歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> Linux技術

Linux中讀寫權限

learn the auth of Linux.

Generally, r-x

w: write , modify and delete -2

r: read -4

x: execute -1

A file has 3 auth show:

-owner

-group

-other

當時用sudo的時候表示使用root用戶的身份,因此,新建的文件或者dir都是root用戶的而不是你自己的。這時,自己反而沒有權限:

我sudo創建了文件,然後想要修改的時候說沒有權限。在腳本中,>輸出這個命令就無法執行了。

the owner has the 7 with the file, group useually 5, other 5. If I don't want others read the file , just chmod 750, but there is a problem: how can the specific person get the auth?

That is I want someone or a specific group get the auth of a file but others can't. Then, the ACL is do this.

1.Auth to specificerThe following show auth to dir for user:st

//create a dir named project

mkdir project

chmod 770 project/

//add two uers to tgroup

useradd bimm

useradd cangls

groupadd tgroup

gpasswd -a bimm tgroup

gpasswd -a cangls tgroup

chown root:tgroup project/

//auth to user:st

useradd st

setfacl -m u:st:rx project/

//then the ll show +

[root@bogon temp]# ll -d project/

drwxrwx---+ 2 root tgroup 16 5月 14 21:14 project/[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

user:st:r-x

group::rwx

mask::rwx

other::---

//auth to group:tgroup2

[root@bogon temp]# setfacl -m g:tgroup2:rwx project/

[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

user:st:r-x

group::rwx

group:tgroup2:rwx

mask::rwx

other::---

2.change mask, the top effective authwhen auth to someone or somegroup by setfacl with a auth like rwx, it will &mask to get their auth.For instance, if

setfacl -m u:st:rw project

, and the project's auth is r-x, then, the auth of user:st to project is r--. Howerver, we can also change the mask:[root@bogon temp]# setfacl -m u:st:rw project/

[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

user:st:rw-group::rwx

group:tgroup2:rwx

mask::rwx

other::---

[root@bogon temp]# setfacl -m m:r-x project/

[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

user:st:rw- #effective:r--group::rwx #effective:r-x

group:tgroup2:rwx #effective:r-x

mask::r-x

other::---

3.delete ACL-x u:st file(s) , --remove=acl remove entries from the ACL(s) of file(s)

-b file(s) , --remove-all remove all extended ACL entries

[root@bogon temp]# setfacl -x u:st project/

[root@bogon temp]# setfacl -x g:tgroup2 project/

[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

group::rwx

mask::rwx

other::---

4.recursive set ACL and default ACL for dirif you do it as step2, you just set ACL to the specify dir, not works with the sub-file of the dir.

if you want to do the same with the sub-file, set option -R[root@bogon temp]# touch project/abc

[root@bogon temp]# ll project/abc

-rw-r--r-- 1 root root 0 5月 14 21:14 project/abc

[root@bogon temp]# ll -d project/

drwxrwx--- 2 root tgroup 16 5月 14 21:14 project/

[root@bogon temp]# setfacl -m u:st:rx project/

[root@bogon temp]# ll -d project/

drwxrwx---+ 2 root tgroup 16 5月 14 21:14 project/

[root@bogon temp]# setfacl -m u:st:rx project/

[root@bogon temp]# getfacl project/

# file: project/

# owner: root

# group: tgroup

user::rwx

user:st:r-x

group::rwx

mask::rwx

other::---

[root@bogon temp]# getfacl project/abc

# file: project/abc

# owner: root

# group: root

user::rw-

group::r--

other::r--

//-R just work with the exists files, but new file doesn't

[root@bogon temp]# setfacl -m u:st:rx -R project/

[root@bogon temp]# getfacl project/abc

# file: project/abc

# owner: root

# group: root

user::rw-

user:st:r-xgroup::r--

mask::r-x

other::r--

[root@bogon temp]# touch project/newabc

[root@bogon temp]# getfacl project/newabc

# file: project/newabc

# owner: root

# group: root

user::rw-

group::r--

other::r--

You can see -R dosen't work with new file, if you want the new sub-file also has the auth, use the default ACL by orption d:

[root@bogon temp]# setfacl -m d:u:st:rx project/

[root@bogon temp]# getfacl project/newabc

# file: project/newabc

# owner: root

# group: root

user::rw-

group::r--

other::r--

[root@bogon temp]# touch project/newabc2

[root@bogon temp]# getfacl project/newabc2

# file: project/newabc2

# owner: root

# group: root

user::rw-

user:st:r-x #effective:r--group::rwx #effective:rw-

mask::rw-

other::---

-R for the exists and d: for the future.

5.setUID[root@bogon temp]# ll /usr/bin/passwd

-rwsr-xr-x. 1 root root 27832 6月 10 2014 /usr/bin/passwds表示用戶在執行時暫時獲得文件owner的權限,因為passwd會操作shadow,而只有root才有shadow權限,因此需要在用戶運行passwd的時候有權力寫入shadow。

要求該文件必須是可執行文件。

Copyright © Linux教程網 All Rights Reserved