Linux Job Practice---rights management

1, when the user Wangcai to/testdir directory without write permission, the directory of read-only files File1 can be modified and deleted?

[[email protected] testdir]# su wangcai[[email protected] testdir]$ ll-a total usage 8drwxr-xr-x. 2 4322 root 4096 August 5 06:17. Dr-xr-xr-x. Root root 4096 August 5 03:28.  -r--r--r--. 1 root root 0 August 5 06:17 file1[[email protected] testdir]$ echo aaaaaaaaa >> file1 bash:file1: Insufficient permissions [email Pro Tected] testdir]$ rm-f file1 RM: Unable to delete "File1": Insufficient permissions

2, copy/etc/fstab file to/var/tmp, set the file owner to Wangcai, have read and write permissions, belong to group SysAdmins group, have read and write permissions, others do not have permission

[[email protected] tmp]# Cp/etc/fstab/var/tmp/[[email protected] tmp]# ll total dosage 4-rw-r--r--. 1 root root 805 August 5 06:25 fstab[[email protected] tmp]# chown wangcai:sysadmins fstab [[email protected] tmp]# chmod 66 0 fstab [[email protected] tmp]# ll total dosage 4-rw-rw----. 1 Wangcai sysadmins 805 August 5 06:25 fstab

3, mistakenly deleted the user Wangcai home directory, please rebuild and restore the home directory and the corresponding permission attributes

[[Email protected] home]# mkdir wangcai[[email protected] home]# cp -r  /etc/skel/. /home/wangcai/[[email protected] home]# chown -r wangcai: wangcai wangcai/[[email protected] home]# ll -a wangcai/Total dosage  24drwxr-xr-x.   3 wangcai wangcai 4096 8 month    5 06:29 .drwxr-xr-x.  18 root    root    4096 8 Month    5  06:29&NBSP, .... -rw-r--r--.   1 wangcai wangcai   18 8 Month    5 06:29  .bash_logout-rw-r--r--.   1 wangcai wangcai  176 8 Month    5  06:29 .bash_profile-rw-r--r--.   1 wangcai wangcai  124 8 Month     5 06:29 .bashrcdrwxr-xr-x.  2 wangcai wangcai 4096 8 Month    5&Nbsp;06:29 .gnome2 

4, the new files created in the/data/testdir automatically belong to the G1 Group, members of the group G2 such as Alice can have read and write permissions to these new files, the group G3 members such as Tom can only have read access to the new file, other users (not belonging to G1,G2,G3) cannot access this folder

[[email protected] /]# groupadd g1[[email protected] /]# groupadd g2[[ Email protected] /]# groupadd g3[[email protected] /]# useradd -g  g2 alice[[email protected] /]# useradd -G g3 tom[[email  protected] /]# id aliceuid=4327 (Alice)  gid=4331 (Alice)   Group =4331 (Alice), 4329 (G2) [Email  protected] /]# id tomuid=4328 (Tom)  gid=4332 (Tom)   Group =4332 (Tom), 4330 (G3) [Email  protected] /]# mkdir -p /data/testdir[[email protected] /]# cd / Data/[[email protected] data]# ll Total Dosage  4drwxr-xr-x. 2 root root 4096  8 Month    5 06:39 TESTDIR[[EMAIL PROTECTED] DATA]# CHGRP G1  testdir/[[email protected] data]# chmod g+sw,o= testdir/[[email protected]  data]# ll Total Dosage  4DRWXRWs---.  2 root g1 4096 8 Month    5 06:48 testdir[[email  protected] data]# setfacl -m g:g2:rwx,g:g3:rwx testdir/[[email protected]  data]# setfacl -m d:g:g2:rw,d:g:g3:r testdir/[[email protected] data]#  getfacl testdir/# file: testdir/# owner: root# group: g1# flags:  -s-user::rwxgroup::rwxgroup:g2:rwxgroup:g3:rwxmask::rwxother::---default:user::rwxdefault:group::rwxdefault: Group:g2:rw-default:group:g3:r--default:mask::rwxdefault:other::---

5, set the User1, so that the new file permissions for RW-------

[[email protected]/]# su-user1[[email protected] ~]$ umask u=rw,g=,o=[[email protected] ~]$ umask-p >>. BASHRC [ [email protected] ~]$ cat. BASHRC # bashrc# Source global definitionsif [-F/ETC/BASHRC]; Then. /etc/bashrcfi# User specific aliases and Functionsumask 0177

6, set/TESTDIR/F1 permissions, so that User1 users can not read and write execution, G1 group can read and write,

Set/testdir/dir permissions so that new files automatically have ACL permissions: USER1:RW,G1:---,

Backs up ACLs for all files in the/testdir directory, clears all ACL permissions for/testdir, and restores with backup

[[email protected]/]# ll testdir/total dosage 4drwxr-xr-x. 2 root root 4096 August 5 07:27 dir-rw-r--r--. 1 root root 0 August 5 07:27 f1[[email protected]/]# setfacl-m u:user1:0,g:g1:rw/testdir/f1[[email protected]/]# SETF Acl-m d:u:user1:rw,d:g:g1:0/testdir/dir/[[email protected]/]# getfacl-r/testdir/> Acl.txt[[email protected]/]# s Etfacl-r-b/testdir/[[email protected]/]# setfacl-r--set-file=acl.txt/testdir/

This article is from the "Linux Operational Learning path" blog, please be sure to keep this source http://fengliang.blog.51cto.com/3453935/1834565

Linux Job Practice---rights management