setfacl is useful to deal with complex user access administration
1. create user rocky and yu
2. create group testallow
3. create test folder /var/test
4. set the folder permission to 700 to make sure no one can access this folder except root
5. setfacl -m u:rocky:rwx /var/test  and su – rocky to test the access of folder
6. usermod -G testallow yu to add user yu to testallow
7. setfacl -m g:testallow:rwx /var/test and su – yu to test the access of folder
8 use getfacl to gain the acl of folder
9 use tail /etc/group to gain the group infomation