Bo's Oracle Station

查看: 1965|回复: 0

课程第26次

[复制链接]

75

主题

115

帖子

2772

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
2772
发表于 2019-6-11 20:23:16 | 显示全部楼层 |阅读模式
ACL组位上的实验:
  1. [root@station60 labs]# useradd student
  2. [root@station60 labs]# passwd student
  3. Changing password for user student.
  4. New password:
  5. BAD PASSWORD: The password contains the user name in some form
  6. Retype new password:
  7. passwd: all authentication tokens updated successfully.
  8. [root@station60 labs]# setfacl -m  u:student:rwx  1.txt.bak
  9. [root@station60 labs]# getfacl 1.txt.bak
  10. # file: 1.txt.bak
  11. # owner: root
  12. # group: root
  13. user::rw-
  14. user:student:rwx
  15. group::r--
  16. mask::rwx
  17. other::r--

  18. [root@station60 labs]# useradd visitor
  19. [root@station60 labs]# passwd visitor
  20. Changing password for user visitor.
  21. New password:
  22. BAD PASSWORD: The password contains the user name in some form
  23. Retype new password:
  24. Sorry, passwords do not match.
  25. New password:
  26. BAD PASSWORD: The password contains the user name in some form
  27. Retype new password:
  28. Sorry, passwords do not match.
  29. New password:
  30. BAD PASSWORD: The password contains the user name in some form
  31. Retype new password:
  32. passwd: all authentication tokens updated successfully.
  33. [root@station60 labs]# setfacl -m  u:visitor:---  1.txt.bak
  34. [root@station60 labs]# getfacl 1.txt.bak
  35. # file: 1.txt.bak
  36. # owner: root
  37. # group: root
  38. user::rw-
  39. user:student:rwx
  40. user:visitor:---
  41. group::r--
  42. mask::rwx
  43. other::r--

  44. [root@station60 labs]# ls -l
  45. total 4
  46. -rw-rwxr--+ 1 root root 18 Jun  6 08:15 1.txt.bak
  47. [root@station60 labs]# getfacl 1.txt.bak
  48. # file: 1.txt.bak
  49. # owner: root
  50. # group: root
  51. user::rw-
  52. user:student:rwx
  53. user:visitor:---
  54. group::r--
  55. mask::rwx
  56. other::r--

  57. [root@station60 labs]# umask
  58. 0022
  59. [root@station60 labs]# ls -l
  60. total 4
  61. -rw-rwxr--+ 1 root root 18 Jun  6 08:15 1.txt.bak
  62. [root@station60 labs]# ls
  63. 1.txt.bak
  64. [root@station60 labs]# vim 1.txt.bak
  65. [root@station60 labs]# su - visitor
  66. [visitor@station60 ~]$ cd /root/labs
  67. -bash: cd: /root/labs: Permission denied
  68. [visitor@station60 ~]$ exit
  69. logout
  70. [root@station60 labs]# cd ..
  71. [root@station60 ~]# mv labs/ /
  72. mv: overwrite ‘/labs’? ^C
  73. [root@station60 ~]# rm -rf /labs
  74. [root@station60 ~]# mv labs/  /
  75. [root@station60 ~]# su - visitor
  76. Last login: Tue Jun 11 08:10:48 EDT 2019 on pts/0
  77. [visitor@station60 ~]$ cd /labs
  78. [visitor@station60 labs]$ ls
  79. 1.txt.bak
  80. [visitor@station60 labs]$ cat 1.txt.bak
  81. cat: 1.txt.bak: Permission denied
  82. [visitor@station60 labs]$ exit
  83. logout
  84. [root@station60 ~]# su  - student
  85. [student@station60 ~]$ cd /labs/
  86. [student@station60 labs]$ cat 1.txt.bak
  87. cow
  88. cow cow
  89. fish
  90. [student@station60 labs]$ echo "XXXX" >> 1.txt.bak
  91. [student@station60 labs]$ ls
  92. 1.txt.bak
  93. [student@station60 labs]$ getfacl   1.txt.bak
  94. # file: 1.txt.bak
  95. # owner: root
  96. # group: root
  97. user::rw-
  98. user:student:rwx
  99. user:visitor:---
  100. group::r--
  101. mask::rwx
  102. other::r--

  103. [student@station60 labs]$ ls -l
  104. total 4
  105. -rw-rwxr--+ 1 root root 23 Jun 11 08:11 1.txt.bak
  106. [student@station60 labs]$ chmod g=rw 1.txt.bak
  107. chmod: changing permissions of ‘1.txt.bak’: Operation not permitted
  108. [student@station60 labs]$ eixt
  109. bash: eixt: command not found...
  110. [student@station60 labs]$ exit
  111. logout
  112. [root@station60 ~]# cd /labs
  113. [root@station60 labs]# ls
  114. 1.txt.bak
  115. [root@station60 labs]# chmod g=rw 1.txt.bak
  116. [root@station60 labs]# ls -l
  117. total 4
  118. -rw-rw-r--+ 1 root root 23 Jun 11 08:11 1.txt.bak
  119. [root@station60 labs]# getfacl  1.txt.bak
  120. # file: 1.txt.bak
  121. # owner: root
  122. # group: root
  123. user::rw-
  124. user:student:rwx                #effective:rw-
  125. user:visitor:---
  126. group::r--
  127. mask::rw-
  128. other::r--

