Note: Windows systems are similar to Linux systems. The properties of files and directories in Windows systems are read-only and hidden, while those in Linux are the same.
In Linux, each file has a specific attribute. It mainly includes two aspects: file type and file permission. There are five different types: common files, directory files, link files, device files, and MPs queue files.
The object permission refers to the access permission to the object, including reading, writing, deleting, and executing the object. Linux is a multi-user operating system that allows multiple users to log on and work simultaneously. Therefore, Linux associates a file or directory with a user or group. The Access Control List (ACL: Access Control List) provides better Access Control for computers. It is used to restrict Access to files, resources, or sockets by all users, including root users. The following is a simple setup method.
Step 1 check the system core
First, check whether the core of your Linux system supports the ACL function. Because Linux does not support ACL at the core of each version, the simplest way is to check whether the core of the system currently supports:
[root@mail /]# cat /boot/config-kernel-version | grep -i ext3CONFIG_EXT3_FS=mCONFIG_EXT3_IDEX=yCONFIG_EXT3_FS_XATTR_SHARING=yCONFIG_EXT3_FS_XATTR_USER=yCONFIG_EXT3_FS_XATTR_TRUSTED=yCONFIG_EXT3_FS_ACL=y |
If you can see the above items, it indicates that the files have been compiled to the core, and the ext3 file system supports the ACL function. These functions can be found in the compilation core options. If not, go to the official website of ACL to install Kernel (acl. bestbits. /).
Step 2 mount a partition
You can mount a partition and enable the ACL in the following ways:
#mount -t ext3 -o acl /dev/sda1 /fs1 |
You can also directly write it in the/etc/fstab file, so that you can support the ACL function after the boot:
Step 3. Set ACL Permissions
ACL is often set for individual users. The following are several different examples:
For example, to create three users: test1, test2, and test3, you can log on to the system as the root user and run the following command to create three usernames and passwords:
[root@mail root]#adduser test1[root@mail root]#adduser test2[root@mail root]#adduser test3[root@mail root]#passwd test1[root@mail root]#passwd test2[root@mail root]#passwd test3 |
Then mount an ext3 file to the/fs1 directory:
[root@mail root]#mount -t ext3 -o acl /dev/sda1 /fs1 |
Then, set the read and write permissions for the files created in test1 to test2:
[root@mail root]#chmod -R 777 /fs1 |
To allow all users to add permissions for files to directories:
Log on to the system with test1 and run the following command:
[test1@mail test1]# cd /fs1[test1@mail fs1]# echo "Create by test1" > test1.txt[test1@mail fs1]# chmod go-r test1.txt[test1@mail fs1]# ll test1.txt-rw------- 1 test1 test1 17 Jul 14 22:11 test1.txt |
The following operations allow test1to have the permission to read and write test1.txt (except for root). log on to the system with test2 and run the following command:
[test2@mail test2]# cd /fs1[test2@mail fs1]# cat test1.txtcat : test1.txt Permission denied |
Log on to the system with test1 and run the following command:
[test1@mail fs1]# setfacl -m u:test2:rw test1.txt |
