Linux中读写权限
来源:互联网 发布:关之琳 知乎 编辑:程序博客网 时间:2024/06/06 00:58
learn the auth of Linux.
Generally, r-x
w: write , modify and delete -2
r: read -4
x: execute -1
A file has 3 auth show:
-owner
-group
-other
当时用sudo的时候表示使用root用户的身份,因此,新建的文件或者dir都是root用户的而不是你自己的。这时,自己反而没有权限:
我sudo创建了文件,然后想要修改的时候说没有权限。在脚本中,>输出这个命令就无法执行了。
the owner has the 7 with the file, group useually 5, other 5. If I don't want others read the file , just chmod 750, but there is a problem: how can the specific person get the auth?
That is I want someone or a specific group get the auth of a file but others can't. Then, the ACL is do this.
1.Auth to specificer
The following show auth to dir for user:st
//create a dir named project
mkdir project
chmod 770 project/
//add two uers to tgroup
useradd bimm
useradd cangls
groupadd tgroup
gpasswd -a bimm tgroup
gpasswd -a cangls tgroup
chown root:tgroup project/
//auth to user:st
useradd st
setfacl -m u:st:rx project/
//then the ll show +
[root@bogon temp]# ll -d project/
drwxrwx---+ 2 root tgroup 16 5月 14 21:14 project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
user:st:r-x
group::rwx
mask::rwx
other::---
//auth to group:tgroup2
[root@bogon temp]# setfacl -m g:tgroup2:rwx project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
user:st:r-x
group::rwx
group:tgroup2:rwx
mask::rwx
other::---
2.change mask, the top effective auth
when auth to someone or somegroup by setfacl with a auth like rwx, it will &mask to get their auth.For instance, if
setfacl -m u:st:rw project
, and the project's auth is r-x, then, the auth of user:st to project is r--. Howerver, we can also change the mask:
[root@bogon temp]# setfacl -m u:st:rw project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
user:st:rw-
group::rwx
group:tgroup2:rwx
mask::rwx
other::---
[root@bogon temp]# setfacl -m m:r-x project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
user:st:rw- #effective:r--
group::rwx #effective:r-x
group:tgroup2:rwx #effective:r-x
mask::r-x
other::---
3.delete ACL
-x u:st file(s) , --remove=acl remove entries from the ACL(s) of file(s)
-b file(s) , --remove-all remove all extended ACL entries
[root@bogon temp]# setfacl -x u:st project/
[root@bogon temp]# setfacl -x g:tgroup2 project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
group::rwx
mask::rwx
other::---
4.recursive set ACL and default ACL for dir
if you do it as step2, you just set ACL to the specify dir, not works with the sub-file of the dir.
if you want to do the same with the sub-file, set option -R
[root@bogon temp]# touch project/abc
[root@bogon temp]# ll project/abc
-rw-r--r-- 1 root root 0 5月 14 21:14 project/abc
[root@bogon temp]# ll -d project/
drwxrwx--- 2 root tgroup 16 5月 14 21:14 project/
[root@bogon temp]# setfacl -m u:st:rx project/
[root@bogon temp]# ll -d project/
drwxrwx---+ 2 root tgroup 16 5月 14 21:14 project/
[root@bogon temp]# setfacl -m u:st:rx project/
[root@bogon temp]# getfacl project/
# file: project/
# owner: root
# group: tgroup
user::rwx
user:st:r-x
group::rwx
mask::rwx
other::---
[root@bogon temp]# getfacl project/abc
# file: project/abc
# owner: root
# group: root
user::rw-
group::r--
other::r--
//-R just work with the exists files, but new file doesn't
[root@bogon temp]# setfacl -m u:st:rx -R project/
[root@bogon temp]# getfacl project/abc
# file: project/abc
# owner: root
# group: root
user::rw-
user:st:r-x
group::r--
mask::r-x
other::r--
[root@bogon temp]# touch project/newabc
[root@bogon temp]# getfacl project/newabc
# file: project/newabc
# owner: root
# group: root
user::rw-
group::r--
other::r--
You can see -R dosen't work with new file, if you want the new sub-file also has the auth, use the default ACL by orption d:
[root@bogon temp]# setfacl -m d:u:st:rx project/
[root@bogon temp]# getfacl project/newabc
# file: project/newabc
# owner: root
# group: root
user::rw-
group::r--
other::r--
[root@bogon temp]# touch project/newabc2
[root@bogon temp]# getfacl project/newabc2
# file: project/newabc2
# owner: root
# group: root
user::rw-
user:st:r-x #effective:r--
group::rwx #effective:rw-
mask::rw-
other::---
-R for the exists and d: for the future.
5.setUID
[root@bogon temp]# ll /usr/bin/passwd
-rwsr-xr-x. 1 root root 27832 6月 10 2014 /usr/bin/passwd
s表示用户在执行时暂时获得文件owner的权限,因为passwd会操作shadow,而只有root才有shadow权限,因此需要在用户运行passwd的时候有权力写入shadow。
要求该文件必须是可执行文件。
0 0
- Linux中读写权限
- linux 文件读写权限
- Linux文件读写权限
- Linux读写权限解析
- 在Linux系统中如何修改文件夹读写权限
- Linux/stat.h 读写权限
- linux 设置读写执行权限
- 关于linux 下的 读写权限
- linux下java设置文件读写权限
- linux更改文件夹所有者和读写权限
- linux更改文件夹所有者和读写权限
- Linux目录读写和可执行权限
- linux中权限问题
- linux中关于权限
- Linux中权限
- Linux内核中读写文件
- linux内核中读写文件
- linux内核中读写文件
- Linux环境下的make和Makefile 详解(一)
- java读写file
- 不在 sudoers 文件中。此事将被报告。
- Android好用的轮播图控件
- Linux中解析json---jq
- Linux中读写权限
- camel7
- learn shell
- # 欢迎使用Markdown编辑器写博客
- Linux中mongodb安装和导出为json
- AWS CLI使用s3
- Tomcat创建HTTPS访问,java访问https
- swift3.0 关于字符串
- Spring-Boot - 初步搭建