2709188,10.4574381 C19.8923378,10.2687966 19.535574,10.1401875 19.2007499,10.0604924 C19.181651,9.91570835 19.1706375,9.76629596 19.1670975,9.61007442 L19.1670975,9.56750629 C19.1610225,9.01391519 19.2522643,8.53941165 19.4651836,8.05679657 C19.6781029,7.57417712 19.9417194,7.2274173 20.3128051,6.94555422 C20.6838952,6.66369114 21.0488973,6.53391079 21.4808239,6.52985938 L21.5010154,6.52985938 L21.5014393,6.5296802 Z M15.7091362,6.98827969 C15.9898804,6.98871673 16.2410892,7.0827381 16.5009296,7.29023807 C16.7828014,7.51531597 16.9957164,7.80326271 17.1741616,8.20882685 C17.3526112,8.614391 17.4479175,9.01995077 17.4742757,9.49851445 L17.4742757,9.50244785 C17.4870374,9.70344023 17.485464,9.89263677 17.469643,10.0758677 C17.4141165,10.091645 17.3597045,10.1087334 17.3064069,10.1270762 C17.0036968,10.2312719 16.7369205,10.373272 16.5044085,10.5268101 C16.5271785,10.366205 16.5305437,10.2032486 16.5131057,10.0215605 C16.5109204,10.0114211 16.5109204,10.0032921 16.5109204,9.99319633 C16.4865771,9.75189098 16.435893,9.54911109 16.3507218,9.34429895 C16.2594713,9.131384 16.1580813,8.98132478 16.0242452,8.86573527 C15.9029566,8.76098882 15.7883592,8.71289208 15.6622806,8.71384046 C15.6492567,8.71384046 15.636058,8.71427751 15.6227281,8.71558864 C15.4807804,8.72773848 15.3631674,8.79669098 15.251638,8.93255936 C15.1401086,9.068419 15.0671091,9.23672919 15.0143884,9.4597792 C14.9616634,9.68284232 14.9474682,9.90184967 14.9697706,10.1532945 C14.9697706,10.1634339 14.9719558,10.1715629 14.9719558,10.1816586 C14.9962992,10.4249963 15.0449553,10.6277718 15.1321501,10.8325883 C15.2213771,11.0434797 15.3247905,11.1935346 15.4586266,11.3091153 C15.481047,11.3284764 15.5032139,11.3458708 15.525289,11.361399 C15.3860816,11.468536 15.3196072,11.5179308 15.2055298,11.6017559 C15.1323642,11.6554425 15.0452263,11.7193646 14.94395,11.7940162 C14.7230765,11.5871106 14.5507673,11.3270648 14.4001137,10.984671 C14.2216641,10.5791112 14.1263578,10.1735471 14.0979674,9.69498342 L14.0979674,9.69105002 C14.0716136,9.21249508 14.1182463,8.8008429 14.2500545,8.37500864 C14.3818627,7.94916563 14.5582845,7.6409444 14.813785,7.38745861 C15.06929,7.13399031 15.3268184,7.00623784 15.6370763,6.99001912 C15.6613322,6.98870799 15.6853347,6.98827095 15.709123,6.98827095 L15.7091362,6.98827969 Z M18.3434478,10.3083666 C18.9959552,10.3057443 19.7811624,10.5197693 20.731756,11.1309629 C21.3156605,11.5106715 21.7700031,11.5424053 22.8162176,11.9904939 L22.8175288,11.9909309 L22.8188399,11.991368 C23.322219,12.1979021 23.6176741,12.4671083 23.7620255,12.7505841 C23.906377,13.034073 23.9099039,13.3414857 23.7890786,13.6648724 C23.5474411,14.3116676 22.7761407,14.9923468 21.6937826,15.3303395 L21.6929085,15.3307766 L21.6920344,15.3312136 C21.1642857,15.5026793 20.7040867,15.8813302 20.1615484,16.1915706 C19.6190277,16.5017979 19.00512,16.7520102 18.1703739,16.7037212 C18.1703739,16.7037168 18.1703739,16.7037212 18.1703739,16.7037212 C17.4597396,16.6622893 17.0349499,16.4210539 16.650849,16.1123607 C16.2667437,15.8036631 15.9320245,15.4158517 15.4418966,15.1280491 L15.4405854,15.1271751 L15.4392743,15.126301 C14.6497885,14.6800742 14.2187709,14.163964 14.0834969,13.7165354 C13.9482185,13.2691068 14.075193,12.8871911 14.4668766,12.5936327 C14.9072645,12.2635986 15.2131825,12.0390976 15.4169632,11.8895453 C15.6194022,11.7409983 15.703625,11.685297 15.7680935,11.623394 C15.7684038,11.622957 15.7685305,11.622957 15.7689675,11.6225199 L15.7692735,11.6220829 C16.1001729,11.3088706 16.6276463,10.738226 17.4227569,10.4645313 C17.696421,10.3703264 18.001784,10.3095466 18.3435746,10.3081961 L18.3434478,10.3083666 Z M22.9062619,13.0069369 C22.6246829,13.0237631 22.3297828,13.1687002 21.9864013,13.3604054 C21.6430199,13.5521105 21.256878,13.7973406 20.8384079,14.0388338 C20.0014721,14.5218204 19.038047,14.9837283 18.0805918,14.9837283 C17.1216551,14.9837283 16.3555118,14.5408493 15.7808726,14.0854752 C15.4935509,13.8577838 15.2564149,13.6284404 15.0669561,13.4510265 C14.9722311,13.3623109 14.8900799,13.2867065 14.8134179,13.2276487 C14.7367734,13.1685909 14.6743853,13.1100357 14.5461303,13.1100357 L14.5400116,13.3795435 C14.5308337,13.4697233 14.5213935,13.4669437 14.5251084,13.4693999 C14.5310959,13.4733333 14.5608587,13.4835601 14.5955731,13.5103509 C14.6519344,13.5537495 14.7301609,13.6245375 14.8230067,13.7114832 C15.0086981,13.8853788 15.2554403,14.124464 15.5592255,14.3652012 C16.166796,14.8466668 17.0117515,15.3406363 18.0806093,15.3406363 C19.1509618,15.3406363 20.1636375,14.8403471 21.016875,14.3479598 C21.4434872,14.1017639 21.8309534,13.8560094 22.1604324,13.6720705 C22.4898897,13.4881185 22.7670895,13.3727781 22.9275766,13.3632068 L22.9062925,13.00695 L22.9062619,13.0069369 Z M23.8576858,14.2878093 C24.5685911,17.0901733 26.2220701,21.1378562 27.2848005,23.113201 C27.8496849,24.1612205 28.9735097,26.3878921 29.4590574,29.0706371 C29.7667148,29.0611969 30.1054855,29.1059065 30.4682673,29.1987042 C31.7377591,25.907589 29.3917525,22.3626165 28.3189832,21.375368 C27.8858722,20.9551061 27.8650557,20.7668098 28.0797669,20.7757081 C29.2436775,21.8049915 30.7716374,23.8752142 31.3275492,26.211938 C31.581035,27.2774436 31.6350799,28.3975886 31.3630809,29.5030663 C31.4961478,29.5583437 31.6312951,29.6184504 31.7682604,29.683286 C33.806037,30.6755779 34.5596721,31.5384567 34.1973186,32.716121 C34.0779748,32.7117506 33.960576,32.7126247 33.8460659,32.7152469 C33.8354021,32.7155572 33.8247819,32.715684 33.814118,32.716121 C34.1092104,31.7826203 33.4554837,31.0941179 31.7135031,30.305952 C29.9067264,29.5110511 28.4669839,29.5901387 28.2236507,31.2022427 C28.2080919,31.2867016 28.1955487,31.3727644 28.1860212,31.460029 C28.05104,31.506902 27.9153158,31.5667509 27.7792552,31.6412014 C26.9308557,32.1054213 26.4677896,32.9477371 26.2102393,33.9808403 C25.9529032,35.0131131 25.8791213,36.2610673 25.8081016,37.6639101 L25.8081016,37.6647842 C25.7647031,38.3701826 25.4746935,39.3242507 25.1805582,40.3347805 C22.2207839,42.446033 18.1128938,43.3607409 14.6251435,40.9805006 C14.3887768,40.6065916 14.1176344,40.2361221 13.8385378,39.8707355 C13.6603154,39.6373843 13.4772332,39.4054841 13.2952172,39.1768225 C13.6532528,39.1768225 13.9575843,39.1184771 14.2035442,39.0069433 C14.5094142,38.8682516 14.724322,38.6454901 14.8306462,38.3594969 C15.0432858,37.7875325 14.8297721,36.9806654 14.1489836,36.0592664 C13.4682956,35.137933 12.3154554,34.0981212 10.6214273,33.0592009 C10.6214273,33.0592009 10.621117,33.0592009 10.621117,33.0588906 C9.37658486,32.2846183 8.68057408,31.3355981 8.3547924,30.3051959 C8.02898013,29.2747018 8.07466439,28.1604089 8.32577265,27.0602631 C8.80774091,24.9485692 10.0461107,22.8947793 10.8362565,21.605909 C11.0489879,21.4493815 10.9122629,21.8964561 10.0363515,23.5230089 C9.25134103,25.0101357 7.78376323,28.4420972 9.79314068,31.1210705 C9.84684033,29.2145776 10.3021401,27.2701931 11.0664741,25.45145 C12.1797968,22.9278068 14.5084483,18.5514927 14.6933968,15.0635108 C14.7887555,15.1327561 15.1164383,15.3538525 15.2624505,15.4368866 C15.2627608,15.4373237 15.2628875,15.4373237 15.2633246,15.4373237 C15.6905181,15.6888908 16.0113611,16.0566244 16.426903,16.3905832 C16.8432709,16.7252019 17.3634237,17.0142238 18.149269,17.0600129 L18.149269,17.0600129 C19.066516,17.113092 19.7655905,16.8289912 20.3383504,16.5014745 C20.9102449,16.1744603 21.3671137,15.8125482 21.7999582,15.6712779 C21.8003952,15.6708409 21.8012693,15.6708409 21.8017063,15.6708409 C22.7163355,15.3848215 23.44356,14.8785842 23.857393,14.2881327 L23.8576858,14.2878093 Z M29.6669682,30.3312962 C30.0374289,30.329548 30.4861993,30.4530917 30.9774372,30.6728508 C32.2995623,31.2832227 32.713238,31.8063999 32.3522873,32.5749338 C32.0481219,33.1548918 30.7462669,34.0775407 29.8540319,33.8342075 C28.9435503,33.5989814 28.4994564,32.2869871 28.6474877,31.2953987 C28.7267763,30.6220356 29.1076387,30.3339097 29.6669682,30.3312962 L29.6669682,30.3312962 Z M28.1710786,32.1433306 C28.2458176,33.3559191 28.8457529,34.5926195 29.9067526,34.8602742 C31.0678224,35.1661922 32.7418469,34.16998 33.4486352,33.3574182 C33.5895689,33.3517803 33.7273516,33.3448313 33.8611658,33.3416409 C34.4811527,33.3266503 35.001157,33.3620509 35.5324588,33.8267253 L35.534207,33.8284735 L35.5359552,33.8302216 C35.9442465,34.1761336 36.1383204,34.8298385 36.3066481,35.5621545 C36.4749627,36.294475 36.6095636,37.0920505 37.11435,37.6602345 L37.115224,37.6611086 