[[email protected] ~]# mkdir -p /share/wanlong
[[email protected] ~]# groupadd IT-SUPPORT
[[email protected] ~]# adduser wanlong1 -G IT-SUPPORT
[[email protected] ~]# adduser wanlong2 -G IT-SUPPORT
[[email protected] ~]# adduser wanlong3 -G IT-SUPPORT
[[email protected]

[[email protected] ~]# ls -ld /share/wanlong/
drwxr-xr-x 2 root IT-SUPPORT 6 Apr 26 20:12 /share/wanlong/
切換用戶，測試下權限
[[email protected] ~]# su - wanlong1
[[email protected] ~]$ cd /share/wanlong/
能夠進入目錄，說明具備X權限
[[email protected] wanlong]$ ls
passwd
[[email protected]

使用getfacl查看文件夾的權限：

[[email protected] ~]# getfacl /share/wanlong/
getfacl: Removing leading ‘/‘ from absolute path names
# file: share/wanlong/
# owner: root
# group: IT-SUPPORT
user::rwx
group::r-x
other::r-x
[[email protected] ~]# ls -ld /share/wanlong/
drwxr-xr-x 2 root IT-SUPPORT 20 Apr 26 20:16 /share/wanlong/
說明：root有可讀取執行的權限，IT-SUPPORT組的成員具有讀和執行的權限

3、需求：給予wanlong1對/share/wanlong讀、寫、可執行權限

[[email protected] ~]# vim /etc/fstab 
#
# /etc/fstab
# Created by anaconda on Thu Feb 23 22:23:27 2017
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/cl-root     /                       xfs     defaults,acl        0 0
UUID=df70cb42-4274-491a-8ae7-cbb0dcd3a60b /boot                   xfs     defaults        0 0
/dev/mapper/cl-home     /home                   xfs     defaults        0 0
/dev/mapper/cl-swap     swap                    swap    defaults        0 0
備註：在“/”目錄默認的參數default後，添加“,acl”使acl規則生效
[[email protected] ~]# mount -a
重新加載掛載選項
[[email protected] ~]# setfacl -m u:wanlong1:rwx /share/wanlong/
[[email protected] ~]# getfacl /share/wanlong/
getfacl: Removing leading ‘/‘ from absolute path names
# file: share/wanlong/
# owner: root
# group: IT-SUPPORT
user::rwx
user:wanlong1:rwx
group::r-x
mask::rwx
other::r-x
[[email protected] wanlong]$ touch james.doc
[[email protected] wanlong]$ ls
james.doc  passwd
[[email protected] wanlong]$ rm james.doc -rf
[[email protected] wanlong]$ ls
passwd
測試成功!

4、補充內容：

如果發現acl規則特別亂，想清理下，該如何操作
操作前：
[[email protected] ~]# getfacl /share/wanlong/
getfacl: Removing leading ‘/‘ from absolute path names
# file: share/wanlong/
# owner: root
# group: IT-SUPPORT
user::rwx
user:wanlong1:rwx
group::r-x
mask::rwx
other::r-x
[[email protected] ~]# setfacl -b /share/wanlong/
[[email protected] ~]# getfacl /share/wanlong/
getfacl: Removing leading ‘/‘ from absolute path names
# file: share/wanlong/
# owner: root
# group: IT-SUPPORT
user::rwx
group::r-x
other::r-x

本文出自 “冰凍vs西瓜” 博客，請務必保留此出處http://molewan.blog.51cto.com/287340/1922066

getfacl權限記錄應用