Shulou(Shulou.com)06/01 Report--

This article mainly explains "the permission control method of configuring Linux access control list in Linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "Linux system configuration Linux access control list access control method" it!

With Liunx with permission control, work is an easy task. It can define permissions for any user,group and other. Whether it's on a desktop or a virtual Linux instance that doesn't have many users, or when users don't want to share files between them, this is great work. However, if you are in a large organization and you run NFS or Samba services to different users, then you will need to flexibly select and set a lot of complex configurations and permissions to meet the different needs of your organization.

Linux (and other POSIX-compatible operating systems such as Unix) has a method of access control called access control list (ACL), which is a common paradigm other than permission allocation. For example, by default you need to confirm three permission groups: owner, group, and other. With ACL, you can increase permissions to other users or groups, not just simple "other" or groups where the owner does not exist. You can allow specified users A, B, and C to have write access instead of their entire group.

ACL supports a variety of Linux file systems, including ext2, ext3, ext4, XFS, Btfrs, etc. If you are not sure whether your file system supports ACL, please refer to the documentation.

Make ACL effective on the file system

First, we need to install tools to manage ACL.

In Ubuntu/Debian:

$sudo apt-get install acl

In CentOS/Fedora/RHEL:

# yum-y install acl

In Archlinux:

# pacman-S acl

For demonstration purposes, I will use the ubuntu server version, and other versions are similar.

After installing ACL, we need to activate the ACL function of our disk partition so that we can use it.

First, we check to see if the ACL function has been turned on.

$mount

You will notice that the ACL property is turned on in my root partition. In case you don't open it, you need to edit the / etc/fstab file and add the acl tag before you need to turn on the option for ACL partitions.

Now we need to remount the partition (I like a full reboot because I don't want to lose data), and if you turn on ACL for other partitions, you have to remount it as well.

$sudo mount /-o remount

Well done! Now that we have turned on ACL in our system, let's start working with it.

ACL example

The underlying ACL is managed by two commands: setfacl is used to add or modify ACL,getfacl to display the allocated ACL. Let's do some tests.

I create a directory / shared for a hypothetical user named freeuser

$ls-lh /

I want to share this directory with two other users, test and test2, one with full permissions and the other with read permissions only.

First, set the ACL for the user test:

$sudo setfacl-m u:test:rwx / shared

Now the user test is free to create folders, files and access anywhere in the / shared directory.

Now let's add read-only permissions to the user test2:

$sudo setfacl-m u:test2:rx / shared

Note that test2 requires execute (x) permission to read the directory

Let me explain the setfacl command format:

-m means to modify ACL. You can add new ones, or modify existing ACLu: to represent users. You can use g to set group permissions test user name: the permissions that rwx needs to set.

Now let me show you how to read ACL:

$ls-lh / shared

You will notice that there is an extra + tag after normal permissions. This indicates that the ACL has been set up successfully. To take a specific look at ACL, we need to run:

$sudo getfacl / shared

Finally, if you need to remove ACL:

$sudo setfacl-x u:test / shared

If you want to erase all ACL entries immediately:

$sudo setfacl-b / shared

Finally, the cp and mv commands change these settings when the ACL file or directory is set to work. In the case of cp, you need to add a "p" parameter to copy the ACL setting. If this is not feasible, it will display a warning. Mv defaults to moving the ACL setting, and if this is not feasible, it will also show you a warning.

Summary

Using ACL gives you more power and control over the files you want to share, especially on NFS/Samba services. In addition, this tool is a must if your supervisor shares the host.

At this point, I believe that everyone on the "Linux system configuration Linux access control list access control method" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.