L37.1156611,37.6619827 C38.0861227,38.7388952 38.3980544,39.4668146 38.3715083,39.931406 C38.344936,40.3960279 38.008556,40.7409347 37.3873891,41.1155867 C36.1455928,41.864576 33.9453056,42.5158727 32.5399192,44.2181871 C31.3196037,45.6704378 29.8315635,46.4680352 28.5210638,46.5714617 C27.2105642,46.6748883 26.0799127,46.1309646 25.4133237,44.793071 L25.4115756,44.7900117 L25.4098274,44.7869524 C24.9962959,44.0002986 25.1685614,42.758852 25.5169207,41.4493706 C25.8652845,40.1398937 26.3657922,38.7953264 26.4327911,37.7024923 L26.4327911,37.7007442 L26.4327911,37.698996 C26.5036666,36.2987755 26.5820418,35.0759688 26.8172504,34.1324728 C27.0524633,33.1889769 27.4228236,32.5499829 28.0790545,32.1909116 C28.109604,32.1742165 28.139948,32.1584392 28.1701128,32.1435097 L28.1710786,32.1433306 Z M6.86074718,32.2348346 C6.95869322,32.2351449 7.06234705,32.2434006 7.17277507,32.2601394 C7.91559769,32.3726653 8.5633675,32.8920358 9.18746261,33.7385341 C9.8115621,34.5850455 10.3922762,35.7405823 10.9892352,37.0223812 L10.9901093,37.0241294 L10.9905463,37.0258776 C11.4702594,38.0271115 12.4825418,39.128044 13.3403902,40.2511564 C14.1982341,41.3742689 14.8621527,42.5016163 14.7756966,43.3644732 L14.7753863,43.3684066 L14.775076,43.37234 C14.6632363,44.843978 13.8330966,45.6451198 12.5587449,45.9361914 C11.2847734,46.2271625 9.55771794,45.9379396 7.83269472,45.035587 L7.83094655,45.035587 C5.9224477,44.0247687 3.65205856,44.1251622 2.19566909,43.8209924 C1.46727769,43.6688572 0.99200058,43.44013 0.773862951,43.0151698 C0.55571221,42.5902315 0.550839164,41.8488511 1.01440785,40.5847437 L1.01659307,40.5791059 L1.01834125,40.573468 C1.24759292,39.8663213 1.07793226,39.0925822 0.96663015,38.3663367 C0.855328038,37.6400911 0.800894151,36.9795116 1.04888192,36.5190765 L1.05019305,36.5168913 L1.05150418,36.514706 C1.36900824,35.9026821 1.83472718,35.683902 2.41273159,35.4765375 C2.990736,35.2691556 3.67612223,35.1062953 4.21734934,34.5638925 L4.21997161,34.5612703 L4.22259387,34.558648 C4.72293985,34.0308163 5.09877623,33.3691834 5.53863963,32.8995879 C5.90977341,32.5033678 6.28118253,32.2407652 6.84099715,32.2368755 L6.86053303,32.2368755 L6.86074718,32.2348346 Z"></path> <path d="M58.5014648,40 L58.5014648,6.7578125 L65.4194336,6.7578125 L65.4194336,35.2832031 L80.4008789,35.2832031 L80.4008789,40 L58.5014648,40 L58.5014648,40 L58.5014648,40 Z M86.2524414,40 L86.2524414,15.3378906 L92.9008789,15.3378906 L92.9008789,40 L86.2524414,40 L86.2524414,40 L86.2524414,40 Z M86.2524414,11.1826172 L86.2524414,5.63476562 L92.9008789,5.63476562 L92.9008789,11.1826172 L86.2524414,11.1826172 L86.2524414,11.1826172 L86.2524414,11.1826172 Z M100.211426,40 L100.211426,15.3378906 L106.859863,15.3378906 L106.859863,19.9873047 C109.031098,16.513329 111.8312,14.7763672 115.260254,14.7763672 C117.461437,14.7763672 119.198399,15.4726493 120.471191,16.8652344 C121.743984,18.2578195 122.380371,20.1594932 122.380371,22.5703125 L122.380371,40 L115.731934,40 L115.731934,24.2099609 C115.731934,21.4098167 114.803557,20.0097656 112.946777,20.0097656 C110.835439,20.0097656 108.806488,21.4996596 106.859863,24.4794922 L106.859863,40 L100.211426,40 L100.211426,40 L100.211426,40 Z M145.672363,40 L145.672363,35.3505859 C143.516102,38.8245616 140.716,40.5615234 137.271973,40.5615234 C135.07079,40.5615234 133.333828,39.8652413 132.061035,38.4726562 C130.788242,37.0800712 130.151855,35.1783975 130.151855,32.7675781 L130.151855,15.3378906 L136.800293,15.3378906 L136.800293,31.1279297 C136.800293,33.9280739 137.736156,35.328125 139.60791,35.328125 C141.704275,35.328125 143.725739,33.838231 145.672363,30.8583984 L145.672363,15.3378906 L152.320801,15.3378906 L152.320801,40 L145.672363,40 L145.672363,40 L145.672363,40 Z M158.003418,40 L166.471191,27.6240234 L158.362793,15.3378906 L165.932129,15.3378906 L171.23291,23.1542969 L176.309082,15.3378906 L181.699707,15.3378906 L173.973145,27.4443359 L182.26123,40 L174.691895,40 L169.166504,31.8466797 L163.506348,40 L158.003418,40 L158.003418,40 L158.003418,40 Z"></path> </g> </g> </g> </svg>
|
||
</a>
|
||
</div>
|
||
<div class="search">
|
||
<ul class="search-list" id="result">
|
||
<!-- <li><a href="#"><strong>find</strong> - 指定目录下查找文件。</a></li> -->
|
||
</ul>
|
||
<input type="text" class="query" id="query" autocomplete="off" autofocus="autofocus" placeholder="Linux 命令搜索"/>
|
||
<div class="enter-input">
|
||
<input type="hidden" id="current_path" value="/c/setfacl.html">
|
||
<button id="search_btn">搜索</button>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<script type="text/javascript" src="../js/copy-to-clipboard.js"></script>
|
||
|
||
<div class="markdown-body">
|
||
|
||
<span class="edit_btn">
|
||
<a target="_blank" href="https://github.com/jaywcjlove/linux-command/edit/master/command/setfacl.md">纠正错误</a>
|
||
<span class="split"></span>
|
||
<a target="_blank" href="https://github.com/jaywcjlove/linux-command/edit/master/command/setfacl.md">添加实例</a>
|
||
</span>
|
||
|
||
|
||
<dark-mode style="position: fixed; top: 8px; left: 10px; z-index: 999;;display: none;" dark="Dark" light="Light"></dark-mode><script>const t=document;const e="_dark_mode_theme_";const s="permanent";const o="colorschemechange";const i="permanentcolorscheme";const h="light";const r="dark";const n=(t,e,s=e)=>{Object.defineProperty(t,s,{enumerable:true,get(){const t=this.getAttribute(e);return t===null?"":t},set(t){this.setAttribute(e,t)}})};const c=(t,e,s=e)=>{Object.defineProperty(t,s,{enumerable:true,get(){return this.hasAttribute(e)},set(t){if(t){this.setAttribute(e,"")}else{this.removeAttribute(e)}}})};class a extends HTMLElement{static get observedAttributes(){return["mode",h,r,s]}LOCAL_NANE=e;constructor(){super();this.t()}connectedCallback(){n(this,"mode");n(this,r);n(this,h);c(this,s);const a=localStorage.getItem(e);if(a&&[h,r].includes(a)){this.mode=a;this.permanent=true}if(this.permanent&&!a){localStorage.setItem(e,this.mode)}const l=[h,r].includes(a);if(this.permanent&&a){this.o()}else{if(window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches){this.mode=r;this.o()}if(window.matchMedia&&window.matchMedia("(prefers-color-scheme: light)").matches){this.mode=h;this.o()}}if(!this.permanent&&!l){window.matchMedia("(prefers-color-scheme: light)").onchange=t=>{this.mode=t.matches?h:r;this.o()};window.matchMedia("(prefers-color-scheme: dark)").onchange=t=>{this.mode=t.matches?r:h;this.o()}}const d=new MutationObserver(((s,h)=>{this.mode=t.documentElement.dataset.colorMode;if(this.permanent&&l){localStorage.setItem(e,this.mode);this.i(i,{permanent:this.permanent})}this.h();this.i(o,{colorScheme:this.mode})}));d.observe(t.documentElement,{attributes:true});this.i(o,{colorScheme:this.mode});this.h()}attributeChangedCallback(t,s,o){if(t==="mode"&&s!==o&&[h,r].includes(o)){const t=localStorage.getItem(e);if(this.mode===t){this.mode=o;this.h();this.o()}else if(this.mode&&this.mode!==t){this.h();this.o()}}else if((t===h||t===r)&&s!==o){this.h()}if(t==="permanent"&&typeof this.permanent==="boolean"){this.permanent?localStorage.setItem(e,this.mode):localStorage.removeItem(e)}}o(){t.documentElement.setAttribute("data-color-mode",this.mode)}h(){this.icon.textContent=this.mode===h?"🌒":"🌞";this.text.textContent=this.mode===h?this.getAttribute(r):this.getAttribute(h)}t(){var s=this.attachShadow({mode:"open"});this.label=t.createElement("span");this.label.setAttribute("class","wrapper");this.label.onclick=()=>{this.mode=this.mode===h?r:h;if(this.permanent){localStorage.setItem(e,this.mode)}this.o();this.h()};s.appendChild(this.label);this.icon=t.createElement("span");this.label.appendChild(this.icon);this.text=t.createElement("span");this.label.appendChild(this.text);const o=`
|
||
[data-color-mode*='dark'], [data-color-mode*='dark'] body {
|
||
color-scheme: dark;
|
||
--color-theme-bg: #0d1117;
|
||
--color-theme-text: #c9d1d9;
|
||
background-color: var(--color-theme-bg);
|
||
color: var(--color-theme-text);
|
||
}
|
||
|
||
[data-color-mode*='light'], [data-color-mode*='light'] body {
|
||
color-scheme: light;
|
||
--color-theme-bg: #fff;
|
||
--color-theme-text: #24292f;
|
||
background-color: var(--color-theme-bg);
|
||
color: var(--color-theme-text);
|
||
}`;const i="_dark_mode_style_";const n=t.getElementById(i);if(!n){var c=t.createElement("style");c.id=i;c.textContent=o;t.head.appendChild(c)}var a=t.createElement("style");a.textContent=`
|
||
.wrapper { cursor: pointer; user-select: none; position: relative; }
|
||
.wrapper > span + span { margin-left: .4rem; }
|
||
`;s.appendChild(a)}i(t,e){this.dispatchEvent(new CustomEvent(t,{bubbles:true,composed:true,detail:e}))}}customElements.define("dark-mode",a);</script><script>const __TEMPLATE__ = document.createElement('template');
|
||
__TEMPLATE__.innerHTML = `
|
||
<style>
|
||
|
||
markdown-style h1:hover a.anchor .octicon-link:before,
|
||
markdown-style h2:hover a.anchor .octicon-link:before,
|
||
markdown-style h3:hover a.anchor .octicon-link:before,
|
||
markdown-style h4:hover a.anchor .octicon-link:before,
|
||
markdown-style h5:hover a.anchor .octicon-link:before,
|
||
markdown-style h6:hover a.anchor .octicon-link:before {
|
||
width: 16px;
|
||
height: 16px;
|
||
content: ' ';
|
||
display: inline-block;
|
||
background-color: currentColor;
|
||
-webkit-mask-image: url("data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' version='1.1' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg>");
|
||
mask-image: url("data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' version='1.1' aria-hidden='true'><path fill-rule='evenodd' d='M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z'></path></svg>");
|
||
}
|
||
[data-color-mode*='light'], [data-color-mode*='light'] body, markdown-style[theme*='light'] { --color-prettylights-syntax-comment: #6e7781; --color-prettylights-syntax-constant: #0550ae; --color-prettylights-syntax-entity: #8250df; --color-prettylights-syntax-storage-modifier-import: #24292f; --color-prettylights-syntax-entity-tag: #116329; --color-prettylights-syntax-keyword: #cf222e; --color-prettylights-syntax-string: #0a3069; --color-prettylights-syntax-variable: #953800; --color-prettylights-syntax-brackethighlighter-unmatched: #82071e; --color-prettylights-syntax-invalid-illegal-text: #f6f8fa; --color-prettylights-syntax-invalid-illegal-bg: #82071e; --color-prettylights-syntax-carriage-return-text: #f6f8fa; --color-prettylights-syntax-carriage-return-bg: #cf222e; --color-prettylights-syntax-string-regexp: #116329; --color-prettylights-syntax-markup-list: #3b2300; --color-prettylights-syntax-markup-heading: #0550ae; --color-prettylights-syntax-markup-italic: #24292f; --color-prettylights-syntax-markup-bold: #24292f; --color-prettylights-syntax-markup-deleted-text: #82071e; --color-prettylights-syntax-markup-deleted-bg: #FFEBE9; --color-prettylights-syntax-markup-inserted-text: #116329; --color-prettylights-syntax-markup-inserted-bg: #dafbe1; --color-prettylights-syntax-markup-changed-text: #953800; --color-prettylights-syntax-markup-changed-bg: #ffd8b5; --color-prettylights-syntax-markup-ignored-text: #eaeef2; --color-prettylights-syntax-markup-ignored-bg: #0550ae; --color-prettylights-syntax-meta-diff-range: #8250df; --color-prettylights-syntax-brackethighlighter-angle: #57606a; --color-prettylights-syntax-sublimelinter-gutter-mark: #8c959f; --color-prettylights-syntax-constant-other-reference-link: #0a3069; --color-fg-default: #24292f; --color-fg-muted: #57606a; --color-fg-subtle: #6e7781; --color-canvas-default: #ffffff; --color-canvas-subtle: #f6f8fa; --color-border-default: #d0d7de; --color-border-muted: hsla(210,18%,87%,1); --color-neutral-muted: rgba(175,184,193,0.2); --color-accent-fg: #0969da; --color-accent-emphasis: #0969da; --color-attention-subtle: #fff8c5; --color-danger-fg: #cf222e; } [data-color-mode*='dark'], [data-color-mode*='dark'] body, markdown-style[theme*='dark'] { --color-prettylights-syntax-comment: #8b949e; --color-prettylights-syntax-constant: #79c0ff; --color-prettylights-syntax-entity: #d2a8ff; --color-prettylights-syntax-storage-modifier-import: #c9d1d9; --color-prettylights-syntax-entity-tag: #7ee787; --color-prettylights-syntax-keyword: #ff7b72; --color-prettylights-syntax-string: #a5d6ff; --color-prettylights-syntax-variable: #ffa657; --color-prettylights-syntax-brackethighlighter-unmatched: #f85149; --color-prettylights-syntax-invalid-illegal-text: #f0f6fc; --color-prettylights-syntax-invalid-illegal-bg: #8e1519; --color-prettylights-syntax-carriage-return-text: #f0f6fc; --color-prettylights-syntax-carriage-return-bg: #b62324; --color-prettylights-syntax-string-regexp: #7ee787; --color-prettylights-syntax-markup-list: #f2cc60; --color-prettylights-syntax-markup-heading: #1f6feb; --color-prettylights-syntax-markup-italic: #c9d1d9; --color-prettylights-syntax-markup-bold: #c9d1d9; --color-prettylights-syntax-markup-deleted-text: #ffdcd7; --color-prettylights-syntax-markup-deleted-bg: #67060c; --color-prettylights-syntax-markup-inserted-text: #aff5b4; --color-prettylights-syntax-markup-inserted-bg: #033a16; --color-prettylights-syntax-markup-changed-text: #ffdfb6; --color-prettylights-syntax-markup-changed-bg: #5a1e02; --color-prettylights-syntax-markup-ignored-text: #c9d1d9; --color-prettylights-syntax-markup-ignored-bg: #1158c7; --color-prettylights-syntax-meta-diff-range: #d2a8ff; --color-prettylights-syntax-brackethighlighter-angle: #8b949e; --color-prettylights-syntax-sublimelinter-gutter-mark: #484f58; --color-prettylights-syntax-constant-other-reference-link: #a5d6ff; --color-fg-default: #c9d1d9; --color-fg-muted: #8b949e; --color-fg-subtle: #484f58; --color-canvas-default: #0d1117; --color-canvas-subtle: #161b22; --color-border-default: #30363d; --color-border-muted: #21262d; --color-neutral-muted: rgba(110,118,129,0.4); --color-accent-fg: #58a6ff; --color-accent-emphasis: #1f6feb; --color-attention-subtle: rgba(187,128,9,0.15); --color-danger-fg: #f85149; } markdown-style { display: block; -webkit-text-size-adjust: 100%; font-family: -apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji"; font-size: 16px; line-height: 1.5; word-wrap: break-word; color: var(--color-fg-default); background-color: var(--color-canvas-default); } markdown-style details, markdown-style figcaption, markdown-style figure { display: block; } markdown-style summary { display: list-item; } markdown-style [hidden] { display: none !important; } markdown-style a { background-color: transparent; color: var(--color-accent-fg); text-decoration: none; } markdown-style a:active, markdown-style a:hover { outline-width: 0; } markdown-style abbr[title] { border-bottom: none; text-decoration: underline dotted; } markdown-style b, markdown-style strong { font-weight: 600; } markdown-style dfn { font-style: italic; } markdown-style h1 { margin: .67em 0; font-weight: 600; padding-bottom: .3em; font-size: 2em; border-bottom: 1px solid var(--color-border-muted); } markdown-style mark { background-color: var(--color-attention-subtle); color: var(--color-text-primary); } markdown-style small { font-size: 90%; } markdown-style sub, markdown-style sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; } markdown-style sub { bottom: -0.25em; } markdown-style sup { top: -0.5em; } markdown-style img { border-style: none; max-width: 100%; box-sizing: content-box; background-color: var(--color-canvas-default); } markdown-style code, markdown-style kbd, markdown-style pre, markdown-style samp { font-family: monospace,monospace; font-size: 1em; } markdown-style figure { margin: 1em 40px; } markdown-style hr { box-sizing: content-box; overflow: hidden; background: transparent; border-bottom: 1px solid var(--color-border-muted); height: .25em; padding: 0; margin: 24px 0; background-color: var(--color-border-default); border: 0; } markdown-style input { font: inherit; margin: 0; overflow: visible; font-family: inherit; font-size: inherit; line-height: inherit; } markdown-style [type=button], markdown-style [type=reset], markdown-style [type=submit] { -webkit-appearance: button; } markdown-style [type=button]::-moz-focus-inner, markdown-style [type=reset]::-moz-focus-inner, markdown-style [type=submit]::-moz-focus-inner { border-style: none; padding: 0; } markdown-style [type=button]:-moz-focusring, markdown-style [type=reset]:-moz-focusring, markdown-style [type=submit]:-moz-focusring { outline: 1px dotted ButtonText; } markdown-style [type=checkbox], markdown-style [type=radio] { box-sizing: border-box; padding: 0; } markdown-style [type=number]::-webkit-inner-spin-button, markdown-style [type=number]::-webkit-outer-spin-button { height: auto; } markdown-style [type=search] { -webkit-appearance: textfield; outline-offset: -2px; } markdown-style [type=search]::-webkit-search-cancel-button, markdown-style [type=search]::-webkit-search-decoration { -webkit-appearance: none; } markdown-style ::-webkit-input-placeholder { color: inherit; opacity: .54; } markdown-style ::-webkit-file-upload-button { -webkit-appearance: button; font: inherit; } markdown-style a:hover { text-decoration: underline; } markdown-style hr::before { display: table; content: ""; } markdown-style hr::after { display: table; clear: both; content: ""; } markdown-style table { border-spacing: 0; border-collapse: collapse; display: block; width: max-content; max-width: 100%; overflow: auto; } markdown-style td, markdown-style th { padding: 0; } markdown-style details summary { cursor: pointer; } markdown-style details:not([open])>*:not(summary) { display: none !important; } markdown-style kbd { display: inline-block; padding: 3px 5px; font: 11px ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace; line-height: 10px; color: var(--color-fg-default); vertical-align: middle; background-color: var(--color-canvas-subtle); border: solid 1px var(--color-neutral-muted); border-bottom-color: var(--color-neutral-muted); border-radius: 6px; box-shadow: inset 0 -1px 0 var(--color-neutral-muted); } markdown-style h1, markdown-style h2, markdown-style h3, markdown-style h4, markdown-style h5, markdown-style h6 { margin-top: 24px; margin-bottom: 16px; font-weight: 600; line-height: 1.25; } markdown-style h2 { font-weight: 600; padding-bottom: .3em; font-size: 1.5em; border-bottom: 1px solid var(--color-border-muted); } markdown-style h3 { font-weight: 600; font-size: 1.25em; } markdown-style h4 { font-weight: 600; font-size: 1em; } markdown-style h5 { font-weight: 600; font-size: .875em; } markdown-style h6 { font-weight: 600; font-size: .85em; color: var(--color-fg-muted); } markdown-style p { margin-top: 0; margin-bottom: 10px; } markdown-style blockquote { margin: 0; padding: 0 1em; color: var(--color-fg-muted); border-left: .25em solid var(--color-border-default); } markdown-style ul, markdown-style ol { margin-top: 0; margin-bottom: 0; padding-left: 2em; } markdown-style ol ol, markdown-style ul ol { list-style-type: lower-roman; } markdown-style ul ul ol, markdown-style ul ol ol, markdown-style ol ul ol, markdown-style ol ol ol { list-style-type: lower-alpha; } markdown-style dd { margin-left: 0; } markdown-style tt, markdown-style code { font-family: ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace; font-size: 12px; } markdown-style pre { margin-top: 0; margin-bottom: 0; font-family: ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace; font-size: 12px; word-wrap: normal; } markdown-style .octicon { display: inline-block; overflow: visible !important; vertical-align: text-bottom; fill: currentColor; } markdown-style ::placeholder { color: var(--color-fg-subtle); opacity: 1; } markdown-style input::-webkit-outer-spin-button, markdown-style input::-webkit-inner-spin-button { margin: 0; -webkit-appearance: none; appearance: none; }
|
||
markdown-style .token.comment, markdown-style .token.prolog, markdown-style .token.doctype, markdown-style .token.cdata { color: var(--color-prettylights-syntax-comment); } markdown-style .token.namespace { opacity: 0.7; } markdown-style .token.tag, markdown-style .token.selector, markdown-style .token.constant, markdown-style .token.symbol, markdown-style .token.deleted { color: var(--color-prettylights-syntax-entity-tag); } markdown-style .token.maybe-class-name { color: var(--color-prettylights-syntax-variable); } markdown-style .token.property-access, markdown-style .token.operator, markdown-style .token.boolean, markdown-style .token.number, markdown-style .token.selector markdown-style .token.class, markdown-style .token.attr-name, markdown-style .token.string, markdown-style .token.char, markdown-style .token.builtin { color: var(--color-prettylights-syntax-constant); } markdown-style .token.deleted { color: var(--color-prettylights-syntax-markup-deleted-text); } markdown-style .token.property { color: var(--color-prettylights-syntax-constant); } markdown-style .token.punctuation { color: var(--color-prettylights-syntax-markup-bold); } markdown-style .token.function { color: var(--color-prettylights-syntax-entity); } markdown-style .code-line .token.deleted { background-color: var(--color-prettylights-syntax-markup-deleted-bg); } markdown-style .token.inserted { color: var(--color-prettylights-syntax-markup-inserted-text); } markdown-style .code-line .token.inserted { background-color: var(--color-prettylights-syntax-markup-inserted-bg); } markdown-style .token.variable { color: var(--color-prettylights-syntax-constant); } markdown-style .token.entity, markdown-style .token.url, .language-css markdown-style .token.string, .style markdown-style .token.string { color: var(--color-prettylights-syntax-string); } markdown-style .token.color, markdown-style .token.atrule, markdown-style .token.attr-value, markdown-style .token.function, markdown-style .token.class-name { color: var(--color-prettylights-syntax-string); } markdown-style .token.rule, markdown-style .token.regex, markdown-style .token.important, markdown-style .token.keyword { color: var(--color-prettylights-syntax-keyword); } markdown-style .token.coord { color: var(--color-prettylights-syntax-meta-diff-range); } markdown-style .token.important, markdown-style .token.bold { font-weight: bold; } markdown-style .token.italic { font-style: italic; } markdown-style .token.entity { cursor: help; }
|
||
markdown-style [data-catalyst] { display: block; } markdown-style g-emoji { font-family: "Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol"; font-size: 1em; font-style: normal !important; font-weight: 400; line-height: 1; vertical-align: -0.075em; } markdown-style g-emoji img { width: 1em; height: 1em; } markdown-style::before { display: table; content: ""; } markdown-style::after { display: table; clear: both; content: ""; } markdown-style>*:first-child { margin-top: 0 !important; } markdown-style>*:last-child { margin-bottom: 0 !important; } markdown-style a:not([href]) { color: inherit; text-decoration: none; } markdown-style .absent { color: var(--color-danger-fg); } markdown-style a.anchor { float: left; padding-right: 4px; margin-left: -20px; line-height: 1; } markdown-style a.anchor:focus { outline: none; } markdown-style p, markdown-style blockquote, markdown-style ul, markdown-style ol, markdown-style dl, markdown-style table, markdown-style pre, markdown-style details { margin-top: 0; margin-bottom: 16px; } markdown-style blockquote>:first-child { margin-top: 0; } markdown-style blockquote>:last-child { margin-bottom: 0; } markdown-style sup>a::before { content: "["; } markdown-style sup>a::after { content: "]"; }
|
||
markdown-style .octicon-video { border: 1px solid #d0d7de !important; border-radius: 6px !important; display: block; } markdown-style .octicon-video summary { border-bottom: 1px solid #d0d7de !important; padding: 8px 16px !important; cursor: pointer; } markdown-style .octicon-video > video { display: block !important; max-width: 100% !important; padding: 2px; box-sizing: border-box; border-bottom-right-radius: 6px !important; border-bottom-left-radius: 6px !important; } markdown-style details.octicon-video:not([open])>*:not(summary) { display: none !important; } markdown-style details.octicon-video:not([open]) > summary { border-bottom: 0 !important; } markdown-style h1 .octicon-link, markdown-style h2 .octicon-link, markdown-style h3 .octicon-link, markdown-style h4 .octicon-link, markdown-style h5 .octicon-link, markdown-style h6 .octicon-link { color: var(--color-fg-default); vertical-align: middle; visibility: hidden; } markdown-style h1:hover .anchor, markdown-style h2:hover .anchor, markdown-style h3:hover .anchor, markdown-style h4:hover .anchor, markdown-style h5:hover .anchor, markdown-style h6:hover .anchor { text-decoration: none; } markdown-style h1:hover .anchor .octicon-link, markdown-style h2:hover .anchor .octicon-link, markdown-style h3:hover .anchor .octicon-link, markdown-style h4:hover .anchor .octicon-link, markdown-style h5:hover .anchor .octicon-link, markdown-style h6:hover .anchor .octicon-link { visibility: visible; } markdown-style h1 tt, markdown-style h1 code, markdown-style h2 tt, markdown-style h2 code, markdown-style h3 tt, markdown-style h3 code, markdown-style h4 tt, markdown-style h4 code, markdown-style h5 tt, markdown-style h5 code, markdown-style h6 tt, markdown-style h6 code { padding: 0 .2em; font-size: inherit; } markdown-style ul.no-list, markdown-style ol.no-list { padding: 0; list-style-type: none; } markdown-style ol[type="1"] { list-style-type: decimal; } markdown-style ol[type=a] { list-style-type: lower-alpha; } markdown-style ol[type=i] { list-style-type: lower-roman; } markdown-style div>ol:not([type]) { list-style-type: decimal; } markdown-style ul ul, markdown-style ul ol, markdown-style ol ol, markdown-style ol ul { margin-top: 0; margin-bottom: 0; } markdown-style li>p { margin-top: 16px; } markdown-style li+li { margin-top: .25em; } markdown-style dl { padding: 0; } markdown-style dl dt { padding: 0; margin-top: 16px; font-size: 1em; font-style: italic; font-weight: 600; } markdown-style dl dd { padding: 0 16px; margin-bottom: 16px; } markdown-style table th { font-weight: 600; } markdown-style table th, markdown-style table td { padding: 6px 13px; border: 1px solid var(--color-border-default); } markdown-style table tr { background-color: var(--color-canvas-default); border-top: 1px solid var(--color-border-muted); } markdown-style table tr:nth-child(2n) { background-color: var(--color-canvas-subtle); } markdown-style table img { background-color: transparent; vertical-align: middle; } markdown-style img[align=right] { padding-left: 20px; } markdown-style img[align=left] { padding-right: 20px; } markdown-style .emoji { max-width: none; vertical-align: text-top; background-color: transparent; } markdown-style span.frame { display: block; overflow: hidden; } markdown-style span.frame>span { display: block; float: left; width: auto; padding: 7px; margin: 13px 0 0; overflow: hidden; border: 1px solid var(--color-border-default); } markdown-style span.frame span img { display: block; float: left; } markdown-style span.frame span span { display: block; padding: 5px 0 0; clear: both; color: var(--color-fg-default); } markdown-style span.align-center { display: block; overflow: hidden; clear: both; } markdown-style span.align-center>span { display: block; margin: 13px auto 0; overflow: hidden; text-align: center; } markdown-style span.align-center span img { margin: 0 auto; text-align: center; } markdown-style span.align-right { display: block; overflow: hidden; clear: both; } markdown-style span.align-right>span { display: block; margin: 13px 0 0; overflow: hidden; text-align: right; } markdown-style span.align-right span img { margin: 0; text-align: right; } markdown-style span.float-left { display: block; float: left; margin-right: 13px; overflow: hidden; } markdown-style span.float-left span { margin: 13px 0 0; } markdown-style span.float-right { display: block; float: right; margin-left: 13px; overflow: hidden; } markdown-style span.float-right>span { display: block; margin: 13px auto 0; overflow: hidden; text-align: right; } markdown-style code, markdown-style tt { padding: .2em .4em; margin: 0; font-size: 85%; background-color: var(--color-neutral-muted); border-radius: 6px; } markdown-style code br, markdown-style tt br { display: none; } markdown-style del code { text-decoration: inherit; } markdown-style pre code { font-size: 100%; } markdown-style pre>code { padding: 0; margin: 0; word-break: normal; white-space: pre; background: transparent; border: 0; } markdown-style pre { position: relative; font-size: 85%; line-height: 1.45; background-color: var(--color-canvas-subtle); border-radius: 6px; } markdown-style pre code, markdown-style pre tt { display: inline; max-width: auto; padding: 0; margin: 0; overflow: visible; line-height: inherit; word-wrap: normal; background-color: transparent; border: 0; } markdown-style pre > code { padding: 16px; overflow: auto; display: block; } markdown-style .csv-data td, markdown-style .csv-data th { padding: 5px; overflow: hidden; font-size: 12px; line-height: 1; text-align: left; white-space: nowrap; } markdown-style .csv-data .blob-num { padding: 10px 8px 9px; text-align: right; background: var(--color-canvas-default); border: 0; } markdown-style .csv-data tr { border-top: 0; } markdown-style .csv-data th { font-weight: 600; background: var(--color-canvas-subtle); border-top: 0; } markdown-style .footnotes { font-size: 12px; color: var(--color-fg-muted); border-top: 1px solid var(--color-border-default); } markdown-style .footnotes ol { padding-left: 16px; } markdown-style .footnotes li { position: relative; } markdown-style .footnotes li:target::before { position: absolute; top: -8px; right: -8px; bottom: -8px; left: -24px; pointer-events: none; content: ""; border: 2px solid var(--color-accent-emphasis); border-radius: 6px; } markdown-style .footnotes li:target { color: var(--color-fg-default); } markdown-style .footnotes .data-footnote-backref g-emoji { font-family: monospace; } markdown-style .task-list-item { list-style-type: none; } markdown-style .task-list-item label { font-weight: 400; } markdown-style .task-list-item.enabled label { cursor: pointer; } markdown-style .task-list-item+.task-list-item { margin-top: 3px; } markdown-style .task-list-item .handle { display: none; } markdown-style .task-list-item-checkbox, markdown-style input[type="checkbox"] { margin: 0 .2em .25em -1.6em; vertical-align: middle; } markdown-style .contains-task-list:dir(rtl) .task-list-item-checkbox, markdown-style .contains-task-list:dir(rtl) input[type="checkbox"] { margin: 0 -1.6em .25em .2em; } markdown-style ::-webkit-calendar-picker-indicator { filter: invert(50%); }
|
||
</style>
|
||
<slot></slot>
|
||
`;
|
||
class MarkdownStyle extends HTMLElement {
|
||
constructor() {
|
||
super();
|
||
this.shadow = this.attachShadow({ mode: 'open' });
|
||
this.shadow.appendChild(__TEMPLATE__.content.cloneNode(true));
|
||
const style = Array.prototype.slice
|
||
.call(this.shadow.children)
|
||
.find((item) => item.tagName === 'STYLE');
|
||
if (style) {
|
||
const id = '__MARKDOWN_STYLE__';
|
||
const findStyle = document.getElementById(id);
|
||
if (!findStyle) {
|
||
style.id = id;
|
||
document.head.append(style);
|
||
}
|
||
}
|
||
}
|
||
get theme() {
|
||
const value = this.getAttribute('theme');
|
||
return value === null ? '' : value;
|
||
}
|
||
set theme(name) {
|
||
this.setAttribute('theme', name);
|
||
}
|
||
connectedCallback() {
|
||
if (!this.theme) {
|
||
const { colorMode } = document.documentElement.dataset;
|
||
this.theme = colorMode;
|
||
const observer = new MutationObserver((mutationsList, observer) => {
|
||
this.theme = document.documentElement.dataset.colorMode;
|
||
});
|
||
observer.observe(document.documentElement, { attributes: true });
|
||
window.matchMedia('(prefers-color-scheme: light)').onchange = (event) => {
|
||
this.theme = event.matches ? 'light' : 'dark';
|
||
};
|
||
window.matchMedia('(prefers-color-scheme: dark)').onchange = (event) => {
|
||
this.theme = event.matches ? 'dark' : 'light';
|
||
};
|
||
}
|
||
}
|
||
}
|
||
customElements.define('markdown-style', MarkdownStyle);</script><markdown-style style="max-width: 960px; margin: 0 auto 60px auto; padding: 8px;" class="markdown-style">
|
||
<h1 id="setfacl"><a class="anchor" aria-hidden="true" tabindex="-1" href="#setfacl"><span class="octicon octicon-link"></span></a>setfacl</h1>
|
||
<p>设置文件访问控制列表</p>
|
||
<h2 id="补充说明"><a class="anchor" aria-hidden="true" tabindex="-1" href="#补充说明"><span class="octicon octicon-link"></span></a>补充说明</h2>
|
||
<p><strong>setfacl命令</strong> 是用来在命令行里设置ACL(访问控制列表)。在命令行里,一系列的命令跟随以一系列的文件名。</p>
|
||
<h3 id="选项"><a class="anchor" aria-hidden="true" tabindex="-1" href="#选项"><span class="octicon octicon-link"></span></a>选项</h3>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1">-b,--remove-all:删除所有扩展的acl规则,基本的acl规则<span class="token punctuation">(</span>所有者,群组,其他)将被保留。
|
||
</span><span class="code-line line-number" line="2">-k,--remove-default:删除缺省的acl规则。如果没有缺省规则,将不提示。
|
||
</span><span class="code-line line-number" line="3">-n,--no-mask:不要重新计算有效权限。setfacl默认会重新计算ACL mask,除非mask被明确的制定。
|
||
</span><span class="code-line line-number" line="4">--mask:重新计算有效权限,即使ACL mask被明确指定。
|
||
</span><span class="code-line line-number" line="5">-d,--default:设定默认的acl规则。
|
||
</span><span class="code-line line-number" line="6"><span class="token parameter variable">--restore</span><span class="token operator">=</span>file:从文件恢复备份的acl规则(这些文件可由getfacl -R产生)。通过这种机制可以恢复整个目录树的acl规则。此参数不能和除--test以外的任何参数一同执行。
|
||
</span><span class="code-line line-number" line="7">--test:测试模式,不会改变任何文件的acl规则,操作后的acl规格将被列出。
|
||
</span><span class="code-line line-number" line="8">-R,--recursive:递归的对所有文件及目录进行操作。
|
||
</span><span class="code-line line-number" line="9">-L,--logical:跟踪符号链接,默认情况下只跟踪符号链接文件,跳过符号链接目录。
|
||
</span><span class="code-line line-number" line="10">-P,--physical:跳过所有符号链接,包括符号链接文件。
|
||
</span><span class="code-line line-number" line="11">--version:输出setfacl的版本号并退出。
|
||
</span><span class="code-line line-number" line="12">--help:输出帮助信息。
|
||
</span><span class="code-line line-number" line="13">--:标识命令行参数结束,其后的所有参数都将被认为是文件名
|
||
</span><span class="code-line line-number" line="14">-:如果文件名是-,则setfacl将从标准输入读取文件名。
|
||
</span></code><div onclick="copied(this)" data-code="-b,--remove-all:删除所有扩展的acl规则,基本的acl规则(所有者,群组,其他)将被保留。
|
||
-k,--remove-default:删除缺省的acl规则。如果没有缺省规则,将不提示。
|
||
-n,--no-mask:不要重新计算有效权限。setfacl默认会重新计算ACL mask,除非mask被明确的制定。
|
||
--mask:重新计算有效权限,即使ACL mask被明确指定。
|
||
-d,--default:设定默认的acl规则。
|
||
--restore=file:从文件恢复备份的acl规则(这些文件可由getfacl -R产生)。通过这种机制可以恢复整个目录树的acl规则。此参数不能和除--test以外的任何参数一同执行。
|
||
--test:测试模式,不会改变任何文件的acl规则,操作后的acl规格将被列出。
|
||
-R,--recursive:递归的对所有文件及目录进行操作。
|
||
-L,--logical:跟踪符号链接,默认情况下只跟踪符号链接文件,跳过符号链接目录。
|
||
-P,--physical:跳过所有符号链接,包括符号链接文件。
|
||
--version:输出setfacl的版本号并退出。
|
||
--help:输出帮助信息。
|
||
--:标识命令行参数结束,其后的所有参数都将被认为是文件名
|
||
-:如果文件名是-,则setfacl将从标准输入读取文件名。
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<ul>
|
||
<li>选项<code>-m</code>和<code>-x</code>后边跟以acl规则。多条acl规则以逗号(,)隔开。选项<code>-M</code>和<code>-X</code>用来从文件或标准输入读取acl规则。</li>
|
||
<li>选项<code>--set</code>和<code>--set-file</code>用来设置文件或目录的acl规则,先前的设定将被覆盖。</li>
|
||
<li>选项<code>-m(--modify)</code>和<code>-M(--modify-file)</code>选项修改文件或目录的acl规则。</li>
|
||
<li>选项<code>-x(--remove)</code>和<code>-X(--remove-file)</code>选项删除acl规则。</li>
|
||
</ul>
|
||
<p>当使用-M,-X选项从文件中读取规则时,setfacl接受getfacl命令输出的格式。每行至少一条规则,以#开始的行将被视为注释。</p>
|
||
<p>当在不支持ACLs的文件系统上使用setfacl命令时,setfacl将修改文件权限位。如果acl规则并不完全匹配文件权限位,setfacl将会修改文件权限位使其尽可能的反应acl规则,并会向standard error发送错误消息,以大于0的状态返回。</p>
|
||
<p><strong>权限</strong></p>
|
||
<p>文件的所有者以及有<code>CAP_FOWNER</code>的用户进程可以设置一个文件的acl。(在目前的linux系统上,root用户是唯一有<code>CAP_FOWNER</code>能力的用户)</p>
|
||
<p><strong>ACL规则</strong></p>
|
||
<p>setfacl命令可以识别以下的规则格式:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>d<span class="token punctuation">[</span>efault<span class="token punctuation">]</span>:<span class="token punctuation">]</span> <span class="token punctuation">[</span>u<span class="token punctuation">[</span>ser<span class="token punctuation">]</span>:<span class="token punctuation">]</span>uid <span class="token punctuation">[</span>:perms<span class="token punctuation">]</span> 指定用户的权限,文件所有者的权限(如果uid没有指定)。
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>d<span class="token punctuation">[</span>efault<span class="token punctuation">]</span>:<span class="token punctuation">]</span> g<span class="token punctuation">[</span>roup<span class="token punctuation">]</span>:gid <span class="token punctuation">[</span>:perms<span class="token punctuation">]</span> 指定群组的权限,文件所有群组的权限(如果gid未指定)
|
||
</span><span class="code-line line-number" line="3"><span class="token punctuation">[</span>d<span class="token punctuation">[</span>efault<span class="token punctuation">]</span>:<span class="token punctuation">]</span> m<span class="token punctuation">[</span>ask<span class="token punctuation">]</span><span class="token punctuation">[</span>:<span class="token punctuation">]</span> <span class="token punctuation">[</span>:perms<span class="token punctuation">]</span> 有效权限掩码
|
||
</span><span class="code-line line-number" line="4"><span class="token punctuation">[</span>d<span class="token punctuation">[</span>efault<span class="token punctuation">]</span>:<span class="token punctuation">]</span> o<span class="token punctuation">[</span>ther<span class="token punctuation">]</span> <span class="token punctuation">[</span>:perms<span class="token punctuation">]</span> 其他的权限
|
||
</span></code><div onclick="copied(this)" data-code="[d[efault]:] [u[ser]:]uid [:perms] 指定用户的权限,文件所有者的权限(如果uid没有指定)。
|
||
[d[efault]:] g[roup]:gid [:perms] 指定群组的权限,文件所有群组的权限(如果gid未指定)
|
||
[d[efault]:] m[ask][:] [:perms] 有效权限掩码
|
||
[d[efault]:] o[ther] [:perms] 其他的权限
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>恰当的acl规则被用在修改和设定的操作中,对于uid和gid,可以指定一个数字,也可指定一个名字。perms域是一个代表各种权限的字母的组合:读<code>-r</code>写<code>-w</code>执行<code>-x</code>,执行只适合目录和一些可执行的文件。pers域也可设置为八进制格式。</p>
|
||
<p><strong>自动创建的规则</strong></p>
|
||
<p>最初的,文件目录仅包含3个基本的acl规则。为了使规则能正常执行,需要满足以下规则。</p>
|
||
<ul>
|
||
<li>3个基本规则不能被删除。</li>
|
||
<li>任何一条包含指定的用户名或群组名的规则必须包含有效的权限组合。</li>
|
||
<li>任何一条包含缺省规则的规则在使用时,缺省规则必须存在。</li>
|
||
</ul>
|
||
<p><strong>ACL的名词定义</strong></p>
|
||
<p>先来看看在ACL里面每一个名词的定义,这些名词我大多从man page上摘下来虽然有些枯燥,但是对于理解下面的内容还是很有帮助的。</p>
|
||
<p>ACL是由一系列的Access Entry所组成的,每一条Access Entry定义了特定的类别可以对文件拥有的操作权限。Access Entry有三个组成部分:Entry tag type, qualifier (optional), permission。</p>
|
||
<p>我们先来看一下最重要的Entry tag type,它有以下几个类型:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1">ACL_USER_OBJ:相当于Linux里file_owner的permission
|
||
</span><span class="code-line line-number" line="2">ACL_USER:定义了额外的用户可以对此文件拥有的permission
|
||
</span><span class="code-line line-number" line="3">ACL_GROUP_OBJ:相当于Linux里group的permission
|
||
</span><span class="code-line line-number" line="4">ACL_GROUP:定义了额外的组可以对此文件拥有的permission
|
||
</span><span class="code-line line-number" line="5">ACL_MASK:定义了ACL_USER, ACL_GROUP_OBJ和ACL_GROUP的最大权限 <span class="token punctuation">(</span>这个我下面还会专门讨论<span class="token punctuation">)</span>
|
||
</span><span class="code-line line-number" line="6">ACL_OTHER:相当于Linux里other的permission
|
||
</span></code><div onclick="copied(this)" data-code="ACL_USER_OBJ:相当于Linux里file_owner的permission
|
||
ACL_USER:定义了额外的用户可以对此文件拥有的permission
|
||
ACL_GROUP_OBJ:相当于Linux里group的permission
|
||
ACL_GROUP:定义了额外的组可以对此文件拥有的permission
|
||
ACL_MASK:定义了ACL_USER, ACL_GROUP_OBJ和ACL_GROUP的最大权限 (这个我下面还会专门讨论)
|
||
ACL_OTHER:相当于Linux里other的permission
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>让我们来据个例子说明一下,下面我们就用getfacl命令来查看一个定义好了的ACL文件:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl ./test.txt</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token comment"># file: test.txt</span>
|
||
</span><span class="code-line line-number" line="3"><span class="token comment"># owner: root</span>
|
||
</span><span class="code-line line-number" line="4"><span class="token comment"># group: admin</span>
|
||
</span><span class="code-line line-number" line="5">user::rw-
|
||
</span><span class="code-line line-number" line="6">user:john:rw-
|
||
</span><span class="code-line line-number" line="7">group::rw-
|
||
</span><span class="code-line line-number" line="8">group:dev:r--
|
||
</span><span class="code-line line-number" line="9">mask::rw- other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# getfacl ./test.txt
|
||
# file: test.txt
|
||
# owner: root
|
||
# group: admin
|
||
user::rw-
|
||
user:john:rw-
|
||
group::rw-
|
||
group:dev:r--
|
||
mask::rw- other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>前面三个以#开头的定义了文件名,file owner和group。这些信息没有太大的作用,接下来我们可以用<code>--omit-header</code>来省略掉。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1">user::rw- 定义了ACL_USER_OBJ, 说明file owner拥有read and <span class="token function">write</span> permission
|
||
</span><span class="code-line line-number" line="2">user:john:rw- 定义了ACL_USER,这样用户john就拥有了对文件的读写权限,实现了我们一开始要达到的目的
|
||
</span><span class="code-line line-number" line="3">group::rw- 定义了ACL_GROUP_OBJ,说明文件的group拥有read and <span class="token function">write</span> permission
|
||
</span><span class="code-line line-number" line="4">group:dev:r-- 定义了ACL_GROUP,使得dev组拥有了对文件的read permission
|
||
</span><span class="code-line line-number" line="5">mask::rw- 定义了ACL_MASK的权限为read and <span class="token function">write</span>
|
||
</span><span class="code-line line-number" line="6">other::r-- 定义了ACL_OTHER的权限为read
|
||
</span></code><div onclick="copied(this)" data-code="user::rw- 定义了ACL_USER_OBJ, 说明file owner拥有read and write permission
|
||
user:john:rw- 定义了ACL_USER,这样用户john就拥有了对文件的读写权限,实现了我们一开始要达到的目的
|
||
group::rw- 定义了ACL_GROUP_OBJ,说明文件的group拥有read and write permission
|
||
group:dev:r-- 定义了ACL_GROUP,使得dev组拥有了对文件的read permission
|
||
mask::rw- 定义了ACL_MASK的权限为read and write
|
||
other::r-- 定义了ACL_OTHER的权限为read
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>从这里我们就可以看出ACL提供了我们可以定义特定用户和用户组的功能,那么接下来我们就来看一下如何设置一个文件的ACL:</p>
|
||
<p><strong>如何设置ACL文件</strong></p>
|
||
<p>首先我们还是要讲一下设置ACL文件的格式,从上面的例子中我们可以看到每一个Access Entry都是由三个被:号分隔开的字段所组成,第一个就是Entry tag type。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1">user 对应了ACL_USER_OBJ和ACL_USER
|
||
</span><span class="code-line line-number" line="2">group 对应了ACL_GROUP_OBJ和ACL_GROUP
|
||
</span><span class="code-line line-number" line="3">mask 对应了ACL_MASK
|
||
</span><span class="code-line line-number" line="4">other 对应了ACL_OTHER
|
||
</span></code><div onclick="copied(this)" data-code="user 对应了ACL_USER_OBJ和ACL_USER
|
||
group 对应了ACL_GROUP_OBJ和ACL_GROUP
|
||
mask 对应了ACL_MASK
|
||
other 对应了ACL_OTHER
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>第二个字段称之为qualifier,也就是上面例子中的john和dev组,它定义了特定用户和拥护组对于文件的权限。这里我们也可以发现只有user和group才有qualifier,其他的都为空。第三个字段就是我们熟悉的permission了。它和Linux的permission一样定义,这里就不多讲了。</p>
|
||
<p>下面我们就来看一下怎么设置test.txt这个文件的ACL让它来达到我们上面的要求。</p>
|
||
<p>一开始文件没有ACL的额外属性:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l</span>
|
||
</span><span class="code-line line-number" line="2">-rw-rw-r-- <span class="token number">1</span> root admin <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">22</span>:06 test.txt
|
||
</span><span class="code-line line-number" line="3">
|
||
</span><span class="code-line line-number" line="4"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./test.txt</span>
|
||
</span><span class="code-line line-number" line="5">user::rw- group::rw- other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# ls -l
|
||
-rw-rw-r-- 1 root admin 0 Jul 3 22:06 test.txt
|
||
|
||
[root@localhost ~]# getfacl --omit-header ./test.txt
|
||
user::rw- group::rw- other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>我们先让用户john拥有对test.txt文件的读写权限:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># setfacl -m user:john:rw- ./test.txt</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./test.txt</span>
|
||
</span><span class="code-line line-number" line="3">user::rw-
|
||
</span><span class="code-line line-number" line="4">user:john:rw-
|
||
</span><span class="code-line line-number" line="5">group::rw-
|
||
</span><span class="code-line line-number" line="6">mask::rw-
|
||
</span><span class="code-line line-number" line="7">other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# setfacl -m user:john:rw- ./test.txt
|
||
[root@localhost ~]# getfacl --omit-header ./test.txt
|
||
user::rw-
|
||
user:john:rw-
|
||
group::rw-
|
||
mask::rw-
|
||
other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这时我们就可以看到john用户在ACL里面已经拥有了对文件的读写权。这个时候如果我们查看一下linux的permission我们还会发现一个不一样的地方。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l ./test.txt</span>
|
||
</span><span class="code-line line-number" line="2">-rw-rw-r--+ <span class="token number">1</span> root admin <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">22</span>:06 ./test.txt
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# ls -l ./test.txt
|
||
-rw-rw-r--+ 1 root admin 0 Jul 3 22:06 ./test.txt
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>在文件permission的最后多了一个+号,当任何一个文件拥有了ACL_USER或者ACL_GROUP的值以后我们就可以称它为ACL文件,这个+号就是用来提示我们的。我们还可以发现当一个文件拥有了<code>ACL_USER</code>或者<code>ACL_GROUP</code>的值时<code>ACL_MASK</code>同时也会被定义。</p>
|
||
<p>接下来我们来设置dev组拥有read permission:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># setfacl -m group:dev:r-- ./test.txt</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./test.txt</span>
|
||
</span><span class="code-line line-number" line="3">user::rw-
|
||
</span><span class="code-line line-number" line="4">user:john:rw-
|
||
</span><span class="code-line line-number" line="5">group::rw-
|
||
</span><span class="code-line line-number" line="6">group:dev:r--
|
||
</span><span class="code-line line-number" line="7">mask::rw-
|
||
</span><span class="code-line line-number" line="8">other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# setfacl -m group:dev:r-- ./test.txt
|
||
[root@localhost ~]# getfacl --omit-header ./test.txt
|
||
user::rw-
|
||
user:john:rw-
|
||
group::rw-
|
||
group:dev:r--
|
||
mask::rw-
|
||
other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>到这里就完成了我们上面讲到的要求,是不是很简单呢。</p>
|
||
<p><strong>ACL_MASK和Effective permission</strong></p>
|
||
<p>这里需要重点讲一下<code>ACL_MASK</code>,因为这是掌握ACL的另一个关键,在Linux file permission里面大家都知道比如对于<code>rw-rw-r--</code>来说, 当中的那个<code>rw-</code>是指文件组的permission. 但是在ACL里面这种情况只是在<code>ACL_MASK</code>不存在的情况下成立。如果文件有ACL_MASK值,那么当中那个<code>rw-</code>代表的就是mask值而不再是group permission了。</p>
|
||
<p>让我们来看下面这个例子:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l</span>
|
||
</span><span class="code-line line-number" line="2">-rwxrw-r-- <span class="token number">1</span> root admin <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">23</span>:10 test.sh
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# ls -l
|
||
-rwxrw-r-- 1 root admin 0 Jul 3 23:10 test.sh
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这里说明test.sh文件只有file owner: root拥有read, write, execute/search permission。admin组只有read and write permission,现在我们想让用户john也对test.sh具有和root一样的permission。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># setfacl -m user:john:rwx ./test.sh</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./test.sh</span>
|
||
</span><span class="code-line line-number" line="3">user::rwx user:john:rwx
|
||
</span><span class="code-line line-number" line="4">group::rw-
|
||
</span><span class="code-line line-number" line="5">mask::rwx
|
||
</span><span class="code-line line-number" line="6">other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# setfacl -m user:john:rwx ./test.sh
|
||
[root@localhost ~]# getfacl --omit-header ./test.sh
|
||
user::rwx user:john:rwx
|
||
group::rw-
|
||
mask::rwx
|
||
other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这里我们看到john已经拥有了rwx的permission,mask值也被设定为rwx,那是因为它规定了<code>ACL_USER</code>,<code>ACL_GROUP</code>和<code>ACL_GROUP_OBJ</code>的最大值,现在我们再来看test.sh的Linux permission,它已经变成了:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l</span>
|
||
</span><span class="code-line line-number" line="2">-rwxrwxr--+ <span class="token number">1</span> root admin <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">23</span>:10 test.sh
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# ls -l
|
||
-rwxrwxr--+ 1 root admin 0 Jul 3 23:10 test.sh
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>那么如果现在admin组的用户想要执行test.sh的程序会发生什么情况呢?它会被permission deny。原因在于实际上admin组的用户只有read and write permission,这里当中显示的rwx是<code>ACL_MASK</code>的值而不是group的permission。</p>
|
||
<p>所以从这里我们就可以知道,如果一个文件后面有+标记,我们都需要用getfacl来确认它的permission,以免发生混淆。</p>
|
||
<p>下面我们再来继续看一个例子,假如现在我们设置test.sh的mask为read only,那么admin组的用户还会有write permission吗?</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># setfacl -m mask::r-- ./test.sh</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./test.sh</span>
|
||
</span><span class="code-line line-number" line="3">user::rwx
|
||
</span><span class="code-line line-number" line="4">user:john:rwx <span class="token comment">#effective:r--</span>
|
||
</span><span class="code-line line-number" line="5">group::rw- <span class="token comment">#effective:r--</span>
|
||
</span><span class="code-line line-number" line="6">mask::r--
|
||
</span><span class="code-line line-number" line="7">other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# setfacl -m mask::r-- ./test.sh
|
||
[root@localhost ~]# getfacl --omit-header ./test.sh
|
||
user::rwx
|
||
user:john:rwx #effective:r--
|
||
group::rw- #effective:r--
|
||
mask::r--
|
||
other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这时候我们可以看到ACL_USER和ACL_GROUP_OBJ旁边多了个#effective:r--,这是什么意思呢?让我们再来回顾一下<code>ACL_MASK</code>的定义。它规定了<code>ACL_USER</code>,<code>ACL_GROUP_OBJ</code>和<code>ACL_GROUP</code>的最大权限。那么在我们这个例子中他们的最大权限也就是read only。虽然我们这里给<code>ACL_USER</code>和<code>ACL_GROUP_OBJ</code>设置了其他权限,但是他们真正有效果的只有read权限。</p>
|
||
<p>这时我们再来查看test.sh的Linux file permission时它的group permission也会显示其mask的值(i.e. r--)</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l</span>
|
||
</span><span class="code-line line-number" line="2">-rwxr--r--+ <span class="token number">1</span> root admin <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">23</span>:10 test.sh
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# ls -l
|
||
-rwxr--r--+ 1 root admin 0 Jul 3 23:10 test.sh
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p><strong>Default ACL</strong></p>
|
||
<p>上面我们所有讲的都是Access ACL,也就是对文件而言。下面我简单讲一下Default ACL。Default ACL是指对于一个目录进行Default ACL设置,并且在此目录下建立的文件都将继承此目录的ACL。</p>
|
||
<p>同样我们来做一个试验说明,比如现在root用户建立了一个dir目录:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># mkdir dir</span>
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# mkdir dir
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>他希望所有在此目录下建立的文件都可以被john用户所访问,那么我们就应该对dir目录设置Default ACL。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># setfacl -d -m user:john:rw ./dir</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./dir</span>
|
||
</span><span class="code-line line-number" line="3">user::rwx
|
||
</span><span class="code-line line-number" line="4">group::rwx
|
||
</span><span class="code-line line-number" line="5">other::r-x
|
||
</span><span class="code-line line-number" line="6">default:user::rwx
|
||
</span><span class="code-line line-number" line="7">default:user:john:rwx
|
||
</span><span class="code-line line-number" line="8">default:group::rwx
|
||
</span><span class="code-line line-number" line="9">default:mask::rwx
|
||
</span><span class="code-line line-number" line="10">default: other::r-x
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# setfacl -d -m user:john:rw ./dir
|
||
[root@localhost ~]# getfacl --omit-header ./dir
|
||
user::rwx
|
||
group::rwx
|
||
other::r-x
|
||
default:user::rwx
|
||
default:user:john:rwx
|
||
default:group::rwx
|
||
default:mask::rwx
|
||
default: other::r-x
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这里我们可以看到ACL定义了default选项,john用户拥有了default的read, write, excute/search permission。所有没有定义的default都将从file permission里copy过来,现在root用户在dir下建立一个test.txt文件。</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># touch ./dir/test.txt</span>
|
||
</span><span class="code-line line-number" line="2"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># ls -l ./dir/test.txt</span>
|
||
</span><span class="code-line line-number" line="3">-rw-rw-r--+ <span class="token number">1</span> root root <span class="token number">0</span> Jul <span class="token number">3</span> <span class="token number">23</span>:46 ./dir/test.txt
|
||
</span><span class="code-line line-number" line="4">
|
||
</span><span class="code-line line-number" line="5"><span class="token punctuation">[</span>root@localhost ~<span class="token punctuation">]</span><span class="token comment"># getfacl --omit-header ./dir/test.txt</span>
|
||
</span><span class="code-line line-number" line="6">user::rw-
|
||
</span><span class="code-line line-number" line="7">user:john:rw-
|
||
</span><span class="code-line line-number" line="8">group::rwx <span class="token comment">#effective:rw-</span>
|
||
</span><span class="code-line line-number" line="9">mask::rw-
|
||
</span><span class="code-line line-number" line="10">other::r--
|
||
</span></code><div onclick="copied(this)" data-code="[root@localhost ~]# touch ./dir/test.txt
|
||
[root@localhost ~]# ls -l ./dir/test.txt
|
||
-rw-rw-r--+ 1 root root 0 Jul 3 23:46 ./dir/test.txt
|
||
|
||
[root@localhost ~]# getfacl --omit-header ./dir/test.txt
|
||
user::rw-
|
||
user:john:rw-
|
||
group::rwx #effective:rw-
|
||
mask::rw-
|
||
other::r--
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>这里我们看到在dir下建立的文件john用户自动就有了read and write permission,</p>
|
||
<p><strong>ACL相关命令</strong></p>
|
||
<p>前面的例子中我们都注意到了getfacl命令是用来读取文件的ACL,setfacl是用来设定文件的Acess ACL。这里还有一个chacl是用来改变文件和目录的Access ACL and Default ACL,它的具体参数大家可以去看man page。我只想提及一下<code>chacl -B</code>。它可以彻底删除文件或者目录的ACL属性(包括Default ACL),比如你即使用了<code>setfacl -x</code>删除了所有文件的ACL属性,那个+号还是会出现在文件的末尾,所以正确的删除方法应该是用<code>chacl -B</code>用cp来复制文件的时候我们现在可以加上<code>-p</code>选项。这样在拷贝文件的时候也将拷贝文件的ACL属性,对于不能拷贝的ACL属性将给出警告。</p>
|
||
<p>mv命令将会默认地移动文件的ACL属性,同样如果操作不允许的情况下会给出警告。</p>
|
||
<p><strong>需要注意的几点</strong></p>
|
||
<p>如果你的文件系统不支持ACL的话,你也许需要重新mount你的file system:</p>
|
||
<pre class="language-shell"><code class="language-shell code-highlight"><span class="code-line line-number" line="1"><span class="token function">mount</span> <span class="token parameter variable">-o</span> remount, acl <span class="token punctuation">[</span>mount point<span class="token punctuation">]</span>
|
||
</span></code><div onclick="copied(this)" data-code="mount -o remount, acl [mount point]
|
||
" class="copied"><svg class="octicon-copy" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg><svg class="octicon-check" aria-hidden="true" viewBox="0 0 16 16" fill="currentColor" height="12" width="12"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></div></pre>
|
||
<p>如果用chmod命令改变Linux file permission的时候相应的ACL值也会改变,反之改变ACL的值,相应的file permission也会改变。</p>
|
||
<style>markdown-style pre .copied {
|
||
display: flex;
|
||
position: absolute;
|
||
cursor: pointer;
|
||
color: #a5afbb;
|
||
top: 6px;
|
||
right: 6px;
|
||
border-radius: 5px;
|
||
background: #82828226;
|
||
padding: 6px;
|
||
font-size: 12px;
|
||
transition: all .3s;
|
||
}
|
||
markdown-style pre .copied:not(.active) {
|
||
visibility: hidden;
|
||
}
|
||
markdown-style pre:hover .copied {
|
||
visibility: visible;
|
||
}
|
||
markdown-style pre:hover .copied:hover {
|
||
background: #4caf50;
|
||
color: #fff;
|
||
}
|
||
markdown-style pre:hover .copied:active,
|
||
markdown-style pre .copied.active {
|
||
background: #2e9b33;
|
||
color: #fff;
|
||
}
|
||
markdown-style pre .copied .octicon-copy {
|
||
display: block;
|
||
}
|
||
markdown-style pre .copied .octicon-check {
|
||
display: none;
|
||
}
|
||
markdown-style pre .active .octicon-copy {
|
||
display: none;
|
||
}
|
||
markdown-style pre .active .octicon-check {
|
||
display: block;
|
||
}</style><script>/*! @uiw/copy-to-clipboard v1.0.12 | MIT (c) 2021 Kenny Wang | https://github.com/uiwjs/copy-to-clipboard.git */
|
||
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).copyTextToClipboard=t()}(this,(function(){"use strict";return function(e,t){const o=document.createElement("textarea");o.value=e,o.setAttribute("readonly",""),o.style={position:"absolute",left:"-9999px"},document.body.appendChild(o);const n=document.getSelection().rangeCount>0&&document.getSelection().getRangeAt(0);o.select();let c=!1;try{c=!!document.execCommand("copy")}catch(e){c=!1}document.body.removeChild(o),n&&document.getSelection&&(document.getSelection().removeAllRanges(),document.getSelection().addRange(n)),t&&t(c)}}));
|
||
|
||
function copied(target, str) {
|
||
target.classList.add('active');
|
||
copyTextToClipboard(target.dataset.code, function() {
|
||
setTimeout(() => {
|
||
target.classList.remove('active');
|
||
}, 2000);
|
||
});
|
||
}</script></markdown-style>
|
||
|
||
</div>
|
||
<!-- Linux命令行搜索引擎:https://jaywcjlove.github.io/linux-command/ -->
|
||
<div class="footer ">
|
||
<a target="_blank" href="https://github.com/jaywcjlove/linux-command/new/master/command">添加命令</a> |
|
||
<a href="../hot.html">命令列表</a> |
|
||
<a href="https://github.com/jaywcjlove/oscnews" target="_blank">Chrome 插件</a> |
|
||
<a href="https://github.com/jaywcjlove/linux-command/releases" target="_blank">Alfred</a> |
|
||
<a href="https://jaywcjlove.github.io/linux-command/linux-command.docset.zip" target="_blank">Dash</a> |
|
||
<a href="https://github.com/roachsinai/krunner-linuxcommands" target="_blank">Krunner</a> |
|
||
<a href="http://jaywcjlove.gitee.io/linux-command/" target="_blank">开源中国Web版</a>
|
||
<br />
|
||
<a href="https://jaywcjlove.github.io/#/sponsor" target="_blank">打赏捐赠</a> |
|
||
<a href="https://github.com/jaywcjlove/linux-command" target="_blank">Github</a> |
|
||
<a href="https://jaywcjlove.github.io/linux-command/" target="_blank">短地址:https://git.io/linux</a>
|
||
<div>
|
||
收藏本站请使用 Ctrl+D 或者Command+d
|
||
<br />
|
||
共搜集到
|
||
<span id="commands_info">
|
||
611
|
||
</span> 个Linux命令,超过 <a href="../contributors.html">50+</a> 贡献者
|
||
</div>
|
||
<div>
|
||
<a target="_blank" href="../contributors.html#镜像网站">镜像网站</a>列表,
|
||
<a href="https://github.com/jaywcjlove/linux-command/issues/649" target="_blank">推荐</a>自己的镜像网站
|
||
</div>
|
||
</div>
|
||
<script type="text/javascript" src="../js/dt.js?v=1752771430402"></script>
|
||
<script type="text/javascript" src="../js/index.js?v=1752771430402"></script>
|
||
</body>
|
||
</html> |