标签:getfacl
1、环境准备:
[root@zabbix-server ~]# mkdir -p /share/wanlong [root@zabbix-server ~]# groupadd IT-SUPPORT [root@zabbix-server ~]# adduser wanlong1 -G IT-SUPPORT [root@zabbix-server ~]# adduser wanlong2 -G IT-SUPPORT [root@zabbix-server ~]# adduser wanlong3 -G IT-SUPPORT [root@zabbix-server ~]# chown root:IT-SUPPORT /share/wanlong/ [root@zabbix-server ~]# cp /etc/passwd /share/wanlong/ [root@zabbix-server ~]# tail -5 /share/wanlong/passwd wang5:x:1005:1007::/home/wang5:/bin/bash zhao6:x:1006:1008::/home/zhao6:/bin/bash wanlong1:x:1007:1010::/home/wanlong1:/bin/bash wanlong2:x:1008:1011::/home/wanlong2:/bin/bash wanlong3:x:1009:1012::/home/wanlong3:/bin/bash
2、测试过程:
[root@zabbix-server ~]# ls -ld /share/wanlong/ drwxr-xr-x 2 root IT-SUPPORT 6 Apr 26 20:12 /share/wanlong/ 切换用户,测试下权限 [root@zabbix-server ~]# su - wanlong1 [wanlong1@zabbix-server ~]$ cd /share/wanlong/ 能够进入目录,说明具备X权限 [wanlong1@zabbix-server wanlong]$ ls passwd [wanlong1@zabbix-server wanlong]$ tail -5 passwd wang5:x:1005:1007::/home/wang5:/bin/bash zhao6:x:1006:1008::/home/zhao6:/bin/bash wanlong1:x:1007:1010::/home/wanlong1:/bin/bash wanlong2:x:1008:1011::/home/wanlong2:/bin/bash wanlong3:x:1009:1012::/home/wanlong3:/bin/bash 能够查看文件,说明有R的权限 [wanlong1@zabbix-server wanlong]$ touch a.txt touch: cannot touch ‘a.txt’: Permission denied 不能新建文件,说明不具备W的权限
使用getfacl查看文件夹的权限:
[root@zabbix-server ~]# getfacl /share/wanlong/ getfacl: Removing leading ‘/‘ from absolute path names # file: share/wanlong/ # owner: root # group: IT-SUPPORT user::rwx group::r-x other::r-x [root@zabbix-server ~]# ls -ld /share/wanlong/ drwxr-xr-x 2 root IT-SUPPORT 20 Apr 26 20:16 /share/wanlong/ 说明:root有可读取执行的权限,IT-SUPPORT组的成员具有读和执行的权限
3、需求:给予wanlong1对/share/wanlong读、写、可执行权限
[root@zabbix-server ~]# vim /etc/fstab # # /etc/fstab # Created by anaconda on Thu Feb 23 22:23:27 2017 # # Accessible filesystems, by reference, are maintained under ‘/dev/disk‘ # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/cl-root / xfs defaults,acl 0 0 UUID=df70cb42-4274-491a-8ae7-cbb0dcd3a60b /boot xfs defaults 0 0 /dev/mapper/cl-home /home xfs defaults 0 0 /dev/mapper/cl-swap swap swap defaults 0 0 备注:在“/”目录默认的参数default后,添加“,acl”使acl规则生效 [root@zabbix-server ~]# mount -a 重新加载挂载选项 [root@zabbix-server ~]# setfacl -m u:wanlong1:rwx /share/wanlong/ [root@zabbix-server ~]# getfacl /share/wanlong/ getfacl: Removing leading ‘/‘ from absolute path names # file: share/wanlong/ # owner: root # group: IT-SUPPORT user::rwx user:wanlong1:rwx group::r-x mask::rwx other::r-x [wanlong1@zabbix-server wanlong]$ touch james.doc [wanlong1@zabbix-server wanlong]$ ls james.doc passwd [wanlong1@zabbix-server wanlong]$ rm james.doc -rf [wanlong1@zabbix-server wanlong]$ ls passwd 测试成功!
4、补充内容:
如果发现acl规则特别乱,想清理下,该如何操作 操作前: [root@zabbix-server ~]# getfacl /share/wanlong/ getfacl: Removing leading ‘/‘ from absolute path names # file: share/wanlong/ # owner: root # group: IT-SUPPORT user::rwx user:wanlong1:rwx group::r-x mask::rwx other::r-x [root@zabbix-server ~]# setfacl -b /share/wanlong/ [root@zabbix-server ~]# getfacl /share/wanlong/ getfacl: Removing leading ‘/‘ from absolute path names # file: share/wanlong/ # owner: root # group: IT-SUPPORT user::rwx group::r-x other::r-x
本文出自 “冰冻vs西瓜” 博客,请务必保留此出处http://molewan.blog.51cto.com/287340/1922066
标签:getfacl
原文地址:http://molewan.blog.51cto.com/287340/1922066