课程第26次
ACL组位上的实验:# useradd student
# passwd student
Changing password for user student.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
# setfacl -mu:student:rwx1.txt.bak
# getfacl 1.txt.bak
# file: 1.txt.bak
# owner: root
# group: root
user::rw-
user:student:rwx
group::r--
mask::rwx
other::r--
# useradd visitor
# passwd visitor
Changing password for user visitor.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
# setfacl -mu:visitor:---1.txt.bak
# getfacl 1.txt.bak
# file: 1.txt.bak
# owner: root
# group: root
user::rw-
user:student:rwx
user:visitor:---
group::r--
mask::rwx
other::r--
# ls -l
total 4
-rw-rwxr--+ 1 root root 18 Jun6 08:15 1.txt.bak
# getfacl 1.txt.bak
# file: 1.txt.bak
# owner: root
# group: root
user::rw-
user:student:rwx
user:visitor:---
group::r--
mask::rwx
other::r--
# umask
0022
# ls -l
total 4
-rw-rwxr--+ 1 root root 18 Jun6 08:15 1.txt.bak
# ls
1.txt.bak
# vim 1.txt.bak
# su - visitor
$ cd /root/labs
-bash: cd: /root/labs: Permission denied
$ exit
logout
# cd ..
# mv labs/ /
mv: overwrite ‘/labs’? ^C
# rm -rf /labs
# mv labs//
# su - visitor
Last login: Tue Jun 11 08:10:48 EDT 2019 on pts/0
$ cd /labs
$ ls
1.txt.bak
$ cat 1.txt.bak
cat: 1.txt.bak: Permission denied
$ exit
logout
# su- student
$ cd /labs/
$ cat 1.txt.bak
cow
cow cow
fish
$ echo "XXXX" >> 1.txt.bak
$ ls
1.txt.bak
$ getfacl 1.txt.bak
# file: 1.txt.bak
# owner: root
# group: root
user::rw-
user:student:rwx
user:visitor:---
group::r--
mask::rwx
other::r--
$ ls -l
total 4
-rw-rwxr--+ 1 root root 23 Jun 11 08:11 1.txt.bak
$ chmod g=rw 1.txt.bak
chmod: changing permissions of ‘1.txt.bak’: Operation not permitted
$ eixt
bash: eixt: command not found...
$ exit
logout
# cd /labs
# ls
1.txt.bak
# chmod g=rw 1.txt.bak
# ls -l
total 4
-rw-rw-r--+ 1 root root 23 Jun 11 08:11 1.txt.bak
# getfacl1.txt.bak
# file: 1.txt.bak
# owner: root
# group: root
user::rw-
user:student:rwx #effective:rw-
user:visitor:---
group::r--
mask::rw-
other::r--
# ls
1.txt.bak
# mv 1.txt.bak1.sh
# ls
1.sh
# vim 1.sh
# ls
1.sh
# ./1.sh
-bash: ./1.sh: Permission denied
# chmod u+x 1.sh
# getfa
getfacl getfattr
# getfacl1.sh
# file: 1.sh
# owner: root
# group: root
user::rwx
user:student:rwx #effective:rw-
user:visitor:---
group::r--
mask::rw-
other::r--
# ./1.sh
Hello World
# su - student
Last login: Tue Jun 11 08:11:32 EDT 2019 on pts/0
$ cd /labs
$ ls
1.sh
$ ./1.sh
-bash: ./1.sh: Permission denied
$
另外一种改掩码的方法:
# getfacl 3.txt
# file: 3.txt
# owner: root
# group: root
user::rw-
group::r-x
other::r--
# ls -l
total 0
-rw-r-xr--. 1 root root 0 Jun 11 09:10 3.txt
# setfacl -m m::r 3.txt
# ls -l
total 0
-rw-r--r--+ 1 root root 0 Jun 11 09:10 3.txt
# getfacl 3.txt
# file: 3.txt
# owner: root
# group: root
user::rw-
group::r-x #effective:r--
mask::r--
other::r--
#
如果真要改group选项:
# ls
1.sh
# getfacl1.sh
# file: 1.sh
# owner: root
# group: root
user::rwx
user:student:rwx #effective:rw-
user:visitor:---
group::r--
mask::rw-
other::r--
# setfacl-m u::rw
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
Try `setfacl --help' for more information.
# setfacl-m u::rw 1.sh
# getfacl1.sh
# file: 1.sh
# owner: root
# group: root
user::rw-
user:student:rwx
user:visitor:---
group::r--
mask::rwx
other::r--
#
默认acl权限和默认掩码:
# ls -ld
drwxr-xr-x+ 3 root root 42 Jun 11 09:10 .
# setfacl-b .
# ls -ld
drwxr-xr-x. 3 root root 42 Jun 11 09:10 .
# ls -ldf
.
# ls -ld
drwxr-xr-x. 3 root root 42 Jun 11 09:10 .
# setfacl -m d:u:student:rX.
# getfacl ./
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:student:r-x
default:group::r-x
default:mask::r-x
default:other::r-x
# setfacl -m d:u:student:rwX.
# getfacl ./
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:student:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
# setfacl -m d:m::rX.
# getfacl ./
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:student:rwx #effective:r-x
default:group::r-x
default:mask::r-x
default:other::r-x
# mkdir sub2
# setfacl sub1
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
Try `setfacl --help' for more information.
# getfacl sub1
# file: sub1
# owner: root
# group: root
user::rwx
group::r-x
other::r--
# getfacl sub2
# file: sub2
# owner: root
# group: root
user::rwx
user:student:rwx #effective:r-x
group::r-x
mask::r-x
other::r-x
default:user::rwx
default:user:student:rwx #effective:r-x
default:group::r-x
default:mask::r-x
default:other::r-x
# su - student
Last login: Tue Jun 11 08:47:37 EDT 2019 on pts/0
$ cd /labs
页:
[1]