1. 首页首页
  2. 科技前沿科技前沿

linux yum命令的用法(linux yuzu)

科技前沿 阅读 38

linux yum命令的用法(linux yuzu)span id Label3 p style text align justify span style font family 宋体 font size 20px 文件的权限主要针对三类对象进行定义 span p span

大家好,我是讯享网,很高兴认识大家。




讯享网

 <span id="Label3"><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">文件的权限主要针对三类对象进行定义:</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">owner: <span style="font-size:20px;font-family:‘宋体‘;">属主</span>, u</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">group: <span style="font-size:20px;font-family:‘宋体‘;">属组</span>, g</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">other: <span style="font-size:20px;font-family:‘宋体‘;">其他</span>, o</span></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">每个文件针对每类访问者都定义了三种权限:</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">r: Readable</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">w: Writable</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">x: eXcutable</span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M00/9D/33/wKioL1l7LoKw2xadAAAwsV6Ocs0879.png" style="float:none;" title="image001.png" alt="wKioL1l7LoKw2xadAAAwsV6Ocs0879.png" /></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">普通文件和目录文件对于权限的定义不太相同:</span></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;text-decoration:underline;font-size:20px;">普通文件:</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">r: <span style="font-size:20px;font-family:‘宋体‘;">可以读取文件的内容</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; &nbsp;cat less more nano vim <span style="font-size:20px;font-family:‘宋体‘;">执行脚本</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">w: <span style="font-size:20px;font-family:‘宋体‘;">可以修改文件的内容</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; &nbsp;nano vim &gt; &gt;&gt; tee gedit </span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">x: <span style="font-size:20px;font-family:‘宋体‘;">可以执行该文件</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">执行脚本</span></span></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;text-decoration:underline;font-size:20px;">目录文件:</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">r: <span style="font-size:20px;font-family:‘宋体‘;">用户可以列出目录下有哪些文件(不能查看文件的详细信息)</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">w: <span style="font-size:20px;font-family:‘宋体‘;">只有</span>w<span style="font-size:20px;font-family:‘宋体‘;">无意义。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">x: <span style="font-size:20px;font-family:‘宋体‘;">用户可以进入该目录(如果知道文件名,且有相对应的文件权限</span> <span style="font-size:20px;font-family:‘宋体‘;">,可以执行对应的操作</span>)</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">rx: <span style="font-size:20px;font-family:‘宋体‘;">用户可以进入目录,且可以长列出。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">rw<span style="font-size:20px;font-family:‘宋体‘;">:等于只有</span>r</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">wx: <span style="font-size:20px;font-family:‘宋体‘;">能进入,能创建能删除,不能列出。故用户能否删除文件与文件自身权限无关。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">rwx: <span style="font-size:20px;font-family:‘宋体‘;">全部权限。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">---<span style="font-size:20px;font-family:‘宋体‘;">:</span>null</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">(所以一般都是</span>rx<span style="font-size:20px;font-family:‘宋体‘;">,</span>rwx<span style="font-size:20px;font-family:‘宋体‘;">,</span>---<span style="font-size:20px;font-family:‘宋体‘;">比较常见,比较有用)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">X <span style="font-size:20px;font-family:‘宋体‘;">当文件本身没有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限时,则跳过,一般用于批量修改多个文件、目录的权限时,自动跳过没有执行权限的文件。(只给目录</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限,不给文件</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限)</span></span></p><p style="text-indent:28px;text-align:justify;">&nbsp;</p><p style="text-indent:28px;text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">先判断是否是文件的所有人,如果是,则执行所属人的权限后结束,如果不是所有人,则判断是否所属组(可以是主组也可以是辅助组),如果是,则执行所属组的权限后结束,如果不是则执行其他人的权限后结束。</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">所有人</span>-&gt;<span style="font-size:20px;font-family:‘宋体‘;">所有组</span>-&gt;<span style="font-size:20px;font-family:‘宋体‘;">其他人</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><hr /><p style="text-align:justify;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">chown </span></strong>: change owner</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; &nbsp;owner.group<span style="font-size:20px;font-family:‘宋体‘;">(同时修改属主属组</span> .