4

I found the setfacl from this link:

https://stackoverflow.com/questions/39397548/how-to-give-non-root-user-in-docker-container-access-to-a-volume-mounted-on-the

sudo setfacl -m u:$(id -u):rwx -R /some/folder

But it will set all file permissions into rwx which is different from my requirement.

Here is the test folder:

rm -rf /test
mkdir -p /test/hello/world

echo "hello" > /test/hello.txt


echo "hi" > /test/hi.sh
chmod 755 /test/hi.sh


echo "foo" > /test/foo.sh
chmod 400 /test/foo.sh


echo "bar" > /test/bar.sh
chmod 700 /test/bar.sh

Here is the file permissions:

# ls -l /test

-rwx------ 1 root root    4 Jun  1 12:20 bar.sh
-r-------- 1 root root    4 Jun  1 12:20 foo.sh
drwxr-xr-x 3 root root 4096 Jun  1 12:20 hello
-rw-r--r-- 1 root root    6 Jun  1 12:20 hello.txt
-rwxr-xr-x 1 root root    3 Jun  1 12:20 hi.sh

I want to grant user 1234 the same permission as root:

sudo setfacl -m u:1234:(???) -R /test

Here is the expected permission for user 1234 (not changing the owner here, just use 1234 in here for explaining the detail permissions as the same as user root):

# ls -l /test

-rwx------ 1 1234 root    4 Jun  1 12:20 bar.sh
-r-------- 1 1234 root    4 Jun  1 12:20 foo.sh
drwxr-xr-x 3 1234 root 4096 Jun  1 12:20 hello
-rw-r--r-- 1 1234 root    6 Jun  1 12:20 hello.txt
-rwxr-xr-x 1 1234 root    3 Jun  1 12:20 hi.sh

How to write this sudo setfacl -m u:1234:(???) -R /test?

Raffa
  • 34,963
stackbiz
  • 495

1 Answers1

3

Just a pointer as I consider this a bit clumsy ... But, you'll get the point.

In a shell loop:

for i in /test/*; do
  p="$(getfacl "$i" | awk -F'::' '/user::/{printf $2}')"
  setfacl --test -m u:1234:"$p" "$i"
done

That was a dry-run ... When satisfied with the output, remove --test and re-run it again to actually modify ACLs.

Raffa
  • 34,963