Implementation of access control (ACL) permissions in Linux
1. Add an ACL access control permission to the partition and add users
[Root @ localhost ~] # Mount-o remount, acl/dev/md0/mnt/sdb
[Root @ localhost ~] # Useradd user1
[Root @ localhost ~] # Useradd user2
2. permission granting to directories
[Root @ localhost ~] # Setfacl-m u: user1: rwx/mnt/sdb
[Root @ localhost ~] # Setfacl-m u: user2: rx/mnt/sdb
3. Test whether it takes effect
[Root @ localhost ~] # Su-user1 -- connect to user1 user
[User1 @ localhost ~] $ Cd/mnt/sdb
[User1 @ localhost sdb] $ mkdirqw -- user1 users can write files
[User1 @ localhost sdb] $ touch1.txt
[User1 @ localhost sdb] $ exit
Logout
[Root @ localhost ~] # Su-user2 -- connect to user2 user
[User2 @ localhost ~] $ Cd/mnt/sdb
[User2 @ localhost sdb] $ mkdiras -- a directory cannot be created.
Mkdir: cannot create directory 'as': Permission denied
[User2 @ localhost sdb] $ touch2.txt -- file cannot be written
Touch: cannot touch'2.txt ': Permission denied
[User2 @ localhost sdb] $
4. Check whether the file has the control permission and cancel the control permission.
[User2 @ localhost sdb] $ getfacl 1.txt -- View File Permissions
# File: 1.txt
# Owner: user1
# Group: user1
User: rw-
Group: rw-
Other: r --
[User2 @ localhost sdb] $ getfacl qw -- view directory permissions
# File: qw
# Owner: user1
# Group: user1
User: rwx
Group: rwx
Other: r-x
[Root @ localhost ~] # Setfacl-x u: user1/mnt/sdb -- use-x to cancel Permissions
[Root @ localhost ~] # Getfacl/mnt/sdb -- view the canceled Permissions
Getfacl: Removing leading '/' from absolute path names
# File: mnt/sdb
# Owner: root
# Group: root
User: rwx
User: user2: r-x
Group: r-x
Mask: r-x
Other: rwx
[Root @ localhost ~] #
Implementation of Cisco-style ACL in Linux
Linux ACL permission planning: Use getfacl and setfacl