<span style="font-size:20px;font-family:‘宋体‘;">也可以替换成</span>:<span style="font-size:20px;font-family:‘宋体‘;">)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;<span style="font-size:20px;font-family:‘宋体‘;">以上只有</span>root<span style="font-size:20px;font-family:‘宋体‘;">才能修改文件的所有人</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M01/9D/33/wKiom1l7LoLgGW2OAABGS35LIFc715.png" style="float:none;" title="image002.png" alt="wKiom1l7LoLgGW2OAABGS35LIFc715.png" /></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;:group<span style="font-family:‘宋体‘;">或</span> .group &nbsp;<span style="font-family:‘宋体‘;">文件的</span>owner<span style="font-family:‘宋体‘;">也可以使用</span>chown<span style="font-family:‘宋体‘;">修改文件的所属组(</span>owner<span style="font-family:‘宋体‘;">必须属于目标组)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;-R&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">递归</span>&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">(可以直接将目录以及子目录中所有文件都修改掉)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;--reference sourcefile tarfile<span style="font-size:20px;font-family:‘宋体‘;">(可以将</span>tarfile<span style="font-size:20px;font-family:‘宋体‘;">文件的属主属组改成与</span>sourcefile<span style="font-size:20px;font-family:‘宋体‘;">一样)</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M01/9D/33/wKioL1l7LoLgoCuWAABWSyEKbNY358.png" style="float:none;" title="image003.png" alt="wKioL1l7LoLgoCuWAABWSyEKbNY358.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,将</span>text<span style="font-family:‘宋体‘;">的权限也改成了</span>keke<span style="font-family:‘宋体‘;">,</span>lky<span style="font-family:‘宋体‘;">。</span></span></p><p style="text-align:justify;">&nbsp;</p><p style="text-align:justify;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">chgrp</span></strong> : change group</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">文件的</span>owner<span style="font-size:20px;font-family:‘宋体‘;">可以修改文件的所属组(</span>owner<span style="font-size:20px;font-family:‘宋体‘;">必须属于目标组)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; -R&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">递归</span>&nbsp; &nbsp; &nbsp;</span>&nbsp;</p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M01/9D/33/wKioL1l7L4-iSJT7AABX3kRfCaQ292.png" style="float:none;" title="image004.png" alt="wKioL1l7L4-iSJT7AABX3kRfCaQ292.png" /></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; --reference sourcefile tarfile</span></p><hr /><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKiom1l7L4_DAT9-AABeb1q0vG8438.png" style="float:none;" title="image005.png" alt="wKiom1l7L4_DAT9-AABeb1q0vG8438.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">rwx<span style="font-family:‘宋体‘;">三位用二进制来计算转换,有则为</span>1<span style="font-family:‘宋体‘;">,没有则为</span>0</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/9D/33/wKiom1l7MEqSfn0PAAAVvYR4L70460.png" title="截图836.png" alt="wKiom1l7MEqSfn0PAAAVvYR4L70460.png" /></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"></span></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">因此,权限一共就可以用三个数字来表示</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">例如:</span></span></p><p style="margin-left:56px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">640<span style="font-size:20px;font-family:‘宋体‘;">:</span> rw-r-----</span></p><p style="margin-left:56px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">755<span style="font-size:20px;font-family:‘宋体‘;">:</span> rwxr-xr-x</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"></span></p><hr /><p style="text-align:justify;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">chmod</span></strong></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">只有所属人和</span>root<span style="font-size:20px;font-family:‘宋体‘;">可以更改文件的权限</span></span></p><p style="text-align:justify;">&nbsp;<span style="font-size:20px;"><span style="font-family:‘宋体‘;">人物</span>&nbsp;<span style="font-family:‘宋体‘;">动作</span> <span style="font-family:‘宋体‘;">行为</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;ugo &nbsp;+-=&nbsp;rwx&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">(</span>u<span style="font-size:20px;font-family:‘宋体‘;">:</span>owner&nbsp; g<span style="font-size:20px;font-family:‘宋体‘;">:</span>group&nbsp; o<span style="font-size:20px;font-family:‘宋体‘;">:</span>other <span style="font-size:20px;font-family:‘宋体‘;">)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp;<span style="font-size:20px;font-family:‘宋体‘;">可以一次修改很多个人物,如果每个人需要修改的内容不一致,可以分开改,用,隔开。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">u=....,g=...,o=...</span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKiom1l7L4_Du73tAAAqG4fWQlU838.png" style="float:none;" title="image006.png" alt="wKiom1l7L4_Du73tAAAqG4fWQlU838.png" /></p><p style="text-align:justify;">&nbsp;</p><p style="text-align:justify;">&nbsp;<span style="font-size:20px;">chmod ugo+rwx&nbsp;&nbsp; <span style="font-family:‘宋体‘;">如果需要修改的内容一致,就可以放在一块修改</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; a=rwx&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; a<span style="font-size:20px;font-family:‘宋体‘;">代表</span>ugo<span style="font-size:20px;font-family:‘宋体‘;">三个一起</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/9D/33/wKiom1l7LoSQosN1AABColLhiNc937.png" style="float:none;" title="image007.png" alt="wKiom1l7LoSQosN1AABColLhiNc937.png" /></p><p><br /></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">也可以根据文件权限的数字来直接修改多个人物的权限。</span></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">例如:想要修改成</span><strong>r w x r w - r - -</strong></span></p><p style="text-align:justify;"><span style="font-size:20px;"><strong>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</strong>1 1 1,1 1 0,1 0 0</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 7 &nbsp; &nbsp;6 &nbsp; 4</span></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">得出三位数字</span>764</span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/9D/33/wKioL1l7LoTyLLHJAAAp5FGsc2Y960.png" style="float:none;" title="image008.png" alt="wKioL1l7LoTyLLHJAAAp5FGsc2Y960.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">使用</span>764<span style="font-family:‘宋体‘;">即可修改成功</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M02/9D/33/wKiom1l7LoSjwul-AABA8DfFVa0801.png" style="float:none;" title="image009.png" alt="wKiom1l7LoSjwul-AABA8DfFVa0801.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">同理,</span>777<span style="font-family:‘宋体‘;">和</span>000<span style="font-family:‘宋体‘;">分别表示全部填满和全部为空。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">(</span>PS<span style="font-size:20px;font-family:‘宋体‘;">:如果只输入</span>3<span style="font-size:20px;font-family:‘宋体‘;">,则会默认为</span>003<span style="font-size:20px;font-family:‘宋体‘;">,同理输入</span>43<span style="font-size:20px;font-family:‘宋体‘;">即为</span>043<span style="font-size:20px;font-family:‘宋体‘;">)</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><hr /><p style="text-indent:28px;text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">当我们建立一个目录或档案时,它都会带一个默认的权限:</span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M02/9D/33/wKiom1l7LoTin3PLAAAowU75rNg783.png" style="float:none;" title="image010.png" alt="wKiom1l7LoTin3PLAAAowU75rNg783.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,目录默认为</span>755<span style="font-family:‘宋体‘;">,文件默认为</span>644<span style="font-family:‘宋体‘;">。那么,为什么默认值是这样的呢?其实是由</span>umask<span style="font-family:‘宋体‘;">控制的。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M02/9D/33/wKioL1l7LoWSGfR3AAAKNY8rqkQ626.png" style="float:none;" title="image011.png" alt="wKioL1l7LoWSGfR3AAAKNY8rqkQ626.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">使用</span><strong><span style="font-size:20px;color:#FF0000;">umask</span></strong><span style="font-size:20px;font-family:‘宋体‘;">命令查询</span>umask<span style="font-size:20px;font-family:‘宋体‘;">值,为</span>022<span style="font-size:20px;font-family:‘宋体‘;">。(暂时先不看第一位)</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">我们知道对于一个目录来说,最高权限为</span>777<span style="font-size:20px;font-family:‘宋体‘;">,对于文件来说,最高权限为</span>666<span style="font-size:20px;font-family:‘宋体‘;">。(因为文件有</span>x<span style="font-size:20px;font-family:‘宋体‘;">是一个有风险是事情,所以默认生成时没有</span>x<span style="font-size:20px;font-family:‘宋体‘;">)。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">由此我们可以得出结论了,生成文件或目录时,默认值就是由最高权限减去</span>umask<span style="font-size:20px;font-family:‘宋体‘;">值得到的。</span>755=777-022<span style="font-size:20px;font-family:‘宋体‘;">;</span>644=666-022</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">那么我们来试着修改一下</span>umask<span style="font-size:20px;font-family:‘宋体‘;">。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M02/9D/33/wKioL1l7LoWho9RFAABCNAVMbME967.png" style="float:none;" title="image012.png" alt="wKioL1l7LoWho9RFAABCNAVMbME967.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图将</span>umask<span style="font-family:‘宋体‘;">修改为</span>642<span style="font-family:‘宋体‘;">,那我们再创建目录时发现权限果然默认为</span>135<span style="font-family:‘宋体‘;">,文件的默认权限为</span>024<span style="font-family:‘宋体‘;">。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">值得注意的是:当</span>umask<span style="font-size:20px;font-family:‘宋体‘;">中全部是偶数时,可以直接减,当</span>umask<span style="font-size:20px;font-family:‘宋体‘;">中包含奇数时,对于目录直接减,对于文件,在奇数所在的位减完后加一。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M00/9D/33/wKiom1l7LoWDEZ2bAABYlG_CnPs009.png" style="float:none;" title="image013.png" alt="wKiom1l7LoWDEZ2bAABYlG_CnPs009.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">(因为文件没有</span>x<span style="font-family:‘宋体‘;">位,而所有奇数一定都带</span>x<span style="font-family:‘宋体‘;">,因此没法减,每次必定多减了一个</span>x<span style="font-family:‘宋体‘;">,所以应该加回去,即加一)</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M00/9D/33/wKioL1l7LoWApUQcAAAzh5ZcwZM628.png" style="float:none;" title="image014.png" alt="wKioL1l7LoWApUQcAAAzh5ZcwZM628.