{"id":160,"date":"2009-12-14T17:30:59","date_gmt":"2009-12-14T17:30:59","guid":{"rendered":"http:\/\/kumouse.aafox.com\/?p=160"},"modified":"2009-12-14T17:30:59","modified_gmt":"2009-12-14T17:30:59","slug":"linux-acl-%e6%93%8d%e4%bd%9c-%ef%bc%88%e8%bd%ac%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.kumouse.com\/?p=160","title":{"rendered":"linux ACL \u64cd\u4f5c \uff08\u8f6c\uff09"},"content":{"rendered":"

\u51c6\u5907\u5de5\u4f5c<\/p>\n

\u652f\u6301ACL\u9700\u8981\u5185\u6838\u548c\u6587\u4ef6\u7cfb\u7edf\u7684\u652f\u6301\u3002\u73b0\u57282.6\u5185\u6838\u914d\u5408EXT2\/EXT3, JFS, XFS, ReiserFS\u7b49\u6587\u4ef6\u7cfb\u7edf\u90fd\u662f\u53ef\u4ee5\u652f\u6301ACL\u7684\u3002\u7528\u81ea\u5df1\u5de5\u4f5c\u7528\u7684\u7269\u7406\u5206\u533a\u4f53\u9a8cACL\uff0c\u603b\u662f\u4e0d\u660e\u667a\u7684\u884c\u4e3a\u3002\u4e07\u4e00\u8bef\u64cd\u4f5c\u5bfc\u81f4\u5206\u533a\u7684\u635f\u574f\uff0c\u9020\u6210\u6570\u636e\u7684\u4e22\u5931\uff0c\u635f\u5931\u5c31\u5927\u4e86\u3002\u4f5c\u4e00\u4e2aloop\u8bbe\u5907\u662f\u4e2a\u5b89\u5168\u7684\u66ff\u4ee3\u65b9\u6cd5\u3002\u8fd9\u6837\u4e0d\u9700\u8981\u4e00\u4e2a\u5355\u72ec\u7684\u5206\u533a\uff0c\u4e5f\u4e0d\u9700\u8981\u5f88\u5927\u7684\u786c\u76d8\u7a7a\u95f4\uff0c\u5927\u7ea6\u6709\u4e2a\u51e0\u767eKB\u5c31\u8db3\u591f\u8fdb\u884c\u6211\u4eec\u7684\u4f53\u9a8c\u4e86\u3002OK\uff0c\u4e0b\u9762\u6211\u4f7f\u7528Fedora Core 5\u548cExt3\u6587\u4ef6\u5f00\u59cb\u5bf9Linux\u7684ACL\u7684\u4f53\u9a8c\u3002<\/p>\n

\u9996\u5148\u521b\u5efa\u4e00\u4e2a512KB\u7684\u7a7a\u767d\u6587\u4ef6\uff1a<\/p>\n

[root@FC3-vm opt]# dd if=\/dev\/zero of=\/opt\/testptn count=512
512+0 records in
512+0 records out<\/p>\n

\u548c\u4e00\u4e2aloop\u8bbe\u5907\u8054\u7cfb\u5728\u4e00\u8d77\uff1a<\/p>\n

[root@FC3-vm opt]# losetup \/dev\/loop0 \/opt\/testptn<\/p>\n

\u521b\u5efa\u4e00\u4e2aEXT2\u7684\u6587\u4ef6\u7cfb\u7edf\uff1a<\/p>\n

[root@FC3-vm opt]# mke2fs \/dev\/loop0
mke2fs 1.35 (28-Feb-2004)
max_blocks 262144, rsv_groups = 32, rsv_gdb = 0
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
32 inodes, 256 blocks
12 blocks (4.69%) reserved for the super user
First data block=1
1 block group
8192 blocks per group, 8192 fragments per group
32 inodes per group<\/p>\n

Writing inode tables: done
Writing superblocks and filesystem accounting information: done<\/p>\n

