1.对分区添加一个ACL访问控制的权限和增加用户
1
2
3
|
[root@localhost ~]
# mount -o remount,acl /dev/md0 /mnt/sdb
[root@localhost ~]
# useradd user1
[root@localhost ~]
# useradd user2
|
2.关于用户对目录的权限授权
1
2
|
[root@localhost ~]
# setfacl -m u:user1:rwx /mnt/sdb
[root@localhost ~]
# setfacl -m u:user2:rx /mnt/sdb
|
3.测试是否生效
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@localhost ~]
# su - user1 --连接user1用户
[user1@localhost ~]$
cd
/mnt/sdb
[user1@localhost sdb]$
mkdir
qw --user1用户可以写入文件
[user1@localhost sdb]$
touch
1.txt
[user1@localhost sdb]$
exit
logout
[root@localhost ~]
# su - user2 --连接user2用户
[user2@localhost ~]$
cd
/mnt/sdb
[user2@localhost sdb]$
mkdir
as --不能创建目录
mkdir
: cannot create directory `as': Permission denied
[user2@localhost sdb]$
touch
2.txt --不能写入文件
touch
: cannot
touch
`2.txt': Permission denied
[user2@localhost sdb]$
|
4.查看文件是否的控制权限和取消控制权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[user2@localhost sdb]$ getfacl 1.txt --查看文件权限
# file: 1.txt
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--
[user2@localhost sdb]$ getfacl qw --查看目录权限
# file: qw
# owner: user1
# group: user1
user::rwx
group::rwx
other::r-x
[root@localhost ~]
# setfacl -x u:user1 /mnt/sdb --用-x取消权限
[root@localhost ~]
# getfacl /mnt/sdb --查看取消之后的权限
getfacl: Removing leading
'/'
from absolute path names
# file: mnt/sdb
# owner: root
# group: root
user::rwx
user:user2:r-x
group::r-x
mask::r-x
other::rwx
[root@localhost ~]
#
|
转载于:https://blog.51cto.com/hao360/1350814