6, user groups and permissions management -PPT job title

I, entitled

Second, the answer

1、[root@centos7 scripts]# useradd gentoo -G bin,root -s /bin/csh -c"Gentoo Distribution"

2、

[root@centos7 scripts]# getent passwd nginx mysql varnish
[root@centos7 scripts]# groupadd webs
[root@centos7 scripts]# useradd nginx -G webs
[root@centos7 scripts]# useradd varnish -G webs
[root@centos7 scripts]# useradd mysql
[root@centos7 scripts]# echo "magedu" | passwd --stdin nginx
更改用户 nginx 的密码 。
passwd：所有的身份验证令牌已经成功更新。
[root@centos7 scripts]# echo "magedu" | passwd --stdin varnish
更改用户 varnish 的密码 。
passwd：所有的身份验证令牌已经成功更新。
[root@centos7 scripts]# echo "magedu" | passwd --stdin mysql
更改用户 mysql 的密码 。
passwd：所有的身份验证令牌已经成功更新。
[root@centos7 scripts]#  groupmems -g webs -l
nginx  varnish 
[root@centos7 scripts]# getent passwd nginx mysql varnish
nginx:x:1003:1004::/home/nginx:/bin/bash
mysql:x:1005:1006::/home/mysql:/bin/bash
varnish:x:1004:1005::/home/varnish:/bin/bash

3, (1) can not enter the directory (2) can not view the details of the catalog file (3) can not be rm, not mv, cp, additional coverage, editing, etc.

4, can not view the list of files in the directory, known file name can ll file view details; known file name can be cat or vim (required w)

5, redis users can not modify the file directory

6, can delete files, mv, cp file; but you can not modify the content of the document

7、

[root@centos7 ~]# cp /etc/fstab /var/tmp/
[root@centos7 ~]# chown tomcat:apps /var/tmp/fstab 
[root@centos7 ~]# chmod 660 /var/tmp/fstab
[root@centos7 ~]# ll /var/tmp/fstab
-rw-rw---- 1 tomcat apps 577 Jul 30 10:17 /var/tmp/fstab

8、

9, linux study three special permissions and permissions acl, the answer may be a problem, how the new file permissions inheritance?

[root@centos7 ~]# mkdir /testdir/dir -p
[root@centos7 ~]# chown root:webs /testdir/dir

[root@centos7 scripts]# useradd tomcat
[root@centos7 scripts]# groupadd apps
[root@centos7 scripts]# usermod -aG apps tomcat

[root@centos7 scripts]# groupadd dbs
[root@centos7 scripts]# useradd mysql
[root@centos7 scripts]# usermod -aG dbs mysql

[root@centos7 ~]# chmod 2750 /testdir/dir/
[root@centos7 ~]# ll -d /testdir/dir/
drwxr-s--- 2 root webs 6 Jul 30 10:21 /testdir/dir/

[root@centos7 ~]# setfacl -m g:apps:rw /testdir/dir/
[root@centos7 ~]# setfacl -m g:dbs:r /testdir/dir/
[root@centos7 ~]# setfacl -m o::0 /testdir/dir/
[root@centos7 ~]# getfacl /testdir/dir/
getfacl: Removing leading '/' from absolute path names
# file: testdir/dir/
# owner: root
# group: webs
# flags: -s-
user::rwx
group::r-x
group:apps:rw-
group:dbs:r--
mask::rwx
other::---

[root@centos7 ~]# echo hello > /testdir/dir/hello.txt
[root@centos7 ~]# ll /testdir/dir/hello.txt
-rw-r--r-- 1 root webs 6 Jul 30 10:42 /testdir/dir/hello.txt

10、

[root@centos7 ~]# getfacl -R /testdir/dir/ > /root/acl.txt
getfacl: Removing leading '/' from absolute path names
[root@centos7 ~]# setfacl -R -b /testdir/dir/
[root@centos7 ~]# getfacl /testdir/dir/
getfacl: Removing leading '/' from absolute path names
# file: testdir/dir/
# owner: root
# group: webs
# flags: -s-
user::rwx
group::r-x
other::---

[root@centos7 ~]# setfacl -R --set-file=/root/acl.txt
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
Try `setfacl --help' for more information.
[root@centos7 ~]# setfacl -R --set-file=/root/acl.txt /testdir/dir/