Linux 文件目录权限实例
Assume that the .net users and groups are as follows:
group | user |
---|---|
training | nash_su, bob |
market | alice,john |
manage | steve,david |
- It is now required to establish corresponding folders between various departments and employees. The requirements are as follows:
- All directories and files are stored in a unified folder
- Each department has a separate folder
- Different departments cannot access their own folders
- Each employee has a folder under the department folder
- Different employees of the same employee can view their own folders, but they cannot be modified. Users can only modify their own content
1. Log in as the root user to add groups and users, and specify affiliated groups (departments) for the users:
Note 1: useradd
-g<group> Specify the group to which the user belongs.
-G<group> Specify the additional group to which the user belongs.
[root@localhost ~]# groupadd training
[root@localhost ~]# groupadd market
[root@localhost ~]# groupadd manage
[root@localhost ~]# useradd -G training nash_su
[root@localhost ~]# useradd -G training bob
[root@localhost ~]# useradd -G market alice
[root@localhost ~]# useradd -G market john
[root@localhost ~]# useradd -G manage steve
[root@localhost ~]# useradd -G manage david
- All directories and files are stored in a unified folder
- Each department has a separate folder
- Different departments cannot access their own folders
2 In order to allow the entire company's folder net to have sufficient access rights, create the company's folder directory /net under the root directory "/"
, and create three department subdirectories, remove the permissions of other users in each department directory and Specify department:Note 2: mkdir
-m: Set the permissions of the directory when creating the directory at the same time as r;
-p: If the upper-level directory of the directory to be created has not been created yet, the upper-level directory will be created together;
chgrp training /net/training/ --> modify the group where the file & directory /net/training is to training
[root@localhost ~]# mkdir /net
[root@localhost ~]# mkdir -pm 750 /net/training
[root@localhost ~]# mkdir -pm 750 /net/market
[root@localhost ~]# mkdir -pm 750 /net/manage
[root@localhost ~]# chgrp training /net/training/
[root@localhost ~]# chgrp market /net/market/
[root@localhost ~]# chgrp manage /net/manage/
[root@localhost ~]# cd /net
[root@localhost net]# ls
manage market training
[root@localhost net]# ll
总用量 0
drwxr-x---. 2 root manage 6 11月 7 10:58 manage
drwxr-x---. 2 root market 6 11月 7 10:58 market
drwxr-x---. 2 root training 6 11月 7 10:58 training
Create employee directories, and specify its own employees and departments for each directory
Each employee has its own folder, and different employees can only view but not modify.
Note 3: Modify the file owner: -chown
chown nash_su /net/training/nash_su --> change the owner of /net/training/nash_su to nash_su
[root@localhost /]# mkdir -pm 750 /net/training/nash_su
[root@localhost /]# mkdir -pm 750 /net/training/bob
[root@localhost /]# mkdir -pm 750 /net/market/alice
[root@localhost /]# mkdir -pm 750 /net/market/john
[root@localhost /]# mkdir -pm 750 /net/manage/steve
[root@localhost /]# mkdir -pm 750 /net/manage/david
[root@localhost /]# chown nash_su /net/training/nash_su
[root@localhost /]# chown bob /net/training/bob
[root@localhost /]# chown alice /net/market/alice
[root@localhost /]# chown john /net/market/john
[root@localhost /]# chown steve /net/manage/steve
[root@localhost /]# chown david /net/manage/david
[root@localhost /]# chgrp training /net/training/nash_su
[root@localhost /]# chgrp training /net/training/bob
[root@localhost /]# chgrp market /net/market/alice
[root@localhost /]# chgrp market /net/market/john
[root@localhost /]# chgrp manage /net/manage/steve
[root@localhost /]# chgrp manage /net/manage/david
Whether the switch user test is successful
[root@localhost /]# su bob
[bob@localhost /]$ ls /net/training //可以查看自己的部门
bob nash_su
[bob@localhost /]$ ls /net/market
ls: 无法打开目录/net/market: 权限不够 //不可以查看其他的部门
[bob@localhost /]$ ls /net/training/bob //可以查看自己的目录
[bob@localhost /]$ ls /net/training/nash_su//可以查看同事的目录
[bob@localhost /]$ touch test /net/training/nash_su
touch: 无法创建"test": 权限不够 //不能修改同部门同事的目录
touch: 正在设置"/net/training/nash_su" 的时间: 权限不够