1.对分区添加一个ACL访问控制的权限和增加用户
1 2 3 | [root@localhost ~] # mount -o remount,acl /dev/md0 /mnt/sdb [root@localhost ~] # useradd user1 [root@localhost ~] # useradd user2 |
2.关于用户对目录的权限授权
1 2 | [root@localhost ~] # setfacl -m u:user1:rwx /mnt/sdb [root@localhost ~] # setfacl -m u:user2:rx /mnt/sdb |
3.测试是否生效
1 2 3 4 5 6 7 8 9 10 11 12 13 | [root@localhost ~] # su - user1 --连接user1用户 [user1@localhost ~]$ cd /mnt/sdb [user1@localhost sdb]$ mkdir qw --user1用户可以写入文件 [user1@localhost sdb]$ touch 1.txt [user1@localhost sdb]$ exit logout [root@localhost ~] # su - user2 --连接user2用户 [user2@localhost ~]$ cd /mnt/sdb [user2@localhost sdb]$ mkdir as --不能创建目录 mkdir : cannot create directory `as': Permission denied [user2@localhost sdb]$ touch 2.txt --不能写入文件 touch : cannot touch `2.txt': Permission denied [user2@localhost sdb]$ |
4.查看文件是否的控制权限和取消控制权限
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [user2@localhost sdb]$ getfacl 1.txt --查看文件权限 # file: 1.txt # owner: user1 # group: user1 user::rw- group::rw- other::r-- [user2@localhost sdb]$ getfacl qw --查看目录权限 # file: qw # owner: user1 # group: user1 user::rwx group::rwx other::r-x [root@localhost ~] # setfacl -x u:user1 /mnt/sdb --用-x取消权限 [root@localhost ~] # getfacl /mnt/sdb --查看取消之后的权限 getfacl: Removing leading '/' from absolute path names # file: mnt/sdb # owner: root # group: root user::rwx user:user2:r-x group::r-x mask::r-x other::rwx [root@localhost ~] # |