Versions Compared

Old Version 7

changes.mady.by.user Luca Marsella (CSCS)

Saved on

compared with

New Version Current

changes.mady.by.user Marco Passerini (CSCS)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In traditional POSIX, access permissions are granted to user/group/other in mode read/write/execute. You can check these permissions of a folder test with The permissions can be checked with the -l  option of the command ls. For instance, if user1 owns the folder test, the output would be the following: 

Code Block
languagebash
themeRDark
$ ls -lahd test/
drwxr-xr-x 2 pasmarcouser1 csstaff 4.0K Feb 23 13:46 test/

ACLs are an extension of these permissions to give one or more users or groups access to your data. You can list the current The ACLs on a folder the test folder of user1 can be shown with the command getfacl:

Code Block
languagebash
themeRDark
$ getfacl test
# file: test
# owner: pasmarcouser1
# group: csstaff
user::rwx
group::r-x
other::r-x

The command setfacl can add users or groups to read/write/execute on a selected file or folder using the option -M (--modify-file)  or -m (--modify) to modify the ACL of a file or directory:     

Code Block
languagebash
themeRDark
$ setfacl -m user:<username>user2:rw test/

$ getfacl test/
# file: test
# owner: pasmarcouser1
# group: csstaff
user::rwx
user:<username>user2:rw
group::r-x
mask::rwx
other::r-x

The In the example above will give the selected <username> user2 will be granted read and write access to the folder test. The the test folder owned by user1. The -X (--remove-file) and  -x (--remove) options instead will remove ACL entries (it is not an error to remove an entry which does not exist)instead:

Code Block
languagebash
themeRDark
$ setfacl -x user:<username>user2 test/

$ getfacl test/
# file: test
# owner: pasmarcouser1
# group: csstaff
user::rwx
group::r-x
mask::rwx
other::r-x

You Access rights can also grant permissions be granted recursively to a folder and its children (if they exist) using the option -R, --recursive.  Note this applies only to existing files. New files created in there won't inherhit the permissions. If you want that all new files created inside a specific folder inherit the permissions, you need to configure the default ACLs with the option

Code Block
languagebash
themeRDark
$ setfacl -R -m user:user2 test

$ getfacl test/subdir
# file: test/subdir
# owner: user1
# group: csstaff
user::rwx
user:user2:rwx
group::---
group:csstaff:r-x
mask::rwx
other::---

If you wish to set up a default so all newly created folders and dirs inside or your desired path will inherit the permissions, you can use the -d, --default: option.

Code Block
languagebash
themeRDark
$ setfacl -dm user:<username>user2:rw test/

$ getfacl test
# file: test
# owner: pasmarcouser1
# group: csstaff
user::rwx
user:<username>:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:<username>user2:rw
default:group::r-x
default:mask::rwx
default:other::r-x

...