1、环境准备:
<code>[root@zabbix-server ~]</code><code># mkdir -p /share/wanlong</code>
<code>[root@zabbix-server ~]</code><code># groupadd IT-SUPPORT</code>
<code>[root@zabbix-server ~]</code><code># adduser wanlong1 -G IT-SUPPORT</code>
<code>[root@zabbix-server ~]</code><code># adduser wanlong2 -G IT-SUPPORT</code>
<code>[root@zabbix-server ~]</code><code># adduser wanlong3 -G IT-SUPPORT</code>
<code>[root@zabbix-server ~]</code><code># chown root:IT-SUPPORT /share/wanlong/</code>
<code>[root@zabbix-server ~]</code><code># cp /etc/passwd /share/wanlong/</code>
<code>[root@zabbix-server ~]</code><code># tail -5 /share/wanlong/passwd </code>
<code>wang5:x:1005:1007::</code><code>/home/wang5</code><code>:</code><code>/bin/bash</code>
<code>zhao6:x:1006:1008::</code><code>/home/zhao6</code><code>:</code><code>/bin/bash</code>
<code>wanlong1:x:1007:1010::</code><code>/home/wanlong1</code><code>:</code><code>/bin/bash</code>
<code>wanlong2:x:1008:1011::</code><code>/home/wanlong2</code><code>:</code><code>/bin/bash</code>
<code>wanlong3:x:1009:1012::</code><code>/home/wanlong3</code><code>:</code><code>/bin/bash</code>
2、测试过程:
<code>[root@zabbix-server ~]</code><code># ls -ld /share/wanlong/</code>
<code>drwxr-xr-x 2 root IT-SUPPORT 6 Apr 26 20:12 </code><code>/share/wanlong/</code>
<code>切换用户,测试下权限</code>
<code>[root@zabbix-server ~]</code><code># su - wanlong1</code>
<code>[wanlong1@zabbix-server ~]$ </code><code>cd</code> <code>/share/wanlong/</code>
<code>能够进入目录,说明具备X权限</code>
<code>[wanlong1@zabbix-server wanlong]$ </code><code>ls</code>
<code>passwd</code>
<code>[wanlong1@zabbix-server wanlong]$ </code><code>tail</code> <code>-5 </code><code>passwd</code>
<code>能够查看文件,说明有R的权限</code>
<code>[wanlong1@zabbix-server wanlong]$ </code><code>touch</code> <code>a.txt</code>
<code>touch</code><code>: cannot </code><code>touch</code> <code>‘a.txt’: Permission denied</code>
<code>不能新建文件,说明不具备W的权限</code>
使用getfacl查看文件夹的权限:
<code>[root@zabbix-server ~]</code><code># getfacl /share/wanlong/</code>
<code>getfacl: Removing leading </code><code>'/'</code> <code>from absolute path names</code>
<code># file: share/wanlong/</code>
<code># owner: root</code>
<code># group: IT-SUPPORT</code>
<code>user::rwx</code>
<code>group::r-x</code>
<code>other::r-x</code>
<code>drwxr-xr-x 2 root IT-SUPPORT 20 Apr 26 20:16 </code><code>/share/wanlong/</code>
<code>说明:root有可读取执行的权限,IT-SUPPORT组的成员具有读和执行的权限</code>
3、需求:给予wanlong1对/share/wanlong读、写、可执行权限
<code>[root@zabbix-server ~]</code><code># vim /etc/fstab </code>
<code>#</code>
<code># /etc/fstab</code>
<code># Created by anaconda on Thu Feb 23 22:23:27 2017</code>
<code># Accessible filesystems, by reference, are maintained under '/dev/disk'</code>
<code># See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info</code>
<code>/dev/mapper/cl-root</code> <code>/ xfs defaults,acl 0 0</code>
<code>UUID=df70cb42-4274-491a-8ae7-cbb0dcd3a60b </code><code>/boot</code> <code>xfs defaults 0 0</code>
<code>/dev/mapper/cl-home</code> <code>/home</code> <code>xfs defaults 0 0</code>
<code>/dev/mapper/cl-swap</code> <code>swap swap defaults 0 0</code>
<code>备注:在“/”目录默认的参数default后,添加“,acl”使acl规则生效</code>
<code>[root@zabbix-server ~]</code><code># mount -a</code>
<code>重新加载挂载选项</code>
<code>[root@zabbix-server ~]</code><code># setfacl -m u:wanlong1:rwx /share/wanlong/</code>
<code>user:wanlong1:rwx</code>
<code>mask::rwx</code>
<code>[wanlong1@zabbix-server wanlong]$ </code><code>touch</code> <code>james.doc</code>
<code>james.doc </code><code>passwd</code>
<code>[wanlong1@zabbix-server wanlong]$ </code><code>rm</code> <code>james.doc -rf</code>
<code>测试成功!</code>
4、补充内容:
<code>如果发现acl规则特别乱,想清理下,该如何操作</code>
<code>操作前:</code>
<code>[root@zabbix-server ~]</code><code># setfacl -b /share/wanlong/</code>
<code></code>
本文转自 冰冻vs西瓜 51CTO博客,原文链接:http://blog.51cto.com/molewan/1922066,如需转载请自行联系原作者
![1、Linux 命令行使用技巧[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)