Set file access control lists

setfacl -m u:john:r-- myfile
The file myfile is owned by tom and has read and write permissions for tom. Group and other permissions are empty which make myfile readable and writable only by tom. setfacl enables user tom to give read permission to user john only. The command 'ls -l' shows a '+' sign telling us that file access control list has been setup for myfile.
Sample Output
$ ls -l myfile
-rw------- 1 tom tom 248060 2009-02-15 14:02 myfile
$ getfacl myfile
# file: myfile
# owner: tom
# group: tom
user::rw-
group::---
other::---
$ setfacl -m u:john:r-- myfile
$ getfacl myfile
# file: myfile
# owner: tom
# group: tom
user::rw-
user:john:r--
group::---
mask::r-x
other::---
$ ls -l myfile
-rw-------+ 1 tom tom 248060 2009-02-15 14:02 myfile

3
2009-02-21 21:05:45

These Might Interest You


  • 3
    getfacl /mydir
    servermanaged · 2009-04-29 11:57:14 3
  • Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output


    7
    strace php tias.php -e open,access 2>&1 | grep foo.txt
    rkulla · 2010-04-20 19:42:42 0
  • If you enable multiuser, then you can permit others to share your screen session. The following conditions apply: 1. screen must be suid root; 2. "multiuser on" must be configured in ~/.screenrc; 3. control the others user(s) access with "aclchg": # ----- from ~/.screenrc-users ----- aclchg someuser +rx "#?" #enable r/o access to "someuser" aclchg someuser -x "#,at,aclchg,acladd,acldel,quit" # don't allow these aclchg otheruser +rwx "#?" # enable r/w access to "otheruser" aclchg otheruser -x "#,at,aclchg,acladd,acldel,quit" # don't allow them to use these commands # ----- After doing this (once), you start your session with: $ screen Then, the other user can join your terminal session(s) with youruserid: $ screen -r youruserid/ Note: the trailing "/" is required. Multiple users can share the same screen simultaneously, each with independent access controlled precisely with "aclchg" in the ~/.screenrc file. I use the following setup: # ~/.screenrc-base # default screenrc on any host source $HOME/.screenrc-base source $HOME/.screenrc-$HOST source $HOME/.screenrc-users # ----- Then, the base configurations are in ~/.screenrc-base; the host-specific configurations are in ~/.screenrc-$HOST, and the user configurations are in ~/.screenrc-users. The host-specific .screenrc file might contain some host-specific screen commands; e.g.: # ~/.screen-myhost # ----- screen -t 'anywhere' /bin/tcsh screen -t 'anywhere1' /bin/tcsh # ---- The .screenrc-base contains: # ~/.screenrc-base ## I find typing ^a (Control-a) awkward. So I set the escape key to CTRL-j instead of a. escape ^Jj termcapinfo xterm* ti@:te@: autodetach on zombie kr verbose on multiuser on


    39
    % screen -r someuser/
    totoro · 2009-03-25 23:59:38 1
  • Converts control codes and spaces (ASCII code ≤ 32) to visible Unicode Control Pictures, U+2400 ? U+2420. Skips \n characters, which is probably a good thing. Show Sample Output


    1
    /bin/echo -e '\002Hello, Folks\t!\r' | perl -pwle 'use v5.14; s/([\N{U+0000}-\N{U+0020}])/chr(9216+ord($1))/ge;'
    scruss · 2014-06-30 01:45:40 1

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: