题目要求:
现在有一个文件acl.txt
需要满足:
该文件的属主为job,属组为market
market组内的成员有读写权限,小组的组长只有读权限
这里假定组长是tony。小组成员假定只有alice。
实现:
首先创建文件acl.txt
[root@localhost ~]# cd /home
[root@localhost home]# touch acl.txt
[root@localhost home]# echo "www.rhcau.com">acl.txt
[root@localhost home]# cat acl.txt
www.rhcau.com
创建3个用户job、alice和tony和组market,将alice和tony加入到组market中
[root@localhost home]# useradd alice
[root@localhost home]# useradd job
[root@localhost home]# useradd tony
[root@localhost home]# groupadd market
[root@localhost home]# gpasswd -M alice,tony market
[root@localhost home]# chown job:market acl.txt //将该文件的属主和属组更改为job market
[root@localhost home]# ls -l
总用量 4
-rw-r--r--. 1 job market 14 1月 18 07:14 acl.txt
drwx------. 2 alice alice 62 1月 18 07:15 alice
drwx------. 2 job job 62 1月 18 07:15 job
drwx------. 2 tony tony 62 1月 18 07:15 tony
[root@localhost home]# chmod 460 acl.txt //文件权限改为460代表属主属组和其他权限-r--rw----
[root@localhost home]# ls -l
总用量 4
-r--rw----. 1 job market 14 1月 18 07:14 acl.txt
drwx------. 2 alice alice 62 1月 18 07:15 alice
drwx------. 2 job job 62 1月 18 07:15 job
drwx------. 2 tony tony 62 1月 18 07:15 tony
[root@localhost home]# getfacl acl.txt //查看文件权限
# file: acl.txt
# owner: job
# group: market
user::r--
group::rw-
other::---
[root@localhost home]# su - job //验证job用户验证是否能读文件
[job@localhost ~]$ cd /home
[job@localhost home]$ ls -l
总用量 4
-r--rw----. 1 job market 14 11月 3 18:20 acl.txt
drwx------. 2 alice alice 62 11月 3 18:20 alice
drwx------. 2 job job 62 11月 3 18:22 job
drwx------. 2 tony tony 62 11月 3 18:20 tony
[job@localhost home]$ cat acl.txt
www.rhcau.com
[job@localhost home]$ echo "www.rhcau.com" >> acl.txt
-bash: acl.txt: 权限不够 //验证结果为job用户只能读不能写
[root@localhost home]# su - alice //验证alice用户的权限
[alice@localhost ~]$ cd /home
[alice@localhost home]$ ls -l acl.txt
-r--rw----. 1 job market 14 11月 3 18:20 acl.txt
[alice@localhost home]$ cat acl.txt
www.rhcau.com
[alice@localhost home]$ echo "This is Alice" >> acl.txt
[alice@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice //验证结果为alice用户可读可写
[root@localhost home]# su - tony //验证tony用户的权限
[tony@localhost ~]$ cd /home
[tony@localhost home]$ ls -l acl.txt
-r--rw----. 1 job market 28 11月 3 18:29 acl.txt
[tony@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
[tony@localhost home]$ echo "This is tony" >> acl.txt
[tony@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
This is tony //tony用户可读可写
[root@localhost home]# setfacl -m u:tony:r acl.txt //给tony用户一个读权限
[root@localhost home]# getfacl acl.txt //重新查看该文件的权限
# file: acl.txt
# owner: job
# group: market
user::r--
user:tony:r--
group::rw-
mask::rw-
other::---
重新验证三个用户的权限,查看是否满足题目要求:
[root@localhost ~]# su - job //重新验证job权限
上一次登录:日 11月 3 18:26:31 CST 2019pts/0 上
[job@localhost ~]$ cd /home
[job@localhost home]$ ls -l acl.txt
-r--rw----+ 1 job market 41 11月 3 18:30 acl.txt
[job@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
This is tony
[job@localhost home]$ echo "job is write" >> acl.txt
-bash: acl.txt: 权限不够 //验证结果为job用户只有读权限
[root@localhost ~]# su - alice //重新验证alice权限
上一次登录:日 11月 3 18:28:26 CST 2019pts/0 上
[alice@localhost ~]$ cd /home
[alice@localhost home]$ id
uid=1000(alice) gid=1001(alice) 组=1001(alice),1004(market) 环境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[alice@localhost home]$ ls -l acl.txt
-r--rw----+ 1 job market 41 11月 3 18:30 acl.txt
[alice@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
This is tony
[alice@localhost home]$ echo "Alice is Write" >> acl.txt
[alice@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
This is tony
Alice is Write //alice有读写权限
[root@localhost ~]# su - tony //重新验证tony权限
上一次登录:日 11月 3 18:29:51 CST 2019pts/0 上
[tony@localhost ~]$ id
uid=1002(tony) gid=1003(tony) 组=1003(tony),1004(market) 环境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[tony@localhost ~]$ cd /home
[tony@localhost home]$ ls -l acl.txt
-r--rw----+ 1 job market 56 11月 3 18:36 acl.txt
[tony@localhost home]$ getfacl acl.txt
# file: acl.txt
# owner: job
# group: market
user::r--
user:tony:r--
group::rw-
mask::rw-
other::---
[tony@localhost home]$ cat acl.txt
www.rhcau.com
This is Alice
This is tony
Alice is Write
[tony@localhost home]$ echo "Tony is Write" >> acl.txt
-bash: acl.txt: 权限不够 //tony只有读权限
验证成功。