UNIX model ACL as a Data Structure Read about UNIX permissio

UNIX model ACL as a Data Structure?

Read about UNIX permission matrices (ACLs) in your favorite UNIX reference. Model the ACLs as a data structure that is modified from the permission matrices that are used in the general case. Remember to have structures to store owners and groups

Solution

-b --> Remove all extended ACL entries. The base ACL entries of the owner, group and others are retained.

-k -->Remove the Default ACL. If no Default ACL exists, no warnings are issued.

-n --> Do not recalculate the effective rights mask. The default behavior of setfacl is to recalculate the ACL mask entry, unless a mask entry was explicitly given. The mask entry is set to the union of all permissions of the owning group, and all named user and group entries.

-- mask -->Do recalculate the effective rights mask, even if an ACL mask entry was explicitly given.

--restore=file

Restore a permission backup created by ‘getfacl -R’ or similar. All permissions of a complete directory subtree are restored using this mechanism. If the input contains owner comments or group comments, and setfacl is run by root, the owner and owning group of all files are restored as well. This option cannot be mixed with other options except ‘--test’.

--test:Test mode. Instead of changing the ACLs of any files, the resulting ACLs are listed.

-R, --recursive:Apply operations to all files and directories recursively. This option cannot be mixed with ‘--restore’.

-L, --logical:Logical walk, follow symbolic links. The default behavior is to follow symbolic link arguments, and to skip symbolic links encountered in subdirectories. This option cannot be mixed with ‘--restore’.

-P, --physical :Physical walk, skip all symbolic links. This also skips symbolic link arguments. This option cannot be mixed with ‘--restore’.

--version: Print the version of setfacl and exit.

--help:Print help explaining the command line options.

-- :End of command line options. All remaining parameters are interpreted as file names,

even if they start with a dash.

-:If the file name parameter is a single dash, setfacl reads a list of files from standard input.

ACL Entries:

[d[efault]:] [u[ser]:]uid [:perms] :Permissions of a named user. Permissions of the file owner if uid is empty.

[d[efault]:] g[roup]:gid [:perms] :Permissions of a named group. Permissions of the owning group if gid is empty.

[d[efault]:] m[ask][:] [:perms] :Effective rights mask

[d[efault]:] o[ther][:] [:perms] :Permissions of others.

Whitespace between delimiter characters and non-delimiter characters is ignored.

Proper ACL entries including permissions are used in modify and set operations. (options -m, -M, --set and --set-file). Entries without the perms field are used for deletion of entries (options -x and -X).

permission representations:

0 No permission   ---

1 Execute permission --x

2 Write Permission   -w-

3 Execute and write permission: 1 (execute) + 2 (write) = 3   -wx

4 Read permission    r--

5 Read and execute permission: 4 (read) + 1 (execute) = 5 r-x

6 Read and write permission: 4 (read) + 2 (write) = 6   rw-

7 All permissions: 4 (read) + 2 (write) + 1 (execute) = 7 rwx