os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Explain how to add, remove, and modify ACL entries.

Browse source
This commit is contained in:
Tom Rhodes 2003-10-03 18:45:03 +00:00
parent 40e3d188fb
commit 60c2366387
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=18314
1 changed files with 40 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

39
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -5331,6 +5331,45 @@ drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
<filename>directory2</filename>, and <filename>directory3</filename> <filename>directory2</filename>, and <filename>directory3</filename>
directories are all taking advantage of <acronym>ACLs</acronym>. The directories are all taking advantage of <acronym>ACLs</acronym>. The
<filename>public_html</filename> directory is not.</para> <filename>public_html</filename> directory is not.</para>
<sect2>
<title>Making Use of <acronym>ACL</acronym>s</title>
<para>The file system <acronym>ACL</acronym>s can be viewed by the
&man.getfacl.1; utility. For instance, to view the
<acronym>ACL</acronym> settings on the <filename>test</filename>
file, one would use the command:</para>
<screen>%<userinput>getfacl <filename>test</filename></userinput>
#file:test
#owner:1001
#group:1001
user::rw-
group::r--
other::r--</screen>
<para>To change the <acronym>ACL</acronym> settings on this file,
invoke the &man.setfacl.1; utility. Observe:</para>
<screen>%<userinput>setfacl -k <filename>test</filename></userinput></screen>
<para>The <literal>-k</literal> flag will remove all of the
currently defined <acronym>ACL</acronym>s from a file or file
system. The more preferable method would be to use
<literal>-b</literal> as it leaves the basic fields required for
<acronym>ACL</acronym>s to work.</para>
<screen>%<userinput>-m u:trhodes:rwx,group:web:r--,o::--- <filename>test</filename></userinput></screen>
<para>In the aforementioned command, the <literal>-m</literal>
option was used to modify the default <acronym>ACL</acronym>
entries. Since there were no pre-defined entries, as they were
removed by the previous command, this will restore the default
options and assign the options listed. Take care to notice that
if you add a user or group which does not exist on the system,
an <errorname>Invalid argument</errorname> error will be printed
to <devicename>stdout</devicename>.</para>
</sect2>
</sect1> </sect1>
</chapter> </chapter>