Bryan Geraghty

Traditional file system permissions management in Linux leaves most users wanting. Fortunately, there’s a feature that most linux users don’t even know about called ACLs and it’s most likely already available on your system. All you have to do to enable it is add the `acl` option to your volume in `/etc/fstab`.

Once that is done, here are some functions that I wrote to help manage these ACLs.

Here is an example of a script that grants apache permission to read a directory with these functions:

#!/bin/bash
source aclfunctions.bash

if [ -z $1 ]; then
    DIR='.';
else
    DIR=$1;
fi

setuserread 'apache' $DIR '*';

aclfunctions.bash:

function resetall
{
    setfacl -Rb $1;
    find $1 -type d -exec chmod 770 {} \;
    find $1 -type f -exec chmod 660 {} \;
}

function setuserread
{
    find $2 -name "$3" -type d -exec setfacl -d -m u:$1:rx {} \;
    find $2 -name "$3" -type d -exec setfacl -R -m u:$1:rx {} \;
    find $2 -type f -exec setfacl -m u:$1:r {} \;
}

function setgroupread
{
    find $2 -name "$3" -type d -exec setfacl -d -m g:$1:rx {} \;
    find $2 -name "$3" -type d -exec setfacl -R -m g:$1:rx {} \;
    find $2 -type f -exec setfacl -m g:$1:r {} \;
}

function setgroupwrite
{
    find $2 -name "$3" -type d -exec setfacl -d -m g:$1:rwx {} \;
    find $2 -name "$3" -type d -exec setfacl -R -m g:$1:rwx {} \;
    find $2 -type f -exec setfacl -m g:$1:rw {} \;
}

function setuserexec
{
    find $1 -name "$2" -type d -exec chmod -R u+x {} \;
}

function setgroupexec
{
    find $2 -name "$3" -exec setfacl -R -m g:$1:rwx {} \;
}