Facl and Linux Endpoints

File access Control List

ACL: In layman's terms, set permissions on a file for a specific user or group of users specified

Facl:filesystem Access Control List

Save additional access control permissions with file extensions

The general permissions are applied in the following order: Owner→group→other

The permissions applied after setting Facl are: Owner→facl ' User→group→facl ' Group→other

# setfacl [parameters] FILE (add or modify ACL permissions)

-R: Recursive (Facl to existing files in the directory)

-M: Set ACL permissions for a file

U:uid:mode (set user as MODE permission)

G:gid:mode (set group as MODE permission)

D:u:uid:mode (Sets the default Access control list for the directory , with this default facl for the newly created sub-files)

D:g:gid:mode (Sets the default Access control list for the directory , with this default facl for the newly created sub-files)

-X: Remove the specified ACL permissions

U:uid

G:gid

-B: Remove all ACL permissions

-K: Remove default ACL permissions

# Getfacl file (shows ACL permission rules for files)

Mask: The maximum effective permission that is used to control the maximum permissions. If the user is given ACL permissions, need and mask permission to get the user's true permissions, modify the maximum effective permissions mask:# setfacl-m M:mode FILE

some commands :

# WhoAmI (shows who the user is currently logged on to the system)

# who (shows which users are logged on to the current system)

-R: Displays the current run level and the last run level

-H: Show header "NAME line User Login terminal time COMMENT comment "

Terminal: Physical device (telnet, local login)

Terminal type:

Console: A console that connects directly to a physical device on the host computer (directly attached to the current physical hardware device installed on this Linux) monitor and keyboard. The console is not a terminal, it is just a display interface that directly connects to a hardware device

Pty: Physical terminal (VGA card, i.e. video card)

tty#: Virtual terminal, usually attached to a physical terminal, and in conjunction with the virtual implementation of software, usually in the local (VGA)

ttys#: Serial Terminal

pts/#: Pseudo terminal (#代表第 # terminal)

! Su-user, not logged in user

# W (show users who are logged in to the system and display their detailed work information, more detailed than WHO)

USER TTY [email protected] IDLE jcpu PCPU what

# Last (show/var/log/wtmp file, display user login history and system restart information)

-N #: Show recent # Times related information

# Lastb (show/var/log/btmp file, display user error login attempt)

-N #: Show only recent # attempts to sign in

# Lastlog (displays the last successful login information for each user)

-U USERNAME: Display recent login information for a specific user

# basename (displays the base name of the file or path)

$: Script path and name when executing script

# Mail (mail)

-S Message header

</<<: Sending messages using input redirection

# hostname (displays the host name of the current host, with Echo $HOSTNAME)

# Sleep N (sleep n seconds)

# echo $RANDOM (Generate random number)

random:0-32768

Random number generator: Entropy pool

/dev/random is more secure, but when the entropy pool is empty, it stops waiting for random numbers to fill the entropy pool, blocking the user process

/dev/urandom is better, the entropy pool is used to simulate the generation of random numbers by software, and the user process is not blocked.

Facl and Linux Endpoints