Actual combat target:
Group |
User |
Zu1 |
Jack Robin |
Zu2 |
Zhangsan Lisi |
1. All directories, files are stored uniformly in a large directory
2. Each department has a separate folder
3. No access to the respective directories between different departments
4. Each employee has a directory in the department directory where they belong
5. Different employees in the same department can view the contents of their respective contents, single non-modifiable, users can only modify their own content
Users within a 6.boss group have access to files for all groups, but no modify permission
I. Creating Users and Groups
Groupadd ZU1
Groupadd ZU2
Useradd-g ZU1 Jack
Useradd-g ZU1 Robin
Useradd-g ZU2 Zhangsan
Useradd-g ZU2 Lisi
Groupadd boss
USERADD-G boss Bitch1
Two. Create a large directory where all directories and files are stored
CD/
MkDir shares
Three. Each department has a separate folder
CD shares
mkdir ZU1
mkdir ZU2
Four. View and Change permissions for the Department directory
ll
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/98/wKiom1kwFCDQPctUAAAM-6Bx6N0743.png-wh_500x0-wm_ 3-wmp_4-s_3789388384.png "style=" Float:none; "title=" 1 "alt=" Wkiom1kwfcdqpctuaaam-6bx6n0743.png-wh_50 "/>
chmod O-rx zu1 #取消其他人的所有权限
chmod O-rx ZU2
Chgrp zu1 zu1 #修改部门目录的所属组
Chgrp ZU2 ZU2
chmod g+s zu1 #让此目录下面创建的目录和文件继承父级目录的权限
chmod g+s ZU2
ll
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/99/wKioL1kwFCCz8oN1AAAN0MEUfrw621.png-wh_500x0-wm_ 3-wmp_4-s_1241307979.png "title=" 2 "style=" Float:none; alt= "Wkiol1kwfccz8on1aaan0meufrw621.png-wh_50"/>
Five. Create a user directory
mkdir Zu1/{jack,robin}
mkdir Zu2/{zhangsan,lisi}
ll ZU1
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/99/wKioL1kwFCDihwibAAAOx33iFuU733.png-wh_500x0-wm_ 3-wmp_4-s_4073818672.png "title=" 3 "style=" Float:none; alt= "Wkiol1kwfcdihwibaaaox33ifuu733.png-wh_50"/>
Six. Modify User directory Permissions
CD ZU1
Chown Jack Jack #修改用户目录的所属者为用户自己
Chown Robin Robin
CD ZU2
Chown Zhangsan Zhangsan
Chown Lisi Lisi
ll ZU1
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/97/98/wKiom1kwFCGhRAlLAAAPxpMsnWQ840.png-wh_500x0-wm_ 3-wmp_4-s_1654934498.png "title=" 4 "style=" Float:none; alt= "Wkiom1kwfcghrallaaapxpmsnwq840.png-wh_50"/>
Seven. ACL access control List
Cd/shares
Getfacl zu1 #获取现有的ACL
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/97/99/wKioL1kwFCHC8qCLAAAPF_yEzPA874.png-wh_500x0-wm_ 3-wmp_4-s_1025094167.png "title=" 5 "style=" Float:none; alt= "Wkiol1kwfchc8qclaaapf_yezpa874.png-wh_50"/>
Setfacl-m G:boss:rx ZU1 #设置ACL, boss Group has Read permission
Zu2
Getfacl ZU1
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/97/98/wKiom1kwFCGC-0PuAAARF19i-f8499.png-wh_500x0-wm_ 3-wmp_4-s_1054721281.png "title=" 6 "style=" Float:none; alt= "Wkiom1kwfcgc-0puaaarf19i-f8499.png-wh_50"/>
Eight. Test whether all targets have been achieved
This article is from "Linux Operations Technology" blog, please be sure to keep this source http://forall.blog.51cto.com/12356505/1931467
Linux Advanced management ACL (access control list) practical application