How to give write permissions using setfacl while retaining existing permissions? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about How to give write permissions using setfacl while retaining existing permissions? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, permissions, user-permissions, setfacl, .
I want to give write permission to a specific user on a dir recursively without loosing any existing permissions that the user may have. I believe I can use something like this to give write permissions to the user:
setfacl -R -m u:user:w dir/*
but the issue with this is that it takes away any existing permissions that the user may already have. For example if the user had execute permissions before executing the setfacl command, it will replace the execute permission with write permissions.
How can I give write permission to the user while retaining the existing permissions?
What you want are called “relative permissions”, a feature that some setfacl implementation provide, basically using the classic “+/-” syntax used by chmod
However, on RHEL7 and Ubuntu 16.04 LTS at least, setfacl does not provide such feature. For example, something as setfacl -m user:root:+r /root/ return an error stating setfacl: Option -m: Invalid argument near character 11
If your setfacl implementation lacks this feature, you have two possibilities:
- use
getfaclto output all the ACLs to a file, editing such a file to match your required access permission, then usesetfacl --restoreto load/apply the new permissions; - create a script to iterate on each file, read the current ACLs and write the new access permissions.
