When talking about a complex permission control with a friend yesterday, I mentioned that I could try ufs2 acl. When I published the 5.0 feature, I was first interested in the various features of ufs2, especially the acl. However, it turns out that this acl is different from the kind of acl in my ideal ntfs. By the way, I think that although win2000 Server does not make me very comfortable, the ntfs permission system is indeed more powerful than ufs permission control, and Windows is not so useless. Let's talk about my experiences in the morning:
The old ufs1 has three permissions: u (ser) g (roup) o (ther), u can only be one person, g can be a group of people, and o is all others, after the ufs2 acl is applied, the u can be several persons, while g can be several groups of persons with their respective permissions.
The prerequisite for using acl is:
1, the kernel compilation with options UFS_ACL5.1-Release default kernel has been supported );
2. ufs25.x by default );
3. Declare acls during mount by modifying/etc/fstab ).
In addition, for a mounted system, you cannot use the 'mount-U' method to support acl. You must use a thorough umount to mount the system, therefore, it is a good idea to modify/etc/fstab.
Note: You can also use tunefs-a enable filesystem to make the acl always take effect, so that you do not have to add the acls parameter to each mount .)
My steps:
1. Modify/etc/fstab
# I did a test on/home.
/dev/ad0s1f /home ufs rw,acls 2 2 |
2. Restart
3. Generate a test file
4. display file attributes
Ls-l/home/root/testroot @ bsd5: /root # ls-l/home/root/test-rw-r -- 1 root wheel 0 Jun 29 13:35/home/root/test note this:-rw-rwxr -- |
5. Add an ACL.
setfacl -m u:cat:rwx,g:mail:rw /home/root/test |
6. display file attributes
ls -l /home/root/testroot@bsd5:/root# ls -l /home/root/test-rw-rwxr--+ 1 root wheel 0 Jun 29 13:38 /home/root/test |
Note this:-rw-rwxr -- +, indicating that the acl is added.
7. List ACLs
getfacl /home/root/testroot@bsd5:/root# getfacl /home/root/test#file:/home/root/test#owner:0#group:0user::rw-user:cat:rwxgroup::r--group:mail:rw-mask::rwxother::r-- |
So far, our ufs2 acl has been fully explored.
Link: http://cnfug.org/journal/systems/2004/000011.html
Related Articles]
- Application of super-level permission control in Linux
- Network-layer Access Control Technology-detailed description of ACL
- Hierarchical permission Control Using ASP