The Windows system is actually similar to the Linux system, the Windows system file, the property of the directory is read, hidden, and Linux is the same.
In linux, each file has a specific property. It mainly includes two aspects of file type and file permissions. It can be divided into five different types: normal files, directory files, link files, device files, and pipeline files.
The so-called file permissions refer to access to files, including reading, writing, deleting, executing files. Linux is a multi-user operating system that allows multiple users to log in and work at the same time. So Linux linked a file or directory with a user or group. Access Control List (ACL: Access Control List provides better access control, which limits all users including files, resources, or sockets including the root user. Let's teach you a simple setting method.
Step 1 Check the system core
First check whether the core of your Linux system has the ability to support the ACL. Because the Linux system is not the core of each version, the easiest way is to check whether the current core can support:
[root @ mail /] # cat / boot / config-kernel-version | grep -i ext3
Config_ext3_fs = m
Config_ext3_idEx = y
Config_ext3_fs_xattr_sharing = Y
Config_ext3_fs_xattr_user = Y
Config_ext3_fs_xattr_trusted = Y
Config_ext3_fs_acl = y
At this point, if you can see the above, the EXT3 file system has supported the ACL function, which can be found in the compilation core option. If you can't find it, you can install kernel (http://acl.bestbits.at/).
Step 2 Mount partition
You can mount partitions in the following ways and enable ACL:
#mount -t ext3 -O ACL / DEV / SDA1 / FS1
You can also write directly in the / etc / fstab file, so you can support the ACL function after boot:
#VI / ETC / FSTAB
Step 3 Set ACL Permissions
ACLs often set for individual users, below is a number of different examples:
For example, you need to create TEST1, TEST2, TEST3 three users, you can log in to the system as a root, then do the following commands, create three usernames and passwords, respectively:
[root @mail root] #adduser test1
[root @mail root] #adduser test2
[root @mail root] #adduser test3
[root @mail root] #passwd test1
[root @mail root] #passwd test2
[root @mail root] #passwd test3
Then Mount an EXT3 file to the directory / FS1:
[root @mail root] #mount -t ext3 -o acl / dev / sda1 / fs1
Set the files established by Test1 to the permission to read and write to Test2:
[root @mail root] #CHMOD -R 777 / FS1
Let all users add files to the directory:
First log in to the system with Test1, execute the command:
[TEST1 @ mail test1] # CD / fs1
[TEST1 @ Mail FS1] # echo "create by test1"> test1.txt
[TEST1 @ Mail FS1] # chmod go-r test1.txt [test1 @ mail fs1] # ll test1.txt
-rw ------- 1 Test1 Test1 17 Jul 14 22:11 Test1.txt
The following operations can make others do not read the permissions of Test1.txt except for Test1, except for the TEST2 login system, execute the following command:
[TEST2 @ mail test2] # CD / fs1
[TEST2 @ Mail FS1] # cat test1.txt
Cat: Test1.txt Permission Denied Denied Denied
Then use the Test1 to log in to the system, execute the following command:
[TEST1 @ Mail FS1] # setfacl -m u: Test2: RW test1.txt
This will modify the permissions allow Test2 to have read and write permissions for this file. Take a look at its file attribute changes:
[TEST1 @ Mail FS1] # l l
-rw-rw-r - 1 test1 test1 10 Feb 16 13:52 TEST1.TXT
It will be seen that there is more " ", indicating that this file uses the ACL property setting, and then use the command getFacl to see the ACL's file property setting:
[TEST1 @ Mail FS1] # getfacl test1.txt
# file: Test1.txt
# Owner: Test1
# Group: Test1
User :: rw-
User: Test2: RW-
Group :: rw-
Mask :: rw-
Other :: r -
You can see that Test2 has permission to read and write this file.
We use the Test2 login system to perform the following command to see what happened?
[TEST2 @ mail test2] # CD / fs1
[TEST2 @ Mail FS1] # cat test1.txt
Create by Test1
It turns out that Test2 can read the TEST1.TXT file.
[TEST2 @ Mail FS1] # echo "modify by test2" >> TEST1.TXT
[TEST2 @ Mail FS1] # cat test1.txt
Create by Test1
Modify by Test2
Now Test2 can also modify the TEST1.TXT file.
Then use the TEST3 to log in to the system:
[TEST3 @ mail test3] # CD / fs1
[TEST3 @ Mail FS1] # cat test1.txt
Cat: Test1.txt Permission Denied Denied Denied
Hey, in addition to Test1, there are no other users with read and write Test1.txt (except root).
Looking at it is a little dizzy, there is such a one or two, mainly to tell you all the circumstances, so that everyone will find it in using Linux, which is really doing compared to fragile windows. Pretty good!
