First set a default facl, then user specific settings. When setting the default first time round, you need to set all (user group other mask)
on a dir, set default facls to propagate to sub dirs and files
# setfacl -s u::rw-,g::rw-,o:—,m:rw-,d:u::rw-,d:g::rw-,d:o:—,d:m:rw-,d:u:TESTUSER:rwx /file
# setfacl -r -m user:TESTUSER:r-x /file
Dirs needs the exec permission so that users are able to view listing
Existing subdirs must be manually assigned the new ACLS. it will not propagate
- -s acl_entries Sets the ACL for the file, removing all old entrie
- -m acl_entries Adds one or more new AC
- -r Recalculates permissions for the ACL mask.
- • d[efault]:u[ser]::<perm> Sets the default permissions for the owner of the directory.
- • d[efault]:g[roup]::<perm> Sets the default permissions for the owner’s group.
- • d[efault]:o[ther]::<perm> Sets the default permissions for users other than the owner or members of the owner’s group.
- • d[efault]:m[ask]::<perm> Sets the default ACL mask.
- • d[efault]:u[ser]:<UID>:<perm> Sets the default permissions for a specific user.
- • d[efault]:g[roup]:<GID>:<perm> Sets the default permissions for a specific group.