This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.<\/p>\n

\u6302\u8f7d\u65b0\u5efa\u7684\u6587\u4ef6\u7cfb\u7edf\uff08\u6ce8\u610fmount\u9009\u9879\u91cc\u7684acl\u6807\u5fd7\uff0c\u6211\u4eec\u9760\u5b83\u6765\u901a\u77e5\u5185\u6838\u6211\u4eec\u9700\u8981\u5728\u8fd9\u4e2a\u6587\u4ef6\u7cfb\u7edf\u4e2d\u4f7f\u7528ACL\uff09\uff1a<\/p>\n

[root@FC3-vm opt]# mount -o rw,acl \/dev\/loop0 \/mnt
[root@FC3-vm opt]# cd \/mnt
[root@FC3-vm mnt]# ls
lost+found<\/p>\n

\u73b0\u5728\u6211\u5df2\u7ecf\u5f97\u5230\u4e86\u4e00\u4e2a\u5c0f\u578b\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u800c\u4e14\u662f\u652f\u6301ACL\u7684\u3002\u5e76\u4e14\u5373\u4f7f\u5f7b\u5e95\u635f\u574f\u4e5f\u4e0d\u4f1a\u5f71\u54cd\u786c\u76d8\u4e0a\u5176\u4ed6\u6709\u4ef7\u503c\u7684\u6570\u636e\u3002\u53ef\u4ee5\u5f00\u59cb\u6211\u4eec\u7684ACL\u4f53\u9a8c\u4e4b\u65c5\u4e86\u3002<\/p>\n

\u4f53\u9a8c1 \uff0d ACL\u7684\u57fa\u672c\u64cd\u4f5c\uff1a\u6dfb\u52a0\u548c\u4fee\u6539<\/p>\n

\u6211\u9996\u5148\u65b0\u5efa\u4e00\u4e2a\u6587\u4ef6\u4f5c\u4e3a\u5b9e\u65bdACL\u7684\u5bf9\u8c61\uff1a<\/p>\n

[root@FC3-vm mnt]# touch file1
[root@FC3-vm mnt]# ls -l file1
-rw-r–r– 1 root root 7 Dec 11 00:28 file1<\/p>\n

\u7136\u540e\u770b\u4e00\u4e0b\u8fd9\u4e2a\u6587\u4ef6\u7f3a\u7701\u7684ACL\uff0c\u8fd9\u65f6\u8fd9\u4e2a\u6587\u4ef6\u9664\u4e86\u901a\u5e38\u7684UGO\u7684\u6743\u9650\u4e4b\u5916\uff0c\u5e76\u6ca1\u6709ACL\uff1a<\/p>\n

[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
group::r–
other::r-<\/p>\n

*\u6ce8\u610f\uff1a\u5373\u4f7f\u662f\u4e0d\u652f\u6301ACL\u7684\u60c5\u51b5\u4e0b\uff0cgetfacl\u4ecd\u7136\u80fd\u8fd4\u56de\u4e00\u4e2a\u8fd9\u6837\u7684\u7ed3\u679c\u3002\u4e0d\u8fc7setfacl\u662f\u4e0d\u80fd\u5de5\u4f5c\u7684\u3002<\/p>\n

\u4e0b\u9762\u6dfb\u52a0\u51e0\u4e2a\u7528\u6237\u548c\u7ec4\uff0c\u4e00\u4f1a\u6211\u5c06\u4f7f\u7528ACL\u8d4b\u4e88\u4ed6\u4eec\u4e0d\u540c\u7684\u6743\u9650\uff1a<\/p>\n

[root@FC3-vm mnt]# groupadd testg1
[root@FC3-vm mnt]# useradd testu1
[root@FC3-vm mnt]# useradd testu2
[root@FC3-vm mnt]# usermod -G testg1 testu1<\/p>\n

\u73b0\u5728\u6211\u4eec\u770b\u770btestu1\u80fd\u505a\u4ec0\u4e48\uff1a<\/p>\n

[root@FC3-vm mnt]# su testu1
[testu1@FC3-vm mnt]$ echo "testu1" >> file1
bash: file1: Permission denied<\/p>\n