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,可以看到权限确实为</span>756<span style="font-family:‘宋体‘;">和</span>646.</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">umask </span></strong><strong><span style="font-family:‘宋体‘;color:#FF0000;">–</span><span style="color:#FF0000;">S&nbsp;</span></strong><span style="font-family:‘宋体‘;">可以直接模式方式显示,不显示数字的方式</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s4.51cto.com/wyfs02/M01/9D/33/wKiom1l7Lobj82r7AAANgcW8ykU538.png" style="float:none;" title="image015.png" alt="wKiom1l7Lobj82r7AAANgcW8ykU538.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">也可以使用</span>-S<span style="font-size:20px;font-family:‘宋体‘;">修改</span>umask<span style="font-size:20px;font-family:‘宋体‘;">,此时设置的为最终权限,不需要减</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s4.51cto.com/wyfs02/M01/9D/33/wKioL1l7LoaxIBR4AAAZVgT0IF4001.png" style="float:none;" title="image016.png" alt="wKioL1l7LoaxIBR4AAAZVgT0IF4001.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">如图,修改成功</span></p><p><br /></p><p style="margin-left:36px;text-align:justify;">&nbsp;<span style="font-size:20px;"><span style="font-family:‘宋体‘;">当我们创建文件时,文件权限为最大权限减</span>umask<span style="font-family:‘宋体‘;">值,但是当我们复制时,复制出来的文件权限为原文件减</span>umask<span style="font-family:‘宋体‘;">值。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M00/9D/33/wKiom1l7LofD81t5AABNUsRMmsw241.png" style="float:none;" title="image017.png" alt="wKiom1l7LofD81t5AABNUsRMmsw241.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,</span>testfile1<span style="font-family:‘宋体‘;">的权限为</span>testfile-022.</span></p><p style="text-indent:28px;text-align:justify;">&nbsp;</p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">用户设置:</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">如果只用命令</span>umask<span style="font-size:20px;font-family:‘宋体‘;">设置</span>umask<span style="font-size:20px;font-family:‘宋体‘;">的值,在退出登录之后又会恢复原来的默认值</span>022<span style="font-size:20px;font-family:‘宋体‘;">。如果想永久的设置</span>umask<span style="font-size:20px;font-family:‘宋体‘;">的值,需要修改</span>.bashrc<span style="font-size:20px;font-family:‘宋体‘;">文件。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;font-family:‘宋体‘;"><br /></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M00/9D/33/wKioL1l7Loey3fDkAAFIfP3Y0C8800.png" style="float:none;" title="image018.png" alt="wKioL1l7Loey3fDkAAFIfP3Y0C8800.png" /></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">如图,在文件中加入代码,保存后即可设置成功。</span></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">(注意:设置后不会立即生效,需要重新登录才能生效。如果想让它立即生效,可以输入</span>. .bashrc<span style="font-size:20px;font-family:‘宋体‘;">或者</span>source .bashrc<span style="font-size:20px;font-family:‘宋体‘;">即可生效)</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M01/9D/33/wKiom1l7LofQjQ-RAABwh4mc6y4196.png" style="float:none;" title="image019.png" alt="wKiom1l7LofQjQ-RAABwh4mc6y4196.png" /></p><p><br /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">还有一种方法可以一次设置所有用户的</span>umask<span style="font-family:‘宋体‘;">值,修改</span>/etc/bashrc<span style="font-family:‘宋体‘;">文件</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M01/9D/33/wKioL1l7LoiAhhmjAABVFUJtANA847.png" style="float:none;" title="image020.png" alt="wKioL1l7LoiAhhmjAABVFUJtANA847.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">找到这几行,这一块的意思是普通用户</span>umask<span style="font-family:‘宋体‘;">值为</span>002<span style="font-family:‘宋体‘;">,</span>root<span style="font-family:‘宋体‘;">用户</span>umask<span style="font-family:‘宋体‘;">值为</span>022<span style="font-family:‘宋体‘;">,因此将</span>002<span style="font-family:‘宋体‘;">的值修改为需要的值即可。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><hr /><p style="text-align:justify;"><span style="font-size:20px;"></span><br /></p><p style="text-indent:28px;text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">有的时候能否使用命令作用于对象的时候,并不只取决于对象是否有权限,还应考虑命令的权限。</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">命令的属主属组都是</span>root<span style="font-size:20px;font-family:‘宋体‘;">,在正常情况下,命令的权限都是</span>755<span style="font-size:20px;font-family:‘宋体‘;">,因此任何用户都可以使用。如:</span>touch<span style="font-size:20px;font-family:‘宋体‘;">,</span>cat<span style="font-size:20px;font-family:‘宋体‘;">这类的命令。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">但是有些命令,如</span>groupmems<span style="font-size:20px;font-family:‘宋体‘;">,它的权限为</span>750<span style="font-size:20px;font-family:‘宋体‘;">,因此它只能由</span>root<span style="font-size:20px;font-family:‘宋体‘;">执行。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKiom1l7LojRhFeIAAAx0vyhzlM534.png" style="float:none;" title="image021.png" alt="wKiom1l7LojRhFeIAAAx0vyhzlM534.