Today I learn a new method to operate on permission of files and directories, usually I use chmod
and chown
.
One thing you need to be clear is if for example /etc
is owned by root, and /etc/xxx
is owned by demo
(non-root) user, demo
cannot remove /etc/xxx
because of permission deny, but demo
can create soft link from /etc/xxx
and do all other operations inside /etc/xxx
.
What if demo
want to remove /etc/xxx
without changing permissiond of /etc
by chmod
or chown
and without sudo
? setfacl
is a good choice.
Note that docker will not allow commit the change of any permission of
/
directory into image.
Each file and directory in a Linux filesystem is created with Access Control Lists (ACLs)
. The permissions can be set using the setfacl
utility. In order to know the access permissions of a file or directory we use getfacl
.
For example:
1 | # getfacl /etc |
then we add demo
full permission to /etc
1 | ## run as root |
check again:
1 | # getfacl /etc |
I have this question: Difference between chmod vs ACL
Under Linux, ls -l
puts a +
at the end of the permissions characters to indicate that ACL
are present. If ACL
are presenting then the basic permissions do not tell the full story: ACL override POSIX permissions:
1 | # ls -l /etc |