\u5931\u8d25\u4e86\u3002\u56e0\u4e3afile1\u5e76\u4e0d\u5141\u8bb8\u9664\u4e86root\u4ee5\u5916\u7684\u7528\u6237\u5199\u3002\u6211\u4eec\u73b0\u5728\u5c31\u901a\u8fc7\u4fee\u6539file1\u7684ACL\u8d4b\u4e88testu1\u8db3\u591f\u7684\u6743\u9650\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl -m u:testu1:rw file1
[root@FC3-vm mnt]# su testu1
[testu1@FC3-vm mnt]$ echo "testu1" >> file1
[testu1@FC3-vm mnt]$ cat file1
testu1<\/p>\n

\u4fee\u6539\u6210\u529f\u4e86\uff0c\u7528\u6237testu1\u53ef\u4ee5\u5bf9file1\u505a\u8bfb\u5199\u64cd\u4f5c\u4e86\u3002\u6211\u4eec\u6765\u770b\u4e00\u4e0bfile1\u7684ACL\uff1a<\/p>\n

[testu1@FC3-vm mnt]$ getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
user:testu1:rw-
group::r–
mask::rw-
other::r-<\/p>\n

\u6211\u4eecls\u770b\u4e00\u4e0b\uff1a<\/p>\n

[root@FC3-vm mnt]# ls -l file1
-rw-rw-r–+ 1 root root 7 Dec 11 00:28 file1<\/p>\n

\u53ef\u4ee5\u770b\u5230\u90a3\u4e2a"+"\u4e86\u4e48\uff1f\u5c31\u5728\u901a\u5e38\u6211\u4eec\u770b\u5230\u7684\u6743\u9650\u4f4d\u7684\u65c1\u8fb9\u3002\u8fd9\u4e2a\u8bf4\u660efile1\u8bbe\u7f6e\u4e86ACL\uff0c \u63a5\u4e0b\u6765\u6211\u4eec\u4fee\u6539\u4e00\u4e0btestu1\u7684\u6743\u9650\uff0c\u540c\u65f6\u7ed9testg1\u8fd9\u4e2a\u7ec4\u4ee5\u8bfb\u7684\u6743\u9650\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl -m u:testu1:rwx,g:testg1:r file1
[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
user:testu1:rwx
group::r–
group:testg1:r–
mask::rwx
other::r-<\/p>\n

\u53ef\u4ee5\u770b\u5230\u8bbe\u7f6e\u540e\u7684\u6743\u9650\uff0ctestu1\u5df2\u7ecf\u6709\u4e86\u6267\u884c\u7684\u6743\u9650\uff0c\u800ctestg1\u8fd9\u4e2a\u7ec4\u4e5f\u83b7\u5f97\u4e86\u8bfb\u53d6\u6587\u4ef6\u5185\u5bb9\u7684\u6743\u9650\u3002\u4e5f\u8bb8\u6709\u4eba\u5df2\u7ecf\u6ce8\u610f\u5230\u4e86\u4e24\u4e2a\u95ee\u9898\uff1a\u9996\u5148\uff0cfile1\u7684\u7ec4\u6743\u9650\u4ecer–\u53d8\u6210\u4e86rw-\u3002\u5176\u6b21\uff0cmask\u662f\u4ec0\u4e48\uff1f\u4e3a\u4ec0\u4e48\u4e5f\u53d8\u5316\u4e86\u5462\uff1f\u6211\u4eec\u5148\u4ecemask\u8bf4\u8d77\u3002\u5982\u679c\u8bf4acl\u7684\u4f18\u5148\u7ea7\u9ad8\u4e8eUGO\uff0c\u90a3\u4e48 mask\u5c31\u662f\u4e00\u4e2a\u540d\u526f\u5176\u5b9e\u7684\u6700\u540e\u4e00\u9053\u9632\u7ebf\u3002\u5b83\u51b3\u5b9a\u4e86\u4e00\u4e2a\u7528\u6237\/\u7ec4\u80fd\u591f\u5f97\u5230\u7684\u6700\u5927\u7684\u6743\u9650\u3002\u8fd9\u6837\u6211\u4eec\u5728\u4e0d\u7834\u574f\u5df2\u6709ACL\u7684\u5b9a\u4e49\u7684\u57fa\u7840\u4e0a\uff0c\u53ef\u4ee5\u4e34\u65f6\u63d0\u9ad8\u6216\u662f\u964d\u4f4e\u5b89\u5168\u7ea7\u522b\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl -m mask::r file1
[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
user:testu1:rwx #effective:r–
group::r–
group:testg1:r–
mask::r–
other::r–<\/p>\n

