0

I would like to know is there any way to list the ACL of particular user for all files.
Example, for cronjob we have details in /var/spool/cron/.

In the same way does ACL store the info anywhere?

Siva
  • 9,077
  • Maybe you mean "access denied" error logs due to ACLs for a particular user? Those do not exist and will not be generated by the system. – Ned64 Jan 17 '18 at 09:11
  • Are you asking for a particular user to list any (extended?) ACLs that they are a part of? – Jeff Schaller Jan 17 '18 at 10:16
  • i have multiple users. Each user will access different files. i will give access through ACL.

    At some point of time, i may need to know the list of file(which i have set ACL) in which a user can access.

    So i would like to know us there any way i can getacl with respect to user.

     – Siva Jan 18 '18 at 05:23

2 Answers2

3

ACL (Access Control List) is not a process. It's just a part of metadata on any inode, like the classic Unix file permissions. In other words, each ACL is stored with the file or directory it affects.

When you speak of ACLs of a particular user, do you mean ACLs created or modified by that user? ACLs are typically handled as extended attributes of a file/directory, so you might use the audit subsystem to log any setxattr()/lsetxattr()/fsetxattr() system calls to log them. You may get other types of extended attributes too, so you may have to do some post-processing for the log.

Or do you mean ACLs that refer to a particular user? For that, I'm afraid you would have to do something like getfacl -Rs / to get all the ACLs on the filesystem tree and then filter the results to look for the user you want.

telcoM
  • 96,466
1

is there any way to list the ACL of particular user for all files

A little bit of shell script will answer this pretty straightforwardly. First of all you need to walk the filesystem looking for ACLs. Any that you find need to be checked to see if they refer to your user account, and if so then printed. (It's not a stunningly efficient process so I wouldn't recommend you run it too often.)

user=johndoe
cd /
find -print0 |
    while IFS= read -r -d '' f
    do
        a=$(getfacl -s "$f")
        echo "$a" | grep "^user:${user}:" && echo "$a"
    done

If you are also interested in straightforward file ownership, amend the grep line to this:

echo "$a" | grep -E "^user:${user}:|^# owner: ${user}$" && echo "$a"
Chris Davies
  • 116,213
  • 16
  • 160
  • 287
  • Thanks a lot... only thing is , rather than "/ " i should give 3rd level directory. – Siva Jan 19 '18 at 14:12