setfacl -m <rules> <files>
rules的格式如下,多条规则间可用逗号分隔。
u:uid:perms #为用户设置ACL,perms为r、w、x的组合
g:gid:perms #为组设置ACL
o:perms #为其它组设置ACL
m:perms #设置有效权限屏蔽
[root@local ~]# cd /home/
[root@local home]# mkdir test
[root@local home]# ll
total 12
drwxr-xr-x 2 root root 4096 2007-11-20 10:20 test
此时userman用户操作
[userman@local ~]$ cd /home/ (有权限进入)
[root@local home]# chmod 700 ./test/
[root@local home]# ll
total 12
drwx—— 2 root root 4096 2007-11-20 10:20 test
此时userman用户操作
[userman@local home]$ cd test/
-bash: cd: test/: Permission denied (无权限进入)
[root@local home]# getfacl test/ (查看当前test目录访问权限)
# file: test
# owner: root
# group: root
user::rwx
group::—
other::—
[root@local home]# setfacl -m u:userman:rwx test/ (root为test目录新增userman的读写访问权限)
[root@local home]# getfacl test/ (查看当前test目录访问权限,下面多了一条userman的权限)
# file: test
# owner: root
# group: root
user::rwx
user:userman:rwx
group::—
mask::rwx
other::—
此时userman用户操作
[userman@local ~]$ cd /home/ (有权限进入)