[root@FC3-vm mnt]# ls -l file1
-rw-r–r–+ 1 root root 7 Dec 11 00:28 file1<\/p>\n

\u5728testu1\u5bf9\u5e94\u7684ACL\u9879\u7684\u540e\u8fb9\u51fa\u73b0\u4e86effective\u7684\u5b57\u6837\uff0c\u8fd9\u662f\u5b9e\u9645testu1\u5f97\u5230\u7684\u6743\u9650\u3002Mask\u53ea\u5bf9\u5176\u4ed6\u7528\u6237\u548c\u7ec4\u7684\u6743\u9650\u6709\u5f71\u54cd\uff0c\u5bf9owner\u548cother\u7684\u6743\u9650\u662f\u6ca1\u6709\u4efb\u4f55\u5f71\u54cd\u7684\u3002\u6267\u884cls\u7684\u7ed3\u679c\u4e5f\u663e\u793aUGO\u7684\u8bbe\u7f6e\u4e5f\u6709\u4e86\u5bf9\u5e94\u7684\u53d8\u5316\u3002\u56e0\u4e3a\u5728\u4f7f\u7528\u4e86ACL\u7684\u60c5\u51b5\u4e0b\uff0cgroup\u7684\u6743\u9650\u663e\u793a\u7684\u5c31\u662f\u5f53\u524d\u7684mask\u3002\u901a\u5e38\u6211\u4eec\u628amask\u8bbe\u7f6e\u6210rwx\uff0c\u4ee5\u4e0d\u963b\u6b62\u4efb\u4f55\u7684\u5355\u4e2aACL\u9879\u3002<\/p>\n

*\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u6bcf\u6b21\u4fee\u6539\u6216\u6dfb\u52a0\u67d0\u4e2a\u7528\u6237\u6216\u7ec4\u7684ACL\u9879\u7684\u65f6\u5019\uff0cmask\u90fd\u4f1a\u968f\u4e4b\u4fee\u6539\u4ee5\u4f7f\u6700\u65b0\u7684\u4fee\u6539\u80fd\u591f\u771f\u6b63\u751f\u6548\u3002\u6240\u4ee5\u5982\u679c\u9700\u8981\u4e00\u4e2a\u6bd4\u8f83\u4e25\u683c\u7684mask\u7684\u8bdd\uff0c\u53ef\u80fd\u9700\u8981\u6bcf\u6b21\u90fd\u91cd\u65b0\u8bbe\u7f6e\u4e00\u4e0bmask\u3002<\/p>\n

\u4f53\u9a8c2 \uff0d ACL\u7684\u5176\u4ed6\u529f\u80fd\uff1a\u5220\u9664\u548c\u8986\u76d6<\/p>\n

\u6211\u4eec\u6765\u770b\u4e00\u4e0b\u5176\u4ed6\u7684ACL\u64cd\u4f5c\u3002\u9996\u5148\u5982\u4f55\u5220\u9664\u5df2\u6709\u7684ACL\u9879\u5462\uff1f<\/p>\n

[root@FC3-vm mnt]# setfacl -x g:testg1 file1
[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
user:testu1:rwx
group::r–
mask::rwx
other::r–<\/p>\n

\u6211\u4eec\u770b\u5230testg1\u7684\u6743\u9650\u5df2\u7ecf\u88ab\u53bb\u6389\u4e86\u3002\u5982\u679c\u9700\u8981\u53bb\u6389\u6240\u6709\u7684ACL\u53ef\u4ee5\u7528-b\u9009\u9879\u3002\u6240\u6709\u7684ACL\u9879\u90fd\u4f1a\u88ab\u53bb\u6389\u3002<\/p>\n

[root@FC3-vm mnt]# setfacl -b file1
[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
group::r–
other::r–<\/p>\n

