Unix & Linux Asked by Rogach on November 9, 2021
For example, I want to give my colleagues write access to certain directory. Let’s assume that subdirectories in it had access rights 775, files 664, and also there were some executable files in the dir – 775.
Now I want to add write permissions. With chmod, I could try something like
chmod o+w -R mydir/
But that’s not cool, since I don’t want to make the dir world-writable – I want give access only to certain users, so I want to use ACL. But is there an easy way to set those permissions? As I see it, I need to tackle at least three cases (dirs, files, executable files) separately:
find -type d -exec setfacl -m u:colleague:rwx {} ;
find -type f -executable -exec setfacl -m u:colleague:rwx {} ;
find -type f ! -executable -exec setfacl -m u:colleague:rw {} ;
It seems quite a lot of code lines for such a simple task. Is there a better way?
Always if you want to give recursive permission on dir only read then always use r-x .
Use given CMD : setfacl -Rm u:user_name:permission /location/abc/xyz
Example with explanation: setfacl -Rm u:admin12:r-x /appl/work/load/
Here `setfacl` : used to set permission.
-Rm : R for recursive and m for modify those old permission on given path.
u : User which u want to add with given permission.
admin12 : its an user , same user wants permission for a given location.
/appl/work/load : Set a location where you want to give permission.
Answered by Wajid Shaikh on November 9, 2021
for i in $(find /data -mindepth 0 -type d)
do setfacl -m u:zabbix:r-x $i
echo "ACL rules set for "$i
done
Answered by shgurbanov on November 9, 2021
As mentioned by umläute, the command setfacl -R with uppercase "X" is the way to go, like:
setfacl -R -m u:colleague:rwX .
However, for those who need to re-apply ACL recrusively (i.e like "re-apply permissions on sub-directories" à la Windows).
find . -mindepth 1 | xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')
That command could be splited to avoid error like setfacl: foobar: Only directories can have default ACLs.
find . -mindepth 1 -type d| xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')
find . -mindepth 1 -type f| xargs -n 50 setfacl -b --set-file=<(getfacl . | grep -v '^default:' | sed -e 's/x$/X/')
Note that the syntax <( something ) is Process Substitution, which is specific to bash. You may need to create a temporary file if you use another shell.
Answered by Franklin Piat on November 9, 2021
setfacl has a recursive option (-R) just like chmod:
-R, --recursive Apply operations to all files and directories recursively. This option cannot be mixed with `--restore'.
it also allows for the use of the capital-x X permission, which means:
execute only if the file is a directory or already has execute permission for some user (X)
so doing the following should work:
setfacl -R -m u:colleague:rwX .
(all quotes are from man setfacl for acl-2.2.52 as shipped with Debian)
Answered by umläute on November 9, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP