The use of ACLs on the path of Linux learning and the use of commands to view users logged on on the system

Source: Internet
Author: User

We know that access to files is based on the three types of files belonging to the owner, group, and other users, and ACLs provide more detailed permission settings beyond those three. ACLs can set permissions on single users and directories and files, which is useful for special permissions. Suid and Sgid These special permissions that were mentioned earlier, but these special permissions and ACLs can set more detailed permissions on specific users than the ACLs, while Suid and Sgid are more appropriate for multiple users or a group of users.


Before we talk about the use of ACLs, let's talk about how the order in which users access the files is going.
The use of SELinux is not discussed here for the time being.

Without the use of ACLs, the user accesses the file as follows:

First, when a user accesses a file, when the user accesses the file, a corresponding process is generated, and the owner of the process is the user who initiated the file, and the group of processes is the basic group that initiates the file user (the default and the user name are the same). When the process accesses a file, it first looks at whether the owner of the process is the same as the owner of the file, and if not, whether the owner of the process is a member of a group of files (not whether the genus Group of the viewing process is the same as the group of Files ); is accessed as a different user's identity. In this case, the sequence in which the user accesses the file is:

Owner-->group-->other


If the file uses an ACL, the user accesses it like this:

First, when a user accesses a file, it checks whether the group of the process is consistent with the owner of the file, and if not, checks to see if the file has an ACL set, but at this point the user is checked for permissions on the file (user-based), and the user runs the file with a process. See whether the genus of the process is consistent with the owner of the document, and if it is still inconsistent, whether the owner of the process is a member of the genus Group of the file, and if not, checks whether the file sets an ACL based on the user group (the principle is the same as the user's Access method);

The access process is:

Owner-->facl,user-->group-->facl,group-->other


Use ACLs to set additional permissions for a file

Setfacl [-m|-x] [ug]:[username| GROUPNAME]:P erm FILE (Prem is an octal number )

-M: Set ACL

-x: Remove the ACL, Note that it is time to cancel the ACL, and do not need to add permissions.

-U: Specifies the permissions that the user has on the file

-G: Specifies the permissions that the user group has to the file

So how do you get an ACL that is already set?

Getfacl FILE



Next, we introduce several commands to see which users are logged in to the system.

WHOAMI: View active Users logged in on the current system

WHO: see which users are logged in to the system.

Terminal type:
Console: Consoles
Pty: Physical Terminal (VGA)
TTY: Virtual terminal (VGA)
TTYs: Serial Terminal
pts/#: Pseudo Terminal

Who-r: Displays the current level of system operation ( Note: Users who switch with the SU command are not logged in)

W: See who has logged in and what they are doing

Last: Displays the contents of the/var/log/wtmp file, showing the user login history and user restart history

-N #: Show recent historical information

LASTB: Displays the contents of the/vat/log/btmp file, displaying the user's error login attempt

-N #: Shows the last few errors logged in attempts

Lastlog: Displays the last time each user logged on in the system

-U USERNAME: Displays the last login time information for a specific user


Basename/path/to/somefile: Displays the base name of the path

The so-called base name is the last name of the specified path.

For example,/ETC/PASSWD's base name is passwd.



This article from the "Linux Learning Path" blog, declined reprint!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.