Is it possible to create an ACL to deny access to a specific user (say jdoe
) to a specific file?
I'm not interested in the trivial solution of an ACL that gives access to the file to all users except jdoe
. This solution has the disadvantage that any user created successively in the system won't have access to the file.
Creating a group of all users except jdoe
and granting group access to the file bears the same disadvantage.
The command setfacl -x u:jdoe /path/file
won't work as it removes only created ACLs.
Best Answer
Sure, to demonstrate, as root...
It could be done to every file in a directory by default as well:
Above, the
-m
switch is the mask and the-d
switch makes it the default mask for all new filesystem objects in the directory. The---
can have other permission values, e.g.:rwx
r--
rw-
r-x
7
4
6
5
The group and other masks work the same way:
g:groupname:---
or in combination:u:username:---,g:groupname:---,o::---
. Not specifying a username or group name applies the mask to current user/group ownership.