So I've been testing ACL's in Linux and they work as intended. I have, for example, this folder where I've stablished permissions for users belonging to the gruop share
. So far, so good...
lucas@lucas:/$ getfacl testAcl/
# file: testAcl/
# owner: root
# group: root
user::rwx
group::rwx
group:share:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:share:rwx
default:mask::rwx
default:other::---
This works fine. Once the ACL has been set, users can or cannot go into the specified folder, as per their group membership.
But I'm interested in something a little different: users usually log into the server, and they land in their /home/user
folder. How can I set up an ACL so users can't leave the /home
directory but also be able to go deeper inside /home/share
, for example?
I've though about two options so far:
- All users belonging to group
adm
CAN leave /home, or ... - All users belonging to group
share
CANNOT leave /home.
How can I set that up using setfacl
?
0 Answers