权限归属案例

案例1：chmod权限设置
1）以root用户新建/nsddir/目录，在该目录下新建文件readme.txt
2）使用户zhangsan能够在/nsddir/目录下创建/删除子目录
3）使用户zhangsan能够修改/nsddir/readme.txt文件的容
[[email protected] ~]# mdkir /nsddir
[[email protected] ~]# echo haha >> /nsddir/readme.txt
[[email protected] ~]# chmod o+w /nsddir
[[email protected] ~]# su - zhangsan
[[email protected] ~]$ mkdir /nsddir/zhangsan
[[email protected] ~]$ ls /nsddir
[[email protected] ~]$ exit
[[email protected] ~]# chmod o+w /nsddir/readme.txt
[[email protected] ~]# su - zhangsan
[[email protected] ~]$ echo xixi >> /nsddir/readme.txt
[[email protected] ~]$ cat /nsddir/readme.txt
[[email protected] ~]$ exit

案例2：chown归属设置
1）新建/tarena1目录
a）将属主设为gelin01，属组设为tarena组
b）使用户gelin01对此目录具有rwx权限，其他人对此目录无任何权限
[[email protected] ~]# mkdir /tarena1
[[email protected] ~]# useradd gelin01
[[email protected] ~]# groupadd tarena
[[email protected] ~]# chown gelin01:tarena /tarena1
[[email protected] ~]# ls -ld /tarena1
[[email protected] ~]# chmod o=— /tarena1
[[email protected] ~]# ls -ld /tarena1

2）使用户gelin02能进入、查看/tarena1文件夹（提示：将gelin02加入所属组）

[[email protected] ~]# useradd gelin02
[[email protected] ~]# gpasswd -a gelin02 tarena
[[email protected] ~]# id gelin02
[[email protected] ~]# su - gelin02
[[email protected] ~]$ cd /tarena1
[[email protected] tarena1]$ cd /tarena1
[[email protected] tarena1]$ ls
[[email protected] tarena1]$ exit

3）新建/tarena2目录
a）将属组设为tarena
b）使tarena组的任何用户都能在此目录下创建、删除文件

[[email protected] ~]# mkdir /tarena2
[[email protected] ~]# chown :tarena /tarena2
[[email protected] ~]# chmod g+w /tarena2
[[email protected] ~]# ls -ld /tarena2
[[email protected] ~]# useradd ceshi
[[email protected] ~]# gpasswd -a ceshi tarena
[[email protected] ~]# id ceshi
[[email protected] ~]# su - ceshi
[[email protected] ~]$ mkdir /tarena2/ceshi
[[email protected] ~]$ ls /tarena2
[[email protected] ~]$ exit

4）新建/tarena/public目录
a）使任何用户对此目录都有rwx权限
b）拒绝zhangsan进入此目录，对此目录无任何权限

[[email protected] ~]# mkdir /tarena/public
[[email protected] ~]# chmod 777 /tarena/public
[[email protected] ~]# ls -ld /tarena/public
[[email protected] ~]# setfacl -m u:zhangsan:— /tarena/public
[[email protected] ~]# su - zhangsan
[[email protected] ~]$ ls /tarena/public
[[email protected] ~]$ cd /tarena/public

[[email protected] ~]$ exit

案例3:权限设置
1、创建文件夹/data/test,设置目录的访问权限，使所有者和所属组具备读写执行的权限；其他人无任何权限。
2、递归修改文件夹/data/test的归属使所有者为zhangsan，所属组为tarena。
3、请实现在test目录下，新建的所有子文件或目录的所属组都会是tarena。
4、为lisi创建ACL访问权限，使得lisi可以查看/etc/shadow文件
[[email protected] ~]# mkdir /data/test
[[email protected] ~]# chmod u=rwx,g=rwx,o=— /data/test 或者 chmod 770 /data/test
[[email protected] ~]# ls -ld /data/test

[[email protected] ~]# chown -R zhangsan:tarena /data/test
[[email protected] ~]# ls -ld /data/test

[[email protected] ~]# chmod g+s /data/test
[[email protected] ~]# mkdir /data/test/abc
[[email protected] ~]# ls -ld /data/test/abc

[[email protected] ~]# setfacl -m u:lisi:r /etc/shadow
[[email protected] ~]# getfacl /etc/shadow
[[email protected] ~]# su - lisi
[[email protected] ~]$ cat /etc/shadow
[[email protected] ~]$ exit

案例4:虚拟机 server0上操作
将文件 /etc/fstab 拷贝为 /var/tmp/fstab，并调整文件 /var/tmp/fstab权限
满足以下要求：
– 此文件的拥有者是 root
– 此文件对任何人都不可执行
– 用户 natasha 能够对此文件执行读和写操作
– 用户 harry 对此文件既不能读，也不能写
[[email protected] ~]# cp /etc/fstab /var/tmp/fstab
[[email protected] ~]# ls -l /var/tmp/fstab

[[email protected] ~]# setfacl -m u:natasha:rw /var/tmp/fstab
[[email protected] ~]# getfacl /var/tmp/fstab
[[email protected] ~]# su - natasha
[[email protected] ~]$ cat /var/tmp/fstab
[[email protected] ~]$ echo ceshi >> /var/tmp/fstab
[[email protected] ~]$ cat /var/tmp/fstab
[[email protected] ~]$ exit
[[email protected] ~]# setfacl -m u:harry:— /var/tmp/fstab
[[email protected] ~]# getfacl /var/tmp/fstab
[[email protected] ~]# su - harry
[[email protected] ~]$ cat /var/tmp/fstab
[[email protected] ~]$ echo ceshi >> /var/tmp/fstab

[[email protected] ~]$ exit

案例5:虚拟机操作
创建一个共用目录 /home/admins，要求如下：
– 此目录的所属组是 adminuser
– adminuser 组的成员对此目录有读写和执行的权限，并且其他用户没有任何权限
– 在此目录中创建的文件，其所属组会自动设置为 属于 adminuser 组
[[email protected] ~]# mkdir /home/admins
[[email protected] ~]# groupadd adminuser
[[email protected] ~]# chown :adminuser /home/admins
[[email protected] ~]# ls -ld /home/admins
[[email protected] ~]# chown g+s /home/admins
[[email protected] ~]# ls -ld /home/admins

[[email protected] ~]# mkdir /home/admins/ceshi
[[email protected] ~]# ls -ld /home/admins/ceshi