\u6211\u4eec\u53ef\u4ee5\u7528–set \u8bbe\u7f6e\u4e00\u4e9b\u65b0\u7684ACL\u9879\uff0c\u5e76\u628a\u539f\u6709\u7684ACL\u9879\u5168\u90e8\u90fd\u8986\u76d6\u6389\u3002\u548c-m\u4e0d\u540c\uff0c-m\u9009\u9879\u53ea\u662f\u4fee\u6539\u5df2\u6709\u7684\u914d\u7f6e\u6216\u662f\u65b0\u589e\u52a0\u4e00\u4e9b\u3002–set\u9009\u9879\u4f1a\u628a\u539f\u6709\u7684ACL\u9879\u90fd\u5220\u9664\uff0c\u7528\u65b0\u7684\u66ff\u4ee3\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\u4e00\u5b9a\u8981\u5305\u542bUGO\u7684\u8bbe\u7f6e\uff0c\u4e0d\u80fd\u8c61-m\u4e00\u6837\u53ea\u662f\u6dfb\u52a0ACL\u5c31\u53ef\u4ee5\u4e86\u3002\u6bd4\u5982\u4e0b\u8fb9\u8fd9\u4e00\u6bb5\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl –set u::rw,u:testu1:rw,g::r,o::- file1
[root@FC3-vm mnt]# getfacl file1
# file: file1
# owner: root
# group: root
user::rw-
user:testu1:rw-
group::r–
mask::rw-
other::—<\/p>\n

o::-\u662f\u53e6\u4e00\u4e2a\u9700\u8981\u6ce8\u610f\u7684\u5730\u65b9\u3002\u5176\u5b9e\u5b8c\u6574\u7684\u5199\u6cd5\u662fother::—\uff0c\u6b63\u5982u::rw\u7684\u5b8c\u6574\u5199\u6cd5\u662fuser::rw-\u3002\u901a\u5e38\u6211\u4eec\u53ef\u4ee5\u628a"-"\u7701\u7565\uff0c\u4f46\u662f\u5f53\u6743\u9650\u4f4d\u53ea\u5305\u542b"-"\u65f6\uff0c\u5fc5\u987b\u81f3\u5c11\u4fdd\u7559\u4e00\u4e2a\u3002\u5982\u679c\u5199\u6210\u4e86o::\uff0c\u5c31\u4f1a\u51fa\u73b0\u9519\u8bef\u3002<\/p>\n

\u5982\u679c\u5e0c\u671b\u5bf9\u76ee\u5f55\u4e0b\u7684\u6240\u6709\u5b50\u76ee\u5f55\u90fd\u8bbe\u7f6e\u540c\u6837\u7684ACL\uff0c\u53ef\u4ee5\u4f7f\u7528-R\u53c2\u6570\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl –set u::rw,u:testu1:rw,g::r,o::- dir1<\/p>\n

\u5982\u679c\u5e0c\u671b\u80fd\u4ece\u4e00\u4e2a\u6587\u4ef6\u6765\u8bfb\u5165ACL\uff0c\u5e76\u4fee\u6539\u5f53\u524d\u7684\u6587\u4ef6\u7684ACL\uff0c\u53ef\u4ee5\u7528-M\u53c2\u6570\uff1a<\/p>\n

[root@FC3-vm mnt]# cat test.acl
user:testu1:rw-
user:testu2:rw-
group:testg1:r–
group:testg2:r–
ma<\/p>\n

