"Physical walk": do not follow symbolic links to directories. This option cannot be mixed with " -restore". The default behavior is to follow symbolic link arguments, and skip symbolic links encountered in subdirectories. "Logical walk": follow symbolic links to directories. Instead of changing the ACLs of any files, the resulting ACLs are listed.Īpply operations to all files and directories recursively. This option cannot be mixed with other options except " -test". If the input contains flags comments (which define the setuid, setgid, and sticky bits), setfacl sets those three bits accordingly otherwise, it clears them. If the input contains owner comments or group comments, setfacl attempts to restore the owner and owning group. All permissions of a complete directory subtree are restored using this mechanism. Restore a permission backup created by " getfacl -R" or similar. Default ACL entries in the input set are discarded. Regular ACL entries in the input set are promoted to Default ACL entries. (See the -n option.)Īll operations apply to the Default ACL. (These are exactly the entries affected by the mask entry).ĭo recalculate the effective rights mask, even if an ACL mask entry was explicitly given. The mask entry is set to the union of all permissions of the owning group, and all named user and group entries. The default behavior of setfacl is to recalculate the ACL mask entry, unless a mask entry was explicitly given. If no Default ACL exists, no warnings are issued.ĭo not recalculate the effective rights mask. The base ACL entries of the owner, group and others are retained. On current Linux systems, root is the only user with the CAP_FOWNER capability, so you must be the superuser to use setfacl if you are not the owner of the file. The file owner and processes capable of CAP_FOWNER are granted the right to modify ACLs of a file, which is analogous to the permissions required for accessing the file mode. If the ACL does not fit completely in the permission bits, setfacl modifies the file mode permission bits to reflect the ACL as closely as possible, writes an error message to standard error, and returns with an exit status greater than 0. If setfacl is used on a file system which does not support ACLs, setfacl operates on the file mode permission bits. After a pound sign (" #"), everything up to the end of the line is treated as a comment. When reading from files using the -M and -X options, setfacl accepts the output produced by getfacl. Only ACL entries without the perms field are accepted as parameters, unless the POSIXLY_CORRECT environment variable is defined. It is not an error to remove an entry which does not exist. The -x ( -remove) and -X ( -remove-file) options remove ACL entries. ACL entries for this operation must include permissions. The -m ( -modify) and -M ( -modify-file) options modify the ACL of a file or directory.
The -set and -set-file options set the ACL of a file or a directory. The ACL entry format is described in the ACL entries section, below. The options -M and -X read an ACL from a file or from standard input. Multiple ACL entries are separated by commas (" ,"). The options -m and -x expect an ACL on the command line.
On the command line, a sequence of commands is followed by a sequence of files (which in turn can be followed by another sequence of commands, and so on). The setfacl utility sets ACLs (Access Control Lists) of files and directories.
0 kommentar(er)
