不同组的Linux目录权限 [英] Linux directory permissions for different groups

问题描述

我有两个目录:"public"和"private". 我有三个用户:"chris"，"john"，"dan".我有两个小组:"pub"，"priv"和"god".

I'm having two directories: "public" and "private". I have three users: "chris", "john", "dan". I have two groups: "pub", "priv" and "god".

• 上帝"组应具有公共"和私人"的完全访问权限.
• "pub"组应该是唯一拥有"public"权限的组
• 私人"组应该是唯一拥有对私人"权限的组.

以根用户身份:

useradd chris

useradd john

useradd dan

usermod -g god chris

usermod -g pub john

usermod -g priv dan

chgrp god public private

chgrp pub public

chgrp priv private

su chris

以克里斯"的身份:

cd public/

touch test =权限被拒绝

其他用户也一样...在"dan"下，我没有对"private"目录的权限，而"dan"是"priv"组的成员.

The same for the other users ... under "dan" I have no permissions over the "private" directory, althou "dan" is a member of the "priv" group.

你有什么主意吗?

推荐答案

好吧，我知道这是相对古老的，但是twalberg是正确的:实际上，有一种相对简单的方法可以使用POSIX ACL完成此操作.它们自90年代末/2000年代初以来就已经存在，所以我不知道为什么更多的人不使用它们.

Well, I know this is relatively old, but twalberg is correct: there's actually a relatively easy way to accomplish this with POSIX ACL's. They've existed since the late 90's/early 2000's so I don't know why more people don't use them.

操作方法:完成操作，然后简单地执行以下命令:

How to do it: Do as you've already done, then simply execute this command:

# setfacl -m g:god:rwx public private

，在一个命令中您可以得到想要的东西.您将花费大量时间尝试仅使用传统的Unix权限来弄清楚该怎么做.

and in one command you get what you're wanting. You'll spend forever trying to figure out how to do it using ONLY traditional unix permissions.

Mikic的建议可能仍然很好(取决于您要完成的工作)，并且可能更直接地在您的权限中引用尽可能少的组(或者您可能希望显而易见的是，""不是普通用户，而是管理员用户，同样取决于您要构造的对象.

Mikic's advice may still be good (depending on what you're trying to accomplish), and it might be more straight forward to reference as few groups as possible in your permissions (or maybe you want it to be apparent that "chris" isn't a regular user, but an administrative one, again it depends on what you want to construct).

我提供了一些与您要完成的任务更接近的内容，因为在某些情况下，您试图授予辅助用户/组对目录的访问权限，但又不想在"chris"和"chris"之间进行选择可以访问这两个目录，而"chris"可以访问所有其他文件和目录"pub"和"priv".使用ACL，您不必做出这些选择，这就是为什么要添加它们的原因，并且现在它们已成为大多数Unix(以及BSD和Linux)平台的核心部分.

I offered something closer to what you're trying to accomplish, because there may be situations where you're trying to give a secondary user/group access to a directory but you don't want to choose between "chris" not getting access to these two directories and "chris" getting access to all those other files and directories "pub" and "priv" might have access to. With ACL's you don't have to make those choices, which is why they were added and are now a core part of most Unix (and BSD and Linux) platforms.

这篇关于不同组的Linux目录权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！