36

For example, I want to give my colleagues write access to certain directory. Let's assume that subdirectories in it had access rights 775, files 664, and also there were some executable files in the dir - 775.

Now I want to add write permissions. With chmod, I could try something like

chmod o+w -R mydir/

But that's not cool, since I don't want to make the dir world-writable - I want give access only to certain users, so I want to use ACL. But is there an easy way to set those permissions? As I see it, I need to tackle at least three cases (dirs, files, executable files) separately:

find -type d -exec setfacl -m u:colleague:rwx {} \;
find -type f -executable -exec setfacl -m u:colleague:rwx {} \;
find -type f \! -executable -exec setfacl -m u:colleague:rw {} \;

It seems quite a lot of code lines for such a simple task. Is there a better way?

Rogach
  • 6,150
  • 11
  • 38
  • 41

4 Answers4

57

setfacl has a recursive option (-R) just like chmod:

  -R, --recursive
      Apply operations to all files and directories recursively. This
      option cannot be mixed with `--restore'.

it also allows for the use of the capital-x X permission, which means:

  execute only if the file is a directory or already has
  execute permission for some user (X)

so doing the following should work:

setfacl -R -m u:colleague:rwX .

(all quotes are from man setfacl for acl-2.2.52 as shipped with Debian)

umläute
  • 6,300
  • 1
  • 24
  • 48
7

As mentioned by umläute, the command setfacl -R with uppercase "X" is the way to go, like:

setfacl -R -m u:colleague:rwX .

However, for those who need to re-apply ACL recrusively (i.e like "re-apply permissions on sub-directories" à la Windows).

find . -mindepth 1 | xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')

That command could be splited to avoid error like setfacl: foobar: Only directories can have default ACLs.

find . -mindepth 1 -type d| xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')
find . -mindepth 1 -type f| xargs -n 50 setfacl -b --set-file=<(getfacl . | grep -v '^default:' | sed -e 's/x$/X/')

Note that the syntax <( something ) is Process Substitution, which is specific to bash. You may need to create a temporary file if you use another shell.

Franklin Piat
  • 2,963
  • 3
  • 31
  • 37
1

Always if you want to give recursive permission on dir only read then always use r-x .

Use given CMD : setfacl -Rm u:user_name:permission /location/abc/xyz

Example with explanation: setfacl -Rm u:admin12:r-x /appl/work/load/

         Here `setfacl` : used to set permission.
               -Rm      : R for recursive and m for modify those old permission on given path. 
                u       : User which u want to add with given permission.
                admin12 : its an user , same user wants permission for a given location.
                
        /appl/work/load : Set a location where you want to give permission.
Wajid Shaikh
  • 121
  • 2
-1
for i in $(find /data -mindepth 0 -type d)
do setfacl -m  u:zabbix:r-x $i
    echo "ACL rules set for "$i
done
shgurbanov
  • 27
  • 4