如何仅授予某些用户对子文件夹的权限 [英] How to give to some user permissions only to subfolder

问题描述

我在我的服务器上拥有 root 权限，我想将权限授予它的特定组和用户.有一种情况，有目录树:

I have root permissions on my server and I want to give permissions to particular groups and users of it. There is a one case, there is directory tree:

  dir1
    ├── subdir1
    ├── subdir2
    ├── subdir3

我有三个用户(user1、user2、user3) - 我希望他们每个人都只有一个目录(user1 - subdir1、user2 - subdir2、user3 - subdir3)的权限.User1 应该看​​不到 int subdir2 或 subdir3 是什么，但他看不到它们的存在，与其他用户及其目录相同.

I have three users (user1, user2, user3) - i want each of them to have permissions only to one directory (user1 - subdir1, user2 - subdir2, user3 - subdir3). User1 should not be able to see whats int subdir2 or subdir3, but he cant see that they exist, same with other users and their dirs.

我使用 getfacl 和 setfacl 命令授予权限.

I give persmissions using getfacl and setfacl commands.

这些用户应该对 dir1 和 subdirs 拥有什么权限?

What permissions should these users have to dir1 and subdirs?

推荐答案

要允许所有用户查看 dir1 中的文件列表，请设置此文件夹的权限 0755

To allow all users see list of files in dir1 set permissions 0755 to this folder

$ chmod dir1 0755

要单独访问子文件夹，将所有者分配给每个文件夹:

To separate access to subfolders assign owner to each folder:

$ cd dir1

$ chown user1:user1 -R subdir1
$ chown user2:user2 -R subdir2
$ chown user3:user3 -R subdir3

现在让子文件夹只对其所有者可读:

Now make subfolders readable only for theirs owners:

$ chmod user* 0700

现在所有用户都看到文件夹 user* 存在，但他们只能进入自己的文件夹

Now all users see that folders user* exist, but they can enter only in own folder

更新抱歉，无法格式化评论中的文本.

Update Sorry, can't format text in comments.

当我的用户多于这三个时，我只想要这三个能够进入 dir1 - 然后呢?

When I have more users than these three, and I want only these three to be able to enter dir1 - what then?

然后你必须为他们分配一个特殊的组并允许该组读取 dir1 的内容.

Then you have to assign them one special group and allow this group to read content of dir1.

创建组specialusers

$ groupadd specialusers

在该组中添加用户

$ usermod -aG specialusers user1
$ usermod -aG specialusers user2
$ usermod -aG specialusers user3

允许specialusers读取文件夹

$ chown root:specialusers dir1
$ chmod dir1 0750

现在只有 specialusers 组中的用户可以看到 dir1 下的文件夹列表

Now only users from in group specialusers can see a list of folders under dir1

这篇关于如何仅授予某些用户对子文件夹的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！