mask:
1. Used to temporarily reduce the permissions of a user or group (except the owner and others)
2. Suggestion: In order to facilitate the management of file permissions, Leave the permissions of others empty
[[emailprotected] ~]# setfacl -mo:- /home/test.txt
[[emailprotected] ~]# getfacl / home/test.txt View permissions:
getfacl: Removing leading’/’ from absolute path names
file: home/test.txt
owner: root
#group: root
user ::rw-
user:dong1:rwx
user:hr01:rw-
group::r–
group:hr01:r–
group:hr:rw-< br>mask::rwx
other::—
[[email protected] ~]# ll /home/test.txt rwx is the mask
-rw-rwx— + 1 root root 5 November 6 07:25 /home/test.txt
[[email protected] ~]# setfacl -m mask:- /home/test.txt Set mask permissions
[[email Protected] ~]# getfacl /home/test.txt
getfacl: Removing leading’/’ from absolute path names
#file: home/test.txt
#owner: root
#group: root
user::rw-
user:dong1:rwx #effective:—
user:hr01:rw- #effective:—
group::r– #effective:—
group:hr01:r– #effective:—
group:hr:rw- #effective:—
mask::—
other ::—< br>3. View the results: (except the owner and other are not affected, others will be affected by the mask, and the mask determines their highest authority)
[[emailprotected] ~]$ cat /home/test.txt
cat: /home/test.txt: Insufficient permissions
4. Applicable scenarios: For example, it is like a road, usually everyone can pass through , But for safety reasons, this road is temporarily under martial law, after a period of time, everyone can continue to pass.
5. Mask permission is invalid
[[email protected] ~]# setfacl -mu:dong1:r /home/test.txt When to the user After re-grant permissions, the mask permissions become invalid. The mask defaults to the authority of the person with the highest authority.
[[email protected] ~]# getfacl /home/test.txt getfacl: Removing leading’/’ from absolute path names#file: home/test.txt#owner: root#group: rootuser:: rw-user:dong1:r–user:hr01:rw-group::r–group:hr01:r–group:hr:rw-mask::rw-other::—
< /p>