It's nice and all that one can "go crazy" adding and subtracting ACL's from files/folders till the cows come home... but when doing it from the command line, say for example..
$ chmod +a# 1 "admin deny delete" foo
$ ls -lde foo
drwxr-xr-x + 2 apl apl 68 Jul 19 18:32 foo
0: group:admin allow delete
1: group:admin deny delete
2: user:tony allow delete
Is there an "easier" syntax that allows for "ALL" type scenarios? Since there are a total of 2^13 * 12 = 98,304 different access rights you can define it would be great if you could for example state...
$ chmod +a "staff allow all" foo
But as far as I can tell, it ain't possible. Any extended-attribute gurus out there know of any tricks?
I'm not sure if this helps, but since you can have more than one permission per ACL, you could use a couple of environment variables (e.g. in your .profile) to make it easier. Assuming your default shell is bash:
Then when you need to grant permissions: