TransWikia.com

How do I set permissions recursively on a dir (with ACL enabled)?

Unix & Linux Asked by Rogach on November 9, 2021

For example, I want to give my colleagues write access to certain directory. Let’s assume that subdirectories in it had access rights 775, files 664, and also there were some executable files in the dir – 775.

Now I want to add write permissions. With chmod, I could try something like

chmod o+w -R mydir/

But that’s not cool, since I don’t want to make the dir world-writable – I want give access only to certain users, so I want to use ACL. But is there an easy way to set those permissions? As I see it, I need to tackle at least three cases (dirs, files, executable files) separately:

find -type d -exec setfacl -m u:colleague:rwx {} ;
find -type f -executable -exec setfacl -m u:colleague:rwx {} ;
find -type f ! -executable -exec setfacl -m u:colleague:rw {} ;

It seems quite a lot of code lines for such a simple task. Is there a better way?

4 Answers

Always if you want to give recursive permission on dir only read then always use r-x .

Use given CMD : setfacl -Rm u:user_name:permission /location/abc/xyz

Example with explanation: setfacl -Rm u:admin12:r-x /appl/work/load/

         Here `setfacl` : used to set permission.
               -Rm      : R for recursive and m for modify those old permission on given path. 
                u       : User which u want to add with given permission.
                admin12 : its an user , same user wants permission for a given location.
                
        /appl/work/load : Set a location where you want to give permission.


            

Answered by Wajid Shaikh on November 9, 2021

for i in $(find /data -mindepth 0 -type d)
do setfacl -m  u:zabbix:r-x $i
    echo "ACL rules set for "$i
done

Answered by shgurbanov on November 9, 2021

As mentioned by umläute, the command setfacl -R with uppercase "X" is the way to go, like:

setfacl -R -m u:colleague:rwX .

However, for those who need to re-apply ACL recrusively (i.e like "re-apply permissions on sub-directories" à la Windows).

find . -mindepth 1 | xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')

That command could be splited to avoid error like setfacl: foobar: Only directories can have default ACLs.

find . -mindepth 1 -type d| xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')
find . -mindepth 1 -type f| xargs -n 50 setfacl -b --set-file=<(getfacl . | grep -v '^default:' | sed -e 's/x$/X/')

Note that the syntax <( something ) is Process Substitution, which is specific to bash. You may need to create a temporary file if you use another shell.

Answered by Franklin Piat on November 9, 2021

setfacl has a recursive option (-R) just like chmod:

  -R, --recursive
      Apply operations to all files and directories recursively. This
      option cannot be mixed with `--restore'.

it also allows for the use of the capital-x X permission, which means:

  execute only if the file is a directory or already has
  execute permission for some user (X)

so doing the following should work:

setfacl -R -m u:colleague:rwX .

(all quotes are from man setfacl for acl-2.2.52 as shipped with Debian)

Answered by umläute on November 9, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP