You can set and display permissions on ZFS files in a compact format that uses 14 unique letters to represent the permissions. The letters that represent the compact permissions are listed in Table 7–2 and Table 7–3.
You can display compact ACL listings for files and directories by using
the ls
V
command. For example:
# ls -V file.1
-rw-r--r-- 1 root root 206663 Feb 16 11:00 file.1
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:-wxp----------:------:deny
group@:r-------------:------:allow
everyone@:-wxp---A-W-Co-:------:deny
everyone@:r-----a-R-c--s:------:allow
The compact ACL output is described as follows:
owner@
The owner is denied execute permissions to the file (x
=execute
).
owner@
The owner can read and modify the contents of the file (rw
=read_data/write_data
), (p
=append_data
). The owner can also modify the file's attributes such
as timestamps, extended attributes, and ACLs (A
=write_xattr
, W
=write_attributes
, C
=write_acl
). In addition, the owner can modify the ownership of the
file (O
=write_owner
).
group@
The group is denied modify and execute permissions to the
file (rw
=read_data/write_data
, p
=append_data
, and x
=execute
).
group@
The group is granted read permissions to the file (r
=read_data
).
everyone@
Everyone who is not user or group is denied permission to
execute or modify the contents of the file, and to modify any attributes of
the file (w
=write_data
, x
=execute
, p
=append_data
, A
=write_xattr
, W
=write_attributes
, C
=write_acl
, and o
=write_owner
).
everyone@
Everyone who is not user or group is granted read permissions
to the file and the file's attributes (r
=read_data
, a
=append_data
, R
=read_xattr
, c
=read_acl
, and s
=synchronize
). The synchronize
access permission
is not currently implemented.
Compact ACL format provides the following advantages over verbose ACL format:
Permissions can be specified as positional arguments to the chmod command.
The hyphen (-) characters, which identify no permissions, can be removed and only the required letters need to be specified.
Both permissions and inheritance flags are set in the same fashion.
For information about using the verbose ACL format, see Setting and Displaying ACLs on ZFS Files in Verbose Format.
Example 7.10. Setting and Displaying ACLs in Compact Format
In the following example, a trivial ACL exists on file.1
:
# ls -V file.1
-rw-r-xr-x 1 root root 206663 Feb 16 11:00 file.1
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:-w-p----------:------:deny
group@:r-x-----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:------:allow
In this example, read_data/execute permissions are added for the user gozer
on file.1
.
#chmod A+user:gozer:rx:allow file.1
#ls -V file.1
-rw-r-xr-x+ 1 root root 206663 Feb 16 11:00 file.1 user:gozer:r-x-----------:------:allow owner@:--x-----------:------:deny owner@:rw-p---A-W-Co-:------:allow group@:-w-p----------:------:deny group@:r-x-----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow
Another way to add the same permissions for user gozer
is
to insert a new ACL at a specific position, 4, for example. As such, the existing
ACLs at positions 4–6 are pushed down. For example:
#chmod A4+user:gozer:rx:allow file.1
#ls -V file.1
-rw-r-xr-x+ 1 root root 206663 Feb 16 11:00 file.1 owner@:--x-----------:------:deny owner@:rw-p---A-W-Co-:------:allow group@:-w-p----------:------:deny group@:r-x-----------:------:allow user:gozer:r-x-----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow
In the following example, user gozer
is granted read,
write, and execute permissions that are inherited for newly created files
and directories by using the compact ACL format.
#chmod A+user:gozer:rwx:f:allow dir.1
#ls -dV dir.1
drwxr-xr-x+ 2 root root 2 Feb 23 10:37 dir.1 user:gozer:rwx-----------:f-----:allow owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:-w-p----------:------:deny group@:r-x-----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow
You can also cut and paste permissions and inheritance flags from the ls
V
output into the compact chmod format.
For example, to duplicate the permissions and inheritance flags on dir.1
for user gozer
to user cindys
,
copy and paste the permission and inheritance flags (rwx-----------:f-----:allow
) into your chmod command. For example:
#chmod A+user:cindys:rwx-----------:f-----:allow dir.1
#ls -dV dir.1
drwxr-xr-x+ 2 root root 2 Feb 23 10:37 dir.1 user:cindys:rwx-----------:f-----:allow user:gozer:rwx-----------:f-----:allow owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:-w-p----------:------:deny group@:r-x-----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow