You can simplify it into a single command, assuming you want to traverse further than a single level. I usually format my setfacl as I tend to set user, group, other, mask along with multiple specific user/group permissions at the same time.
Items of note:
- -R --recursive
- -b --remove-all
- -k --remove-default
- -m --modify
- As things are being set recursively using an uppercase X will set x on directories but not execute on files unless they already have the permission.
- Include -bk as I like to have a fresh slate when setting File ACLs
- Spaces and lack of are important to the command and formatting.
setfacl -Rbkm \
d:g:splunk:r-X,\
d:m::rwX,\
\
g:splunk:r-X,\
m::rwX,\
-- \
/var/{log,etc}
... View more