sk::rw-
other::—<\/p>\n

\u4f53\u9a8c3 \uff0d \u76ee\u5f55\u7684\u9ed8\u8ba4ACL<\/p>\n

\u5982\u679c\u6211\u4eec\u5e0c\u671b\u5728\u4e00\u4e2a\u76ee\u5f55\u4e2d\u65b0\u5efa\u7684\u6587\u4ef6\u548c\u76ee\u5f55\u90fd\u4f7f\u7528\u540c\u4e00\u4e2a\u9884\u5b9a\u7684ACL\uff0c\u90a3\u4e48\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4(Default) ACL\u3002\u5728\u5bf9\u4e00\u4e2a\u76ee\u5f55\u8bbe\u7f6e\u4e86\u9ed8\u8ba4\u7684ACL\u4ee5\u540e\uff0c\u6bcf\u4e2a\u5728\u76ee\u5f55\u4e2d\u521b\u5efa\u7684\u6587\u4ef6\u90fd\u4f1a\u81ea\u52a8\u7ee7\u627f\u76ee\u5f55\u7684\u9ed8\u8ba4ACL\u4f5c\u4e3a\u81ea\u5df1\u7684ACL\u3002\u7528setfacl\u7684-d\u9009\u9879\u5c31\u53ef\u4ee5\u505a\u5230\u8fd9\u4e00\u70b9\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl -d –set g:testg1:rwx dir1
[root@FC3-vm mnt]# getfacl dir1
# file: dir1
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:testg1:rwx
default:mask::rwx
default:other::r-x<\/p>\n

\u53ef\u4ee5\u770b\u5230\u9ed8\u8ba4ACL\u5df2\u7ecf\u88ab\u8bbe\u7f6e\u4e86\u3002\u5efa\u7acb\u4e00\u4e2a\u6587\u4ef6\u8bd5\u8bd5\uff1a<\/p>\n

[root@FC3-vm mnt]# touch dir1\/file1
[root@FC3-vm mnt]# getfacl dir1\/file1
# file: dir1\/file1
# owner: root
# group: root
user::rw-
group::r-x #effective:r–
group:testg1:rwx #effective:rw-
mask::rw-
other::r–<\/p>\n

file1\u81ea\u52a8\u7ee7\u627f\u4e86dir1\u5bf9testg1\u8bbe\u7f6e\u7684ACL\u3002\u53ea\u662f\u7531\u4e8emask\u7684\u5b58\u5728\u4f7f\u5f97testg1\u53ea\u80fd\u83b7\u5f97rw-\u6743\u9650\u3002<\/p>\n

\u4f53\u9a8c4 \uff0d \u5907\u4efd\u548c\u6062\u590dACL<\/p>\n

\u4e3b\u8981\u7684\u6587\u4ef6\u64cd\u4f5c\u547d\u4ee4cp\u548cmv\u90fd\u652f\u6301ACL\uff0c\u53ea\u662fcp\u547d\u4ee4\u9700\u8981\u52a0\u4e0a-p \u53c2\u6570\u3002\u4f46\u662ftar\u7b49\u5e38\u89c1\u7684\u5907\u4efd\u5de5\u5177\u662f\u4e0d\u4f1a\u4fdd\u7559\u76ee\u5f55\u548c\u6587\u4ef6\u7684ACL\u4fe1\u606f\u7684\u3002\u5982\u679c\u5e0c\u671b\u5907\u4efd\u548c\u6062\u590d\u5e26\u6709ACL\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff0c\u90a3\u4e48\u53ef\u4ee5\u5148\u628aACL\u5907\u4efd\u5230\u4e00\u4e2a\u6587\u4ef6\u91cc\u3002\u4ee5\u540e\u7528–restore\u9009\u9879\u6765\u56de\u590d\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u4fdd\u5b58\u7684ACL\u4fe1\u606f\uff1a<\/p>\n

[root@FC3-vm mnt]# getfacl -R dir1 > dir1.acl
[root@FC3-vm mnt]# ls -l dir1.acl
total 16
-rw-r–r– 1 root root 310 Dec 12 21:10 dir1.acl<\/p>\n

\u6211\u4eec\u7528-b\u9009\u9879\u5220\u9664\u6240\u6709\u7684ACL\u6570\u636e\uff0c\u6765\u6a21\u62df\u4ece\u5907\u4efd\u4e2d\u56de\u590d\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl -R -b dir1
[root@FC3-vm mnt]# getfacl -R dir1
# file: dir1
# owner: root
# group: root
user::rwx
group::r-x
other::r-x<\/p>\n

# file: dir1\/file1
# owner: root
# group: root
user::rw-
group::r–
other::r–<\/p>\n

\u73b0\u5728\u6211\u4eec\u4ecedir1.acl\u4e2d\u6062\u590d\u88ab\u5220\u9664\u7684ACL\u4fe1\u606f\uff1a<\/p>\n

