File access control lists

Lab 1
Purpose: List and modify permissions using POSIX File Access Control
Lists.
Procedure:
List acl (Get file access list):
[root@centos6 opt]# getfacl file1.tst
# file: file1.tst
# owner: root
# group: root
user::rwuser:cati:rwuser:usr1:-wgroup::r-mask::rwother::--To create/modify an acl entry:
[root@centos6 opt]# setfacl -m u:cati:rw file1.tst
To delete acl entry:
[root@centos6 opt]# setfacl -x u:cati file1.tst
Completely destroy the acl:
[root@centos6 opt]# setfacl -b file1.tst
Set rw permissions for cati and only w permission for usr1:
[root@centos6 cati]# cd /opt/
[root@centos6 opt]# touch file1.tst
[root@centos6 opt]# setfacl -m u:cati:rw file1.tst
[root@centos6 opt]# setfacl -m u:usr1:w file1.tst
usr1 can write, but not read
[root@centos6 opt]# su usr1
[usr1@centos6 opt]$ cat file1.tst
cat: file1.tst: Permission denied
[usr1@centos6 opt]$ echo "brb" > file1.tst
[usr1@centos6 opt]$ exit

Set no access for others:

[root@centos6 opt]# chmod 660 file1.tst
[root@centos6 opt]# ls -l
total 8
-rw-rw----+ 1 root root 4 Sep 21 01:49 file1.tst
[root@centos6 opt]# su usr1
[usr1@centos6 opt]$ cat file1.tst
cat: file1.tst: Permission denied
Note that usr1 can still write
[usr1@centos6 opt]$ echo "bbbb" > file1.tst
[usr1@centos6 opt]$ exit
exit
[root@centos6 opt]# su usr2
[usr2@centos6 opt]$ cat file1.tst
cat: file1.tst: Permission denied
[usr2@centos6 opt]$ echo "ccc" > file1.tst
bash: file1.tst: Permission denied
[usr2@centos6 opt]$ exit