1、当用户xiaoming对/testdir 目录无执行权限时,意味着无法做哪些操作?
无法cd切换进入此目录,无法创建文件,无法删除文件,无法查看里面文件的内容,只能ls列出目录下的内容
2、当用户xiaoqiang对/testdir 目录无读权限时,意味着无法做哪些操作?
无法ls查看目录下的内容
3、当用户wangcai 对/testdir 目录无写权限时,该目录下的只读文件file1是否可修改和删除?
无法修改也无法删除
4、复制/etc/fstab文件到/var/tmp下,设置文件所有者为wangcai读写权限,所属组为sysadmins组有读写权限,其他人无权限。
[root@localhost testdir]# cp /etc/fstab /var/tmp/ [root@localhost testdir]# chmod 660 /var/tmp/fstab [root@localhost testdir]# chown wangcai.sysadmins /var/tmp/fstab [root@localhost testdir]# ll /var/tmp/fstab -rw-rw----. 1 wangcai sysadmins 595 Aug 3 15:29 /var/tmp/fstab
5、误删除了用户wangcai的家目录,请重建并恢复该用户家目录及相应的权限属性
[root@localhost ~]# cp -r /etc/skel/ /home/wangcai [root@localhost ~]# chown -R wangcai.wangcai /home/wangcai [root@localhost ~]# chmod 700 /home/wangcai [root@localhost ~]# chmod 644 /home/wangcai/.bash .bash_logout .bash_profile .bashrc [root@localhost ~]# chmod 644 /home/wangcai/.bash*
[root@localhost ~]# ll /home/wangcai/ -a total 12 drwx------. 3 wangcai wangcai 74 Aug 3 15:31 . drwxr-xr-x. 6 root root 52 Aug 3 15:31 .. -rw-r--r--. 1 wangcai wangcai 18 Aug 3 15:31 .bash_logout -rw-r--r--. 1 wangcai wangcai 193 Aug 3 15:31 .bash_profile -rw-r--r--. 1 wangcai wangcai 231 Aug 3 15:31 .bashrc drwxr-xr-x. 4 wangcai wangcai 37 Aug 3 15:31 .mozilla
6、在/data/testdir里创建的新文件自动属于g1组,组g2的成员如:alice能对这些新文件有读写权限,组g3的成员如:tom只能对新文件有读权限,其它用户(不属于g1,g2,g3)不能访问这个文件夹。
[root@localhost ~]# id alice uid=1006(alice) gid=1010(alice) groups=1010(alice),1008(g2) [root@localhost ~]# id tom uid=1007(tom) gid=1011(tom) groups=1011(tom),1009(g3) [root@localhost ~]# id mage uid=1004(mage) gid=1004(mage) groups=1004(mage) [root@localhost ~]# mkdir -p /data/testdir [root@localhost ~]# chown :g1 /data/testdir [root@localhost ~]# chmod g+wsx /data/testdir [root@localhost ~]# ll -d /data/testdir drwxrwsr-x. 2 root g1 6 Aug 3 16:43 /data/testdir [root@localhost ~]# setfacl -m d:g:g2:rw /data/testdir [root@localhost ~]# setfacl -m d:g:g3:r /data/testdir [root@localhost ~]# setfacl -m g:g2:rwx /data/testdir [root@localhost ~]# setfacl -m g:g3:r-x /data/testdir [root@localhost ~]# setfacl -m o:--- /data/testdir [root@localhost ~]# getfacl /data/testdir getfacl: Removing leading '/' from absolute path names # file: data/testdir # owner: root # group: g1 # flags: -s- user::rwx group::rwx group:g2:rwx group:g3:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:g2:rw- default:group:g3:r-- default:mask::rwx default:other::r-x [root@localhost ~]# su alice [alice@localhost root]$ cd /data/testdir/ [alice@localhost testdir]$ echo aaa > aaa [alice@localhost testdir]$ cat aaa aaa [alice@localhost testdir]$ ll total 8 -rw-rw-r--+ 1 alice g1 4 Aug 3 16:46 aaa [alice@localhost testdir]$ exit exit [root@localhost ~]# su tom [tom@localhost root]$ cd /data/testdir/ [tom@localhost testdir]$ ll total 8 -rw-rw-r--+ 1 alice g1 4 Aug 3 16:46 aaa [tom@localhost testdir]$ cat aaa aaa [tom@localhost testdir]$ echo aaaaa > aaa bash: aaa: Permission denied [tom@localhost testdir]$ echo aaaaa > tom bash: tom: Permission denied [tom@localhost testdir]$ ll total 8 -rw-rw-r--+ 1 alice g1 4 Aug 3 16:46 aaa [tom@localhost testdir]$ exit exit [root@localhost ~]# su mage [mage@localhost root]$ cd /data/testdir/ bash: cd: /data/testdir/: Permission denied
[root@localhost ~]# setfacl -m d:o:--- /data/testdir/ [root@localhost ~]# getfacl /data/testdir/ getfacl: Removing leading '/' from absolute path names # file: data/testdir/ # owner: root # group: g1 # flags: -s- user::rwx group::rwx group:g2:rwx group:g3:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:g2:rw- default:group:g3:r-- default:mask::rwx default:other::---
7、创建组sales,gid 3000,passwd:centos,sales admins:user2将用户user1,user2,user3加入到sales辅助组,希望user1 创建新文件 默认的所属组为sales,user2将用户user3从sales组移除,删除sales,user1,users。
[root@localhost ~]# groupadd -g 3000 sales [root@localhost ~]# gpasswd sales Changing the password for group sales New Password: ###centos Re-enter new password: ###centos [root@localhost ~]# gpasswd -A user2 sales\ > ^C [root@localhost ~]# gpasswd -A user2 sales [root@localhost ~]# gpasswd -a user1 sales Adding user user1 to group sales [root@localhost ~]# gpasswd -a user2 sales Adding user user2 to group sales [root@localhost ~]# gpasswd -a user3 sales Adding user user3 to group sales [root@localhost ~]# groupmems -g sales -l user1 user2 user3 [root@localhost ~]# newgrp sales user1 [root@localhost ~]# su user1 [user1@localhost root]$ cd [user1@localhost ~]$ touch user1 [user1@localhost ~]$ ll user1 -rw-rw-r--. 1 user1 user1 0 Aug 3 17:21 user1 [user1@localhost ~]$ newgrp sales user1 [user1@localhost ~]$ touch user2 [user1@localhost ~]$ ll user2 -rw-r--r--. 1 user1 sales 0 Aug 3 17:21 user2 [user1@localhost ~]$ exit exit [user1@localhost ~]$ exit exit [root@localhost ~]# su user2 [user2@localhost root]$ gpasswd -d user3 sales Removing user user3 from group sales [user2@localhost root]$ exit exit [root@localhost ~]# gpasswd -d user1 Usage: gpasswd [option] GROUP Options: -a, --add USER add USER to GROUP -d, --delete USER remove USER from GROUP -h, --help display this help message and exit -Q, --root CHROOT_DIR directory to chroot into -r, --delete-password remove the GROUP's password -R, --restrict restrict access to GROUP to its members -M, --members USER,... set the list of members of GROUP -A, --administrators ADMIN,... set the list of administrators for GROUP Except for the -A and -M options, the options cannot be combined. [root@localhost ~]# gpasswd -d user1 sales Removing user user1 from group sales [root@localhost ~]# gpasswd -d user2 sales Removing user user2 from group sales [root@localhost ~]# groupmems -g sales -l [root@localhost ~]# groupdel sales
原创文章,作者:nieda_linux,如若转载,请注明出处:http://www.178linux.com/29408