[root@FC3-vm mnt]# setfacl –restore dir1.acl
[root@FC3-vm mnt]# getfacl -R dir1
# file: dir1
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:testg1:rwx
default:mask::rwx
default:other::r-x<\/p>\n

# file: dir1\/file1
# owner: root
# group: root
user::rw-
group::r-x #effective:r–
group:testg1:rwx #effective:rw-
mask::rw-
other::r–<\/p>\n

\u7ed3\u8bed<\/p>\n

ACL \u7684\u5f15\u5165\u4f7f\u5f97\u5927\u89c4\u6a21\u7684\u590d\u6742\u6743\u9650\u7ba1\u7406\u53ef\u4ee5\u5f88\u5bb9\u6613\u7684\u5728 Linux \u4e0a\u5b9e\u73b0\u3002\u5bf9\u4e8e \/home \u8fd9\u6837\u5b58\u653e\u5927\u91cf\u7528\u6237\u6587\u4ef6\u7684\u5206\u533a\uff0c\u53ef\u4ee5\u505a\u5230\u66f4\u6709\u6548\u7684\u7ba1\u7406\u3002\u4f46\u662f\u6211\u4eec\u4e5f\u770b\u5230\u5728\u5907\u4efd\u5de5\u5177\u7b49\u65b9\u9762\u7684\u6b20\u7f3a\uff0c\u597d\u5728 FC2 \u4e2d\u5df2\u7ecf\u5f00\u59cb\u5305\u542b\u4e86 star \u8fd9\u6837\u7684\u652f\u6301 ACL \u7684\u5907\u4efd\u5de5\u5177\uff0c\u867d\u7136\u8fd8\u662f alpha \u7248\u3002<\/p>\n

\u5728\u5355\u4e2a\u6587\u4ef6\u7684 ACL \u6761\u76ee\u7684\u6570\u91cf\u4e0a\uff0c\u4e0d\u540c\u7684\u6587\u4ef6\u7cfb\u7edf\u6709\u4e0d\u540c\u7684\u9650\u5236\u3002Ext2 \u548c Ext3 \u53ea\u80fd\u652f\u6301\u6bcf\u4e2a\u6587\u4ef6 25 \u4e2a ACL \u6761\u76ee\u3002ReiserFS \u548c JFS \u53ef\u4ee5\u652f\u6301\u8d85\u8fc7 8,000 \u4e2a\u6761\u76ee\u3002\u8fd9\u4e2a\u65b9\u9762 Ext* \u6587\u4ef6\u7cfb\u7edf\u8fd8\u9700\u8981\u52a0\u5f3a\u3002<\/p>\n

\u65e0\u8bba\u591a\u4e48\u590d\u6742\u7684\u7cfb\u7edf\u4e2d\uff0c\u6587\u4ef6\u7cfb\u7edf\u7684\u6743\u9650\u7ba1\u7406\u90fd\u662f\u6700\u57fa\u7840\u7684\u5185\u5bb9\u3002\u800c Linux \u5bf9 ACL\u7684\u652f\u6301\uff0c\u65e0\u7591\u662f\u4e00\u628a\u7ba1\u7406\u6d77\u91cf\u7528\u6237\u7cfb\u7edf\u7684\u5229\u5668\uff0c\u5bf9 Linux \u5728\u5927\u89c4\u6a21\u7684\u4f01\u4e1a\u7ea7\u5e94\u7528\u4e2d\u66f4\u65b9\u4fbf\u7684\u53d1\u6325\u66f4\u5927\u7684\u4f5c\u7528\u6dfb\u4e86\u4e00\u628a\u706b\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u51c6\u5907\u5de5\u4f5c \u652f\u6301ACL\u9700\u8981\u5185\u6838\u548c\u6587\u4ef6\u7cfb\u7edf\u7684\u652f\u6301\u3002\u73b0\u57282.6\u5185\u6838\u914d\u5408EXT2\/EXT3, JFS, XFS, Re […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-160","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=160"}],"version-history":[{"count":0,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts\/160\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}