Article Title: describes how to set file permissions in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
In fact, Windows systems are similar to Linux systems. The properties of files and directories in Windows systems are read-only and hidden, while those in Linux are the same.
In Linux, each file has a specific attribute. It mainly includes two aspects: file type and file permission. There are five different types: common files, directory files, link files, device files, and MPs queue files.
The object permission refers to the access permission to the object, including reading, writing, deleting, and executing the object. Linux is a multi-user operating system that allows multiple users to log on and work simultaneously. Therefore, Linux associates a file or directory with a user or group. The Access Control List (ACL: Access Control List) provides better Access Control for computers. It is used to restrict Access to files, resources, or sockets by all users, including root users. The following is a simple setup method.
Step 1 check the system core
First, check whether the core of your Linux system supports the ACL function. Because Linux does not support ACL at the core of each version, the simplest way is to check whether the core of the system currently supports:
[Root @ mail/] # cat/boot/config-kernel-version | grep-I ext3
CONFIG_EXT3_FS = m
CONFIG_EXT3_IDEX = y
CONFIG_EXT3_FS_XATTR_SHARING = y
CONFIG_EXT3_FS_XATTR_USER = y
CONFIG_EXT3_FS_XATTR_TRUSTED = y
CONFIG_EXT3_FS_ACL = y
If you can see the above items, it indicates that the files have been compiled to the core, and the ext3 file system supports the ACL function. These functions can be found in the compilation core options. If not found at compilation, go to the official website of the ACL to install the Kernel (http://acl.bestbits.at /).
Step 2 mount a partition
You can mount a partition and enable the ACL in the following ways:
# Mount-t ext3-o acl/dev/sda1/fs1
You can also directly write it in the/etc/fstab file, so that you can support the ACL function after the boot:
# Vi/etc/fstab
Step 3. Set ACL Permissions
ACL is often set for individual users. The following are several different examples:
For example, to create three users: test1, test2, and test3, you can log on to the system as the root user and run the following command to create three usernames and passwords:
[Root @ mail root] # adduser test1
[Root @ mail root] # adduser test2
[Root @ mail root] # adduser test3
[Root @ mail root] # passwd test1
[Root @ mail root] # passwd test2
[Root @ mail root] # passwd test3
Then mount an ext3 file to the/fs1 directory:
[Root @ mail root] # mount-t ext3-o acl/dev/sda1/fs1
Then, set the read and write permissions for the files created in test1 to test2:
[Root @ mail root] # chmod-R 777/fs1
To allow all users to add permissions for files to directories:
Log on to the system with test1 and run the following command:
[Test1 @ mail test1] # cd/fs1
[Test1 @ mail fs1] # echo "Create by test1"> test1.txt
[Test1 @ mail fs1] # chmod go-r test1.txt
[Test1 @ mail fs1] # ll test1.txt
-Rw ------- 1 test1 test1 17 Jul 14 22:11 test1.txt
The following operations allow test1to have the permission to read and write test1.txt (except for root). log on to the system with test2 and run the following command:
[Test2 @ mail test2] # cd/fs1
[Test2 @ mail fs1] # cat test1.txt
Cat: test1.txt Permission denied
Log on to the system with test1 and run the following command:
[Test1 @ mail fs1] # setfacl-m u: test2: rw test1.txt
In this way, test2 is permitted to read and write the object. Let's take a look at the changes in its file attributes:
[Test1 @ mail fs1] # ll
-Rw-r -- + 1 test1 test1 10 Feb 16 13:52 test1.txt
A "+" is added to the end of the file, indicating that the file uses the ACL attribute settings. Then, run the getfacl command to view the ACL file attribute settings:
[Test1 @ mail fs1] # getfacl test1.txt
# File: test1.txt
# Owner: test1
# Group: test1
User: rw-
User: test2: rw-
Group: rw-
Mask: rw-
Other: r --
We can see that test2 has the permission to read and write this file. The content of the above articles are reproduced on the network or site member original, "Linux-cn.com does not make any guarantee for the content of the article.
Log on to the system using test2 and run the following command to check what happened?
[Test2 @ mail test2] # cd/fs1
[Test2 @ mail fs1] # cat test1.txt
Create by test1
Test2can read the test1.txt file.
[Test2 @ mail fs1] # echo "Modify by test2"> test1.txt
[Test2 @ mail fs1] # cat test1.txt
Create by test1
Modify by test2
Now test2can also modify the test1.txt file.
Log on to the system with test3:
[Test3 @ mail test3] # cd/fs1
[Test3 @ mail fs1] # cat test1.txt
Cat: test1.txt Permission denied
In addition to test110000test2, other users have the permission to read and write test1.txt (except root ).
Although a bit dizzy, the command is actually one or two, mainly to give you a clear understanding of the various situations, so that you will find in the use of Linux, compared to the vulnerable Windows permission protection, linux is really good!