This post is about setting the access permissions to files and folders that get created by processes and applications installed in linux(files as .log files).
We can use here getfacl and setfacl commands to acheive this. Lets see how we can do this.
getfacl as the name suggests will firstly fetch for you the information related to current permissions set and other details on file or folder
This command will fetch you the details for the current folder.
# file: ../<directory>/ # owner: <user> # group: media # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x
The above are the details about the folder including owner, group which has access to it and also its various users and their access rights. If you do getfacl to a file you also get one additional info about the umask applied on file.
Now below is command you can run to set default permissions.
chmod g+s <directory> //set gid setfacl -d -m g::rwx /<directory> //set group to rwx default setfacl -d -m o::rx /<directory> //set other
To understand on available switches with ‘setfacl’ in linux, just run ‘setfacl –help’, you will get all options available with it to use.Also the most useful command to reverse back all changes if something goes wrong using it is: This command will remove all the extended ACL entries.
setfacl -b /directory
Examples for setfacl usage:
Grant user techonicals read access to file.
setfacl -m u:techonicals:r file
Revoke write access from all groups and all named users for file.
setfacl -m m::rx file
Remove the group entry for the group techonicals from file file’s ACL.
setfacl -x g:techonicals file
To grant all permissions to a group
setfacl -m g:groupname:rwx /path/to/filename
To recursively set ACLs to all files inside a directory use the -R option
setfacl -R -m u:username:rwx /path/to/directory
To delete an entry from the access list
setfacl -x u:username /path/to/file