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,切换到普通用户下,不能执行</span>groupmems<span style="font-family:‘宋体‘;">命令。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">但是,我们发现</span>/etc/shadow<span style="font-family:‘宋体‘;">文件的权限为</span>000<span style="font-family:‘宋体‘;">,理论上仅仅只有</span>root<span style="font-family:‘宋体‘;">用户能读写(</span>root<span style="font-family:‘宋体‘;">是天神,没有特殊说明任何文件都在</span>root<span style="font-family:‘宋体‘;">的管辖之下),那我们是怎么使用其他用户修改密码的呢?</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">我们在修改密码时需要使用</span>passwd<span style="font-size:20px;font-family:‘宋体‘;">命令,让我们查看一下此命令:</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKiom1l7LojBwwd8AAAXkYCXP3Q776.png" style="float:none;" title="image022.png" alt="wKiom1l7LojBwwd8AAAXkYCXP3Q776.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">我们发现,在</span>u<span style="font-family:‘宋体‘;">的第三位上不是</span>x<span style="font-family:‘宋体‘;">而是</span>s<span style="font-family:‘宋体‘;">,这就是原因所在了。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">这个</span>s<span style="font-size:20px;font-family:‘宋体‘;">代表</span><strong><span style="font-size:20px;color:#FF0000;">SUID</span></strong><span style="font-size:20px;font-family:‘宋体‘;">权限,它的作用是:当对一个可执行的二进制文件作用了</span>SUID<span style="font-size:20px;font-family:‘宋体‘;">权限之后,任何拥有执行该文件权限的人,在执行的过程时都临时拥有该文件所属人的权限。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">也就是说我们在执行</span>passwd<span style="font-size:20px;font-family:‘宋体‘;">时,其实是暂时把我们当做</span>root<span style="font-size:20px;font-family:‘宋体‘;">来运行这个命令,因此可以修改</span>/etc/shadow<span style="font-size:20px;font-family:‘宋体‘;">文件了。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">同理,在</span>g<span style="font-size:20px;font-family:‘宋体‘;">的第三位也会有</span>s<span style="font-size:20px;font-family:‘宋体‘;">替代</span>x<span style="font-size:20px;font-family:‘宋体‘;">的时候,那个</span>s<span style="font-size:20px;font-family:‘宋体‘;">代表</span><strong><span style="font-size:20px;color:#FF0000;">SGID</span></strong><span style="font-size:20px;font-family:‘宋体‘;">权限,当对一个可执行的二进制文件作用了</span>SGID<span style="font-size:20px;font-family:‘宋体‘;">权限之后,任何拥有执行该文件权限的人,在执行的过程时都临时拥有该文件所属组的权限。当对一个目录作用了</span>SGID<span style="font-size:20px;font-family:‘宋体‘;">权限之后,任何对该目录有</span>wx<span style="font-size:20px;font-family:‘宋体‘;">权限的用户在该目录下创建的文件及目录的所有属组均为该目录的所有组。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">同样的,在</span>o<span style="font-size:20px;font-family:‘宋体‘;">的第三位可以加上</span>t<span style="font-size:20px;font-family:‘宋体‘;">,这个</span>t<span style="font-size:20px;font-family:‘宋体‘;">代表</span>Sticky<span style="font-size:20px;font-family:‘宋体‘;">权限,当对一个目录作用了</span>sticky<span style="font-size:20px;font-family:‘宋体‘;">之后(只限制组用户,目录的</span>owner<span style="font-size:20px;font-family:‘宋体‘;">不受影响),该目录下的文件仅其所属人才能删除。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKioL1l7LomAdOw3AADHCk3ZwVM686.png" style="float:none;" title="image023.png" alt="wKioL1l7LomAdOw3AADHCk3ZwVM686.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">SUID SGID STICKY</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">000 0</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">001 1</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">010 2</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">011 3</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">100 4</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">101 5</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">110 6</span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">111 7</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">前面我们只说了</span>umask<span style="font-size:20px;font-family:‘宋体‘;">值里看后三位,那么第一位代表的就是特殊权限。所以根据上面的表,如果想要只加入</span>SUID<span style="font-size:20px;font-family:‘宋体‘;">权限,即</span>100<span style="font-size:20px;font-family:‘宋体‘;">为</span>4<span style="font-size:20px;font-family:‘宋体‘;">,所以第一位应该填</span>4<span style="font-size:20px;font-family:‘宋体‘;">。</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/9D/33/wKioL1l7LonwzD2qAAAqMK4vFKM723.png" style="float:none;" title="image024.png" alt="wKioL1l7LonwzD2qAAAqMK4vFKM723.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图所示,设成了</span>SUID<span style="font-family:‘宋体‘;">权限。</span></span></p><p style="text-align:justify;">&nbsp;</p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">特殊权限虽然占据了</span>x<span style="font-family:‘宋体‘;">的位置,但是并不代表替换了</span>x<span style="font-family:‘宋体‘;">(只是因为没有地方表示了),所以我们需要区分既有</span>x<span style="font-family:‘宋体‘;">又有特殊权限时怎么区分。</span></span></p><p style="text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">映射表如下:</span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">SUID: user,<span style="font-size:20px;font-family:‘宋体‘;">占据属主的执行权限位</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">s: <span style="font-size:20px;font-family:‘宋体‘;">属主拥有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">S<span style="font-size:20px;font-family:‘宋体‘;">:属主没有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; SGID: group,<span style="font-size:20px;font-family:‘宋体‘;">占据属组的执行权限位</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">s: group<span style="font-size:20px;font-family:‘宋体‘;">拥有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">S<span style="font-size:20px;font-family:‘宋体‘;">:</span>group<span style="font-size:20px;font-family:‘宋体‘;">没有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; Sticky: other,<span style="font-size:20px;font-family:‘宋体‘;">占据</span>other<span style="font-size:20px;font-family:‘宋体‘;">的执行权限位</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">t: other<span style="font-size:20px;font-family:‘宋体‘;">拥有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="margin-left:28px;text-indent:28px;text-align:justify;"><span style="font-size:20px;">T<span style="font-size:20px;font-family:‘宋体‘;">:</span>other<span style="font-size:20px;font-family:‘宋体‘;">没有</span>x<span style="font-size:20px;font-family:‘宋体‘;">权限</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/c7b2fc840e17d41cfd.png" style="float:none;" title="image025.png" alt="wKiom1l7Loqz102yAABDkSTKqRM798.png" /></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,本身</span>ug<span style="font-family:‘宋体‘;">上都没有</span>x<span style="font-family:‘宋体‘;">位和</span>s<span style="font-family:‘宋体‘;">位,分别加上</span>SUID<span style="font-family:‘宋体‘;">和</span>SGID<span style="font-family:‘宋体‘;">权限,发现它们的</span>S<span style="font-family:‘宋体‘;">都是大写的,我们试着在</span>u<span style="font-family:‘宋体‘;">上加上</span>x<span style="font-family:‘宋体‘;">权限,发现</span>u<span style="font-family:‘宋体‘;">上的</span>s<span style="font-family:‘宋体‘;">果然变成了小写。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;</span></p><hr /><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">linux</span><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">下的文件还有一些隐藏的属性,我们可以用</span><strong><span style="font-size:20px;color:#FF0000;">lsattr</span></strong><span style="font-size:20px;font-family:‘宋体‘;">命令来查看:</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;<span style="font-family:‘宋体‘;">用</span><strong><span style="color:#FF0000;">chattr</span></strong><span style="font-family:‘宋体‘;">命令可以改变一个文件的隐藏属性。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">chattr </span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; +i&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">不能删除不能改</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp; &nbsp; +a&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">不能删除,只能追加</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/bc7886cfa6a3aa1595b009dd10.png" style="float:none;" title="image026.png" alt="wKiom1l7Lorwo6u_AACEwlR5NkI488.png" /></p><p><br /></p><hr /><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">ACL<span style="font-family:‘宋体‘;">:</span>AccessControl List<span style="font-family:‘宋体‘;">,可以用来实现灵活的权限管理。除了文件的所有者,所属组和其它人,可以对更多的用户设置权限。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">CentOS7<span style="font-family:‘宋体‘;">当中,无论是操作系统安装时还是之后手工创建的文件系统(</span>xfs<span style="font-family:‘宋体‘;">、</span>ext4<span style="font-family:‘宋体‘;">)均会开启</span>ACL<span style="font-family:‘宋体‘;">功能。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;">CentOS6<span style="font-size:20px;font-family:‘宋体‘;">及之前的版本,仅操作系统安装时创建的文件系统才会默认开启</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">,手工创建的文件系统,需要手工开启</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">功能。</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-family:‘宋体‘;font-size:20px;">开启方式:</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">方法一:</span>mount -o acl /dev/sda7&nbsp;</span></p><p style="text-align:justify;"><span style="font-size:20px;font-family:‘宋体‘;">&nbsp; &nbsp; &nbsp; &nbsp;取消的方式,重新挂载时不指定即可</span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">方法二:</span>tune2fs -o acl /dev/sda7&nbsp;</span></p><p style="text-align:left;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">&nbsp; &nbsp; &nbsp; &nbsp;取消的方式</span> tune2fs -o ^acl /dev/sda7</span><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/7afe4b69537f94a5ad28982cb1a5160e.png" style="float:none;" title="image027.png" alt="wKioL1l7LouBj2eMAAN-Sw95xrw529.png" /></p><p style="text-align:justify;">&nbsp;&nbsp;<span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">先判断是否是文件的</span>OWNER<span style="font-size:20px;font-family:‘宋体‘;">,如果是,则执行</span>OWNER<span style="font-size:20px;font-family:‘宋体‘;">的权限后结束,如果不是</span>OWNER<span style="font-size:20px;font-family:‘宋体‘;">,则判断是否是</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">的</span>USER<span style="font-size:20px;font-family:‘宋体‘;">,如果是则执行</span>USER<span style="font-size:20px;font-family:‘宋体‘;">权限后结束,如果不是</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">的</span>USER, <span style="font-size:20px;font-family:‘宋体‘;">则判断是否属于</span>GROUP<span style="font-size:20px;font-family:‘宋体‘;">或</span>ACL GROUP<span style="font-size:20px;font-family:‘宋体‘;">,如果是,则取最大权限。