ACL permissions and Special permissions setuid, Setgid management use

Source: Internet
Author: User

ACL Permissions:

1. Introduction to ACL Permissions

For example, we create a new file directory as an internal learner's upload and access directory, then this file directory of three identities:
First, the owner must have RWX permissions on this directory,
Then we add our internal students to this directory of the group, so that the permissions of the group is also rwx, so that the internal students can be in the directory to upload the download or new editing belongs to their own files.
And the third identity is the other person, that is, outside the students, we can not let other people have any authority, that is-.
Then finally, the permissions for this project's directory are 770.

However, there is a special case, that is, there is a trial listening to students, because not the internal students but also need to audition, so we give him the authority should be r-x. This means that only read and Execute permissions, and no write permissions.

So the question arises, which group should we put this audition user into? In the owners ' group? Certainly not, belong to the group also can not, and put to other people there is no authority, if the other people to change to r-x, then other people will be able to enter this directory, so also not allowed.

Of course, we can create a new audition group for audition students, but where will the audition group go? A directory can not have four user identities ah. There are only three, so it's still not working.

So, in this case, the three identities in our catalogue are not enough. Finally, there is a very special permission to solve this problem, that is, ACL permissions.

ACL permissions ignore three identities for a file or directory, that is, I have ACL permissions and I can not belong to any of the identities, not the owner or the group or others. It's a separate identity, and then you can add the permissions I want to this identity individually.
Can be understood as an identity that can edit permissions individually.

2. Check if the ACL is turned on

#dumpe2fs-H/dev/sda5

The DUMPE2FS command is a command that queries the specified partition detail file system Information

Options:

-H displays only the information in the Super block, not the details of the disk block group


First df-h look at the partition situation, in the DUMPE2FS command to see if the partition to open ACL permissions

650) this.width=650; "src=" http://cdn.ql2015.cn/15101601.png?imageView2/2/w/559/h/216 "alt=" dumpe2fs command "/>


3, ACL permission to open

1> temporarily turn on ACL permissions

#mount-O remount,acl/

Re-mount the root partition and mount the Add ACL permission

Temporary effect, failure after restart

2> permanently turn on ACL permissions

#vim/etc/fstab

UUID=ABD180D8-5624-456B-9B3A-A9E8008486C4/EXT4 Defaults,acl 1 1

**uuid and/both devices and partitions for which you want to add ACL permissions are changed

#mount-O remount/

Then re-mount the root partition and reboot the system for the changes to take effect

* * can also not restart the system to take effect, use the Source/etc/fstab command to refresh the configuration file to take effect


4. View and set file ACL permissions

1> View ACL commands

# GETFACL file name

View ACL permissions for a file

2> Set ACL Permissions command

# setfacl Option file name

Options:

-M Set ACL permissions

-X Deletes the specified ACL permissions

-B Remove All ACL permissions

-D Set Default ACL permissions

-K Remove Default ACL permissions

-R recursively Set ACL permissions



* * Set ACL permissions for the user

# setfacl-m U:zhangsan:rw/tmp/test

Give the user Zhang San the RW permission on the/tmp/test directory, in the format u: User name: Assigned permissions

* * Set permissions for user groups

# setfacl-m G:student:rwx/tmp/test

Give rwx permissions to the student group in the/tmp/test directory, in the form G: Group name: Granted permissions





ACL permissions and Special permissions setuid, Setgid management use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.