Home > Developer > Linux

Linux Advanced management ACL (access control list) practical application

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Actual combat target:

Group User
Zu1 Jack
Robin
Zu2 Zhangsan
Lisi

1. All directories, files are stored uniformly in a large directory

2. Each department has a separate folder

3. No access to the respective directories between different departments

4. Each employee has a directory in the department directory where they belong

5. Different employees in the same department can view the contents of their respective contents, single non-modifiable, users can only modify their own content

Users within a 6.boss group have access to files for all groups, but no modify permission


I. Creating Users and Groups

Groupadd ZU1

Groupadd ZU2

Useradd-g ZU1 Jack

Useradd-g ZU1 Robin

Useradd-g ZU2 Zhangsan

Useradd-g ZU2 Lisi

Groupadd boss

USERADD-G boss Bitch1


Two. Create a large directory where all directories and files are stored

CD/

MkDir shares


Three. Each department has a separate folder

CD shares

mkdir ZU1

mkdir ZU2


Four. View and Change permissions for the Department directory

ll

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/98/wKiom1kwFCDQPctUAAAM-6Bx6N0743.png-wh_500x0-wm_ 3-wmp_4-s_3789388384.png "style=" Float:none; "title=" 1 "alt=" Wkiom1kwfcdqpctuaaam-6bx6n0743.png-wh_50 "/>


chmod O-rx zu1 #取消其他人的所有权限

chmod O-rx ZU2

Chgrp zu1 zu1 #修改部门目录的所属组

Chgrp ZU2 ZU2

chmod g+s zu1 #让此目录下面创建的目录和文件继承父级目录的权限

chmod g+s ZU2

ll

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/99/wKioL1kwFCCz8oN1AAAN0MEUfrw621.png-wh_500x0-wm_ 3-wmp_4-s_1241307979.png "title=" 2 "style=" Float:none; alt= "Wkiol1kwfccz8on1aaan0meufrw621.png-wh_50"/>

Five. Create a user directory

mkdir Zu1/{jack,robin}

mkdir Zu2/{zhangsan,lisi}

ll ZU1

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/97/99/wKioL1kwFCDihwibAAAOx33iFuU733.png-wh_500x0-wm_ 3-wmp_4-s_4073818672.png "title=" 3 "style=" Float:none; alt= "Wkiol1kwfcdihwibaaaox33ifuu733.png-wh_50"/>


Six. Modify User directory Permissions

CD ZU1

Chown Jack Jack #修改用户目录的所属者为用户自己

Chown Robin Robin

CD ZU2

Chown Zhangsan Zhangsan

Chown Lisi Lisi

ll ZU1

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/97/98/wKiom1kwFCGhRAlLAAAPxpMsnWQ840.png-wh_500x0-wm_ 3-wmp_4-s_1654934498.png "title=" 4 "style=" Float:none; alt= "Wkiom1kwfcghrallaaapxpmsnwq840.png-wh_50"/>


Seven. ACL access control List

Cd/shares

Getfacl zu1 #获取现有的ACL

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/97/99/wKioL1kwFCHC8qCLAAAPF_yEzPA874.png-wh_500x0-wm_ 3-wmp_4-s_1025094167.png "title=" 5 "style=" Float:none; alt= "Wkiol1kwfchc8qclaaapf_yezpa874.png-wh_50"/>

Setfacl-m G:boss:rx ZU1 #设置ACL, boss Group has Read permission

Zu2

Getfacl ZU1

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/97/98/wKiom1kwFCGC-0PuAAARF19i-f8499.png-wh_500x0-wm_ 3-wmp_4-s_1054721281.png "title=" 6 "style=" Float:none; alt= "Wkiom1kwfcgc-0puaaarf19i-f8499.png-wh_50"/>

Eight. Test whether all targets have been achieved


This article is from "Linux Operations Technology" blog, please be sure to keep this source http://forall.blog.51cto.com/12356505/1931467

Linux Advanced management ACL (access control list) practical application

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux role based access control practical linux security cookbook pdf practical guide to ubuntu linux practical guide to linux commands advanced dns management iis application pool advanced settings mandatory access control vs discretionary access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More