Use the new Linux kernel function Configuration File ACL-general Linux technology-Linux programming and kernel information. For more information, see the following. If Unix is used, Access Control List (ACL) is not unfamiliar. In the Linux 2.4 kernel, ACL exists as a patch, and in the new 2.6 kernel, it is already part of the standard kernel.
The traditional Unix ACL can only set permissions for users, groups, and others for files, that is, the common permissions such as 755 and 644. If you want to cross-define several different groups of user access permissions for a file, for example, tom, mary, tony, and Todd belong to different groups, and a file wants mary and tony to be read-only, tom and Todd can be written, and other users cannot access them. This requirement cannot be implemented using the traditional Unix ACL.
The ACL in the Linux 2.6 kernel is designed to meet similar requirements. It can easily configure the access permissions of any user and group for the file.
To use the ACL function, you must first compile the 2.6 kernel correctly and ensure that the following options are available:
CONFIG_EXT2_FS_POSIX_ACL = y
CONFIG_EXT3_FS_POSIX_ACL = y
CONFIG_FS_POSIX_ACL = y
After the new kernel is started, you must add the required parameter "acl" when mounting the partition ".
Mount-t ext3-o rw,
Acl/dev/hda8/your_mount_point
Or Add the following lines to/etc/fstab to automatically mount the partition with the "acl" parameter.
/Dev/hda8 ext3/your_mount_point defaults,
Acl 1 1
After the file system is correctly mounted, you can use the ACL command to modify the ACL attribute of the file. Commands for modifying ACL attributes include setfacl, getfacl, and chacl. chacl is a sgi irix-compatible command. It is mainly applicable to users who are familiar with sgi irix and XFS file systems. This document only describes the setfacl and getfacl commands. The usage is as follows:
1. The file 1.txt can be read and written by user test.
Setfacl-m u: test: rw 1.txt
2.make sure that the file 1.txt can be read by members of the qmail group, but cannot be written.
Setfacl-m g: qmail: r 1.txt
3.copy the aclcategory of a file to another file, for example, to 2.txt for the aclcategory of file 1.txt:
Getfacl 1.txt | setfacl-set-file =-2.txt
4. Set permissions for different users or groups of files at the same time.
For example, testmail users can read and write files 2.txt, qmail group members can read and execute files, and nofiles group members can execute:
View man page to get more detailed usage of the setfact and getfacl commands.
In the work of the system administrator, the biggest difficulty encountered is not a difficult kernel problem, nor a problem such as Apache server configuration, but a problem of controlling file access permissions. The supervisor often puts forward very special requirements, and permission configuration is often specific to people, which is very difficult to implement in the Configuration File Server Samba, using the new ACL (Access Control List) function in the 2.6 kernel, the problem is solved.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.