Shulou(Shulou.com)06/01 Report--

How to implement document multi-tenant management using Linux? In response to this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more small partners who want to solve this problem find a simpler and easier way.

Create account information

groupadd microsoft ; add group

useradd -G microsoft justmine001; Add an account and join a microsoft group

useradd -G microsoft justmine002; Add an account and join a microsoft group

View account attributes

id justmine001;

id justmine002;

Building environment

Create a development directory

mkdir -p /microsoft/eshop

query

ll -d /microsoft/eshop

Set traditional permissions

As can be seen from the above figure, the owner and group of the development directory are root, and the permission is rwxr-xr-x, so justmine001 and justmine002 can look up (ls) and enter (cd) the directory, but they cannot create files in the directory.

First, set the directory group to microsoft, and second, no one else has any permissions on the directory, so set permissions to 770. If you don't understand, please read the previous article for a detailed explanation of Linux documentation attributes, owners, groups, permissions, differences

chgrp microsoft /microsoft/eshop; assign groups

chmod 770 /microsoft/eshop; set permissions

First test the permissions of the justmine account (others), as follows:

Others cannot access ls and cd into this directory, which has had the desired effect.

Test justmine001 and justmine002 accounts in the same group and create files again, as follows:

To show off, I cut off the whole process of file creation permissions from denial to permission!!!

As you can see above, the owners and groups of the files test and test1 are justmine001 and justmine002 respectively. Although the user justmine001 can delete the file test1 created by justmine002 (the control range of directory permissions), he cannot edit it (the control range of file permissions). So what should I do? I still can't finish the collaborative work. The first method is that we set the file test1 permissions to 777, so that the file is readable, writable, and editable to anyone, plus the control of directory permissions, and others cannot access the file test1. The second approach, changing the file groups they create to microsoft, which also enables collaborative work, seems realistic. However, every time the administrator had to do this, wouldn't it be too much trouble for him? How embarrassing, hehe. As the saying goes, there must be a way out of the driveway. Using Linux special permissions SGID can perfectly realize that files created by any account under the same group have the same group microsoft(for details, please read: Understanding the default security mechanism of Linux documentation, hidden attributes, special permissions).

Note: Linux document permissions are controlled from level to level, so any prerequisite for reading, writing, and editing files is to have permission to enter the directory to which the file belongs.

Set special permissions

Set SGID permissions for directory/microsoft/eshop

chmod 2770 /microsoft/eshop

Use justmine002 account to create a file and query file permissions:

Linux is a free-to-use and freely distributed UNIX-like operating system, is a POSIX-based multi-user, multitasking, multi-threaded and multi-CPU operating system, using Linux to run major Unix tools, applications and network protocols.

About how to use Linux to achieve document multi-tenant management questions to share here, I hope the above content can be of some help to everyone, if you still have a lot of doubts not solved, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.