如果不属于任何</span>GROUP<span style="font-size:20px;font-family:‘宋体‘;">,则执行</span>OTHER<span style="font-size:20px;font-family:‘宋体‘;">。</span></span></p><p style="text-align:justify;"><span style="font-size:20px;">&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">所有人</span>-&gt;<span style="font-size:20px;font-family:‘宋体‘;">所有组</span>-&gt;<span style="font-size:20px;font-family:‘宋体‘;">其他人</span></span></p><p style="text-indent:28px;text-align:justify;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">getfacl </span></strong>file|directory&nbsp;&nbsp; <span style="font-family:‘宋体‘;">查看</span>ACL</span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/afd9f74d05218a397df2fdfe95aa2a63.png" style="float:none;" title="image028.png" alt="wKiom1l7LozCQehKAAAfifSS8dI109.png" /></p><p style="text-align:justify;"><span style="font-size:20px;"><span style="font-family:Calibri, sans-serif;">-R&nbsp; </span><span style="font-family:‘宋体‘;">作用在目录上,递归显示目录里每一个文件的</span><span style="font-family:Calibri, sans-serif;">ACL</span><span style="font-family:‘宋体‘;">权限</span></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/a3666ac95257abcaa53d29.png" style="float:none;" title="image029.png" alt="wKioL1l7Lozw1IpLAABFXxaSQzA151.png" /></p><p style="text-indent:8px;"><span style="font-size:20px;"><strong><span style="color:#FF0000;">setfacl</span></strong><span style="font-family:‘宋体‘;">参数</span></span></p><p><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;<strong><span style="font-size:20px;color:#FF0000;">-m</span></strong><span style="font-size:20px;font-family:‘宋体‘;">:<em><span style="font-size:20px;text-decoration:underline;">设置后续</span></em></span><em><span style="font-size:20px;text-decoration:underline;">acl</span></em><em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">参数</span></em></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://www.u72.net/d/file/p/2024/08/22/8626fab6cc1edf1de1e.png" style="float:none;" title="image030.png" alt="wKioL1l7LoyhVZHBAAA_FxROjeU723.png" /></p><p><span style="font-size:20px;"><span style="font-family:‘宋体‘;">如图,设置完之后最后一位会变成</span>+</span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;&nbsp;<strong><span style="font-size:20px;color:#FF0000;">u:</span></strong>[<span style="font-size:20px;font-family:‘宋体‘;">用户名</span>]:[rwx] <em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">设置某个用户的权限</span></em></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/9D/33/wKiom1l7Lo3RZvj2AABNsjsmFlQ499.png" style="float:none;" title="image031.png" alt="wKiom1l7Lo3RZvj2AABNsjsmFlQ499.png" /></p><p style="text-align:justify;"><strong><span style="font-size:16px;font-family:Calibri, ‘sans-serif‘;color:#FF0000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</span></strong><span style="font-size:20px;"><strong><span style="font-family:Calibri, sans-serif;color:#FF0000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; g:</span></strong><span style="font-family:Calibri, sans-serif;">[</span><span style="font-family:‘宋体‘;">用户组</span><span style="font-family:Calibri, sans-serif;">]:[rwx] </span><em><span style="text-decoration:underline;font-family:‘宋体‘;">设置某个组的权限</span></em></span></p><p style="text-align:justify;"><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s3.51cto.com/wyfs02/M02/9D/33/wKiom1l7Lo3yZ68bAAA4hOomE_A664.png" style="float:none;" title="image032.png" alt="wKiom1l7Lo3yZ68bAAA4hOomE_A664.png" /></p><p>&nbsp; &nbsp; &nbsp; &nbsp;<span style="font-size:20px;"><strong><span style="color:#FF0000;">-R</span></strong> <span style="font-family:‘宋体‘;">同样表示<em><span style="text-decoration:underline;">递归</span></em>(可以一次性修改目录以及目录下所有文件的</span>ACL<span style="font-family:‘宋体‘;">权限)</span></span></p><p><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s3.51cto.com/wyfs02/M02/9D/34/wKioL1l7NBaz3GrjAAIneUo9XRM232.png" style="float:none;" title="image033.png" alt="wKioL1l7NBaz3GrjAAIneUo9XRM232.png" /></p><p><br /></p><p><span style="font-size:20px;">setfacl -m <strong><span style="color:#FF0000;">mask</span></strong>:rwx f1 <em><span style="text-decoration:underline;"><span style="font-family:‘宋体‘;">设置</span>MASK</span></em><em><span style="text-decoration:underline;font-family:‘宋体‘;">值</span></em></span></p><p style="text-indent:28px;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">或</span> <strong><span style="font-size:20px;color:#FF0000;">chmod