Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the methods of restricting user access in Linux". In daily operation, I believe that many people have doubts about the methods of restricting user access in Linux. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "what are the methods of restricting user access in Linux?" Next, please follow the editor to study!

Now you need to restrict a user's access to a specific directory / file, or limit a user's access to a directory / file. In reality, you can still encounter such a need, for example, there are multiple loggable users under ubuntu. By default, the working directory of user A (usually / home/A) is readable to any other user, but user A may not want other users (or a particular user) to read A's files.

Here are three solutions.

The first: use chmod to change the permissions of a specific directory. This can restrict access to specific directories by some people, and the goal of limiting one user can also be achieved, but it will accidentally hurt other users.

The second: use a linux container, such as lxc. It takes a lot of space, so it's a little troublesome to set up.

Third, use the setfacl command to set access control.

Among them, the third scheme is the most in line with the requirements. This article mainly talks about the specific implementation of the scheme and tests it on my own book. My system is Linux Mint 15 64-bit, and the root directory / uses the ext4 file system and / home uses the btrfs file system.

Install acl

The code is as follows:

Sudo apt-get install acl

Some sources said that the system should be restarted, but during the test, I found that this had already been installed before (I don't know if Mint brought it or I installed it randomly), and it still works without reboot.

Use setfacl

Execute the following command as root:

The code is as follows:

# mkdir / home/test

# touch / home/test/foo.txt

# vim / home/test/foo.txt

# ls-ld / home/test/

Drwxr-xr-x 1 root root 14 Jan 16 09:46 / home/test/

# ls-ld / home/test/foo.txt

-rw-r--r-- 1 root root 6 Jan 16 09:46 / home/test/foo.txt

The above command creates the directory test under the / home directory, the file foo.txt under the test directory, and casually adds something under foo.txt. Then access foo.txt as a normal user letian, and you can read foo.txt.

Now run setfacl as root, making the / home/test directory and its files and directories inaccessible to letian.

The code is as follows:

# setfacl-R-Muvvu letianlu-/ home/test/

-R indicates recursion,-m indicates modification, and uhome/test letian-indicates that the user (user) letian does not have any permissions on / home/test. You can add r, w, x and their combinations as needed. Let's look at the details of the test directory:

The code is as follows:

# ls-ld / home/test/

Drwxr-xr-x+ 1 root root 14 Jan 16 09:46 / home/test/

A + sign appears after the file permission, indicating that the file or directory has ACL set. The permission information of foo.txt will also be followed by a + sign. Then, access the directory as letian:

The code is as follows:

$ls / home/test

Ls: cannot open directory / home/test: Permission denied

Use getfacl

Getfacl is used to view the acl set for a directory / file.

The code is as follows:

$getfacl / home/test

# file: / home/test

# owner: root

# group: root

User::rwx

User:letian:

Group::r-x

Mask::r-x

Other::r-x

Delete a set acl

The code is as follows:

# setfacl-b / home/test/

# getfacl / home/test

# file: / home/test

# owner: root

# group: root

User::rwx

Group::r-x

Other::r-x

At this point, the study on "what are the ways to restrict user access in Linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.