  129. [root@station60 labs]# ls
  130. 1.txt.bak
  131. [root@station60 labs]# mv 1.txt.bak  1.sh
  132. [root@station60 labs]# ls
  133. 1.sh
  134. [root@station60 labs]# vim 1.sh
  135. [root@station60 labs]# ls
  136. 1.sh
  137. [root@station60 labs]# ./1.sh
  138. -bash: ./1.sh: Permission denied
  139. [root@station60 labs]# chmod u+x 1.sh
  140. [root@station60 labs]# getfa
  141. getfacl   getfattr
  142. [root@station60 labs]# getfacl  1.sh
  143. # file: 1.sh
  144. # owner: root
  145. # group: root
  146. user::rwx
  147. user:student:rwx                #effective:rw-
  148. user:visitor:---
  149. group::r--
  150. mask::rw-
  151. other::r--

  152. [root@station60 labs]# ./1.sh
  153. Hello World
  154. [root@station60 labs]# su - student
  155. Last login: Tue Jun 11 08:11:32 EDT 2019 on pts/0
  156. [student@station60 ~]$ cd /labs
  157. [student@station60 labs]$ ls
  158. 1.sh
  159. [student@station60 labs]$ ./1.sh
  160. -bash: ./1.sh: Permission denied
  161. [student@station60 labs]$
复制代码
另外一种改掩码的方法:

  1. [root@station60 sub1]# getfacl 3.txt
  2. # file: 3.txt
  3. # owner: root
  4. # group: root
  5. user::rw-
  6. group::r-x
  7. other::r--

  8. [root@station60 sub1]# ls -l
  9. total 0
  10. -rw-r-xr--. 1 root root 0 Jun 11 09:10 3.txt
  11. [root@station60 sub1]# setfacl -m m::r 3.txt
  12. [root@station60 sub1]# ls -l
  13. total 0
  14. -rw-r--r--+ 1 root root 0 Jun 11 09:10 3.txt
  15. [root@station60 sub1]# getfacl 3.txt
  16. # file: 3.txt
  17. # owner: root
  18. # group: root
  19. user::rw-
  20. group::r-x                      #effective:r--
  21. mask::r--
  22. other::r--

  23. [root@station60 sub1]#
复制代码


如果真要改group选项:

  1. [root@station60 labs]# ls
  2. 1.sh
  3. [root@station60 labs]# getfacl  1.sh
  4. # file: 1.sh
  5. # owner: root
  6. # group: root
  7. user::rwx
  8. user:student:rwx                #effective:rw-
  9. user:visitor:---
  10. group::r--
  11. mask::rw-
  12. other::r--

  13. [root@station60 labs]# setfacl  -m u::rw
  14. Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
  15. Try `setfacl --help' for more information.
  16. [root@station60 labs]# setfacl  -m u::rw 1.sh
  17. [root@station60 labs]# getfacl  1.sh
  18. # file: 1.sh
  19. # owner: root
  20. # group: root
  21. user::rw-
  22. user:student:rwx
  23. user:visitor:---
  24. group::r--
  25. mask::rwx
  26. other::r--

  27. [root@station60 labs]#
复制代码
默认acl权限和默认掩码:
  1. [root@station60 labs]# ls -ld
  2. drwxr-xr-x+ 3 root root 42 Jun 11 09:10 .
  3. [root@station60 labs]# setfacl  -b .
  4. [root@station60 labs]# ls -ld
  5. drwxr-xr-x. 3 root root 42 Jun 11 09:10 .
  6. [root@station60 labs]# ls -ldf
  7. .
  8. [root@station60 labs]# ls -ld
  9. drwxr-xr-x. 3 root root 42 Jun 11 09:10 .
  10. [root@station60 labs]# setfacl -m d:u:student:rX  .
  11. [root@station60 labs]# getfacl ./
  12. # file: .
  13. # owner: root
  14. # group: root
  15. user::rwx
  16. group::r-x
  17. other::r-x
  18. default:user::rwx
  19. default:user:student:r-x
  20. default:group::r-x
  21. default:mask::r-x
  22. default:other::r-x

  23. [root@station60 labs]# setfacl -m d:u:student:rwX  .
  24. [root@station60 labs]# getfacl ./
  25. # file: .
  26. # owner: root
  27. # group: root
  28. user::rwx
  29. group::r-x
  30. other::r-x
  31. default:user::rwx
  32. default:user:student:rwx
  33. default:group::r-x
  34. default:mask::rwx
  35. default:other::r-x

  36. [root@station60 labs]# setfacl -m d:m::rX  .
  37. [root@station60 labs]# getfacl ./
  38. # file: .
  39. # owner: root
  40. # group: root
  41. user::rwx
  42. group::r-x
  43. other::r-x
  44. default:user::rwx
  45. default:user:student:rwx        #effective:r-x
  46. default:group::r-x
  47. default:mask::r-x
  48. default:other::r-x

  49. [root@station60 labs]# mkdir sub2
  50. [root@station60 labs]# setfacl sub1
  51. Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
  52. Try `setfacl --help' for more information.
  53. [root@station60 labs]# getfacl sub1
  54. # file: sub1
  55. # owner: root
  56. # group: root
  57. user::rwx
  58. group::r-x
  59. other::r--

  60. [root@station60 labs]# getfacl sub2
  61. # file: sub2
  62. # owner: root
  63. # group: root
  64. user::rwx
  65. user:student:rwx                #effective:r-x
  66. group::r-x
  67. mask::r-x
  68. other::r-x
  69. default:user::rwx
  70. default:user:student:rwx        #effective:r-x
  71. default:group::r-x
  72. default:mask::r-x
  73. default:other::r-x

  74. [root@station60 labs]# su - student
  75. Last login: Tue Jun 11 08:47:37 EDT 2019 on pts/0
  76. [student@station60 ~]$ cd /labs
复制代码






回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|Bo's Oracle Station   

GMT+8, 2024-11-21 20:14 , Processed in 0.039894 second(s), 25 queries .

快速回复 返回顶部 返回列表