g</span></strong>=rwx f1 <span style="font-size:20px;font-family:‘宋体‘;">一旦设置了</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">权限后,原有的文件</span>GROUP<span style="font-size:20px;font-family:‘宋体‘;">不可再更改,使用</span>chmod<span style="font-size:20px;font-family:‘宋体‘;">即修改</span>ACL MASK </span></p><p style="text-indent:28px;"><span style="font-size:20px;">mask<span style="font-size:20px;font-family:‘宋体‘;">只影响除所有者和</span>other<span style="font-size:20px;font-family:‘宋体‘;">的之外的人和组的最大权限</span>Mask<span style="font-size:20px;font-family:‘宋体‘;">需要与用户的权限进行逻辑与运算后,才能变成有限的权限</span>(Effective Permission)</span></p><p style="text-indent:28px;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">用户或组的设置必须存在于</span>mask<span style="font-size:20px;font-family:‘宋体‘;">权限设定范围内才会生效</span></span></p><p><span style="font-size:20px;">&nbsp;&nbsp;&nbsp;Mask<span style="font-size:20px;font-family:‘宋体‘;">值会限制最大权限。</span></span></p><p><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s3.51cto.com/wyfs02/M00/9D/33/wKiom1l7NBahsiT9AAE1ZnKxnYI010.png" style="float:none;" title="image034.png" alt="wKiom1l7NBahsiT9AAE1ZnKxnYI010.png" /></p><p><span style="font-size:20px;">&nbsp; &nbsp;ACL MASK<span style="font-family:‘宋体‘;">随着新的</span>ACL<span style="font-family:‘宋体‘;">设置会被重置,重置的标准是让该文件上的所有</span>ACL<span style="font-family:‘宋体‘;">及文件原</span>GROUP<span style="font-family:‘宋体‘;">上的权限都有效。</span></span></p><p><span style="font-size:20px;">&nbsp; &nbsp;<span style="font-size:20px;font-family:‘宋体‘;">因为</span>MASK<span style="font-size:20px;font-family:‘宋体‘;">随着</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">的设置会变化,因此应该最好最后设置</span>MASK<span style="font-size:20px;font-family:‘宋体‘;">。</span></span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">setfacl -m <strong><span style="font-size:20px;color:#FF0000;">d</span></strong>:u:user:rwx d1&nbsp; <em><span style="font-size:20px;text-decoration:underline;"><span style="font-size:20px;font-family:‘宋体‘;">设置</span>ACL</span></em><em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">默认权限</span></em><span style="font-size:20px;font-family:‘宋体‘;">,目录新创建的文件都会被设置成默认权限,当前已创建的文件不变。</span></span></p><p><span style="font-size:20px;">setfacl <strong><span style="font-size:20px;color:#FF0000;">-k</span></strong> d1 <em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">删除全部默认权限</span></em></span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">setfacl <strong><span style="font-size:20px;color:#FF0000;">-M</span></strong> acl.txt f1[dir1]&nbsp; <em><span style="font-size:20px;text-decoration:underline;"><span style="font-size:20px;font-family:‘宋体‘;">将</span>acl.txt</span></em><em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">内容导入文件</span></em></span></p><p><span style="font-size:20px;">&nbsp; &nbsp;acl.txt<span style="font-size:20px;font-family:‘宋体‘;">内容来自</span>getfacl f1 &gt; acl.txt<span style="font-size:20px;font-family:‘宋体‘;">,</span></span></p><p style="text-indent:28px;"><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">如下,先使用</span>&gt;<span style="font-size:20px;font-family:‘宋体‘;">将内容导出到</span>acl.txt<span style="font-size:20px;font-family:‘宋体‘;">。</span></span></p><p><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s3.51cto.com/wyfs02/M01/9D/34/wKioL1l7NBfje1yqAABguytAHfI188.png" style="float:none;" title="image035.png" alt="wKioL1l7NBfje1yqAABguytAHfI188.png" /></p><p style="text-indent:28px;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">删除</span>ACL<span style="font-family:‘宋体‘;">权限之后用</span>-M<span style="font-family:‘宋体‘;">导入,发现权限又回去了。</span></span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">setfacl <strong><span style="font-size:20px;color:#FF0000;">-x</span></strong> u:user f1&nbsp; <em><span style="font-size:20px;text-decoration:underline;"><span style="font-size:20px;font-family:‘宋体‘;">单独去除一条</span>ACL</span></em><em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">权限</span></em></span></p><p><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s4.51cto.com/wyfs02/M00/9D/34/wKioL1l7NBfzkQhBAAEOXM2lZoA300.png" style="float:none;" title="image036.png" alt="wKioL1l7NBfzkQhBAAEOXM2lZoA300.png" /></p><p><br /></p><p><span style="font-size:20px;">&nbsp; setfacl <strong><span style="color:#FF0000;">-X</span></strong> aclrm.txt f1[ f2 f3 *] <em><span style="text-decoration:underline;font-family:‘宋体‘;">批量删除</span></em></span></p><p><span style="font-size:20px;">&nbsp; &nbsp; &nbsp;aclrm.txt<span style="font-size:20px;font-family:‘宋体‘;">内容如下</span></span></p><p><span style="font-size:20px;">&nbsp; &nbsp; &nbsp; &nbsp;u:liubei</span></p><p><span style="font-size:20px;">&nbsp; &nbsp; &nbsp; &nbsp;g:shuguo</span></p><p><span style="font-size:20px;"><span style="font-size:20px;font-family:‘宋体‘;">&nbsp; 同样的,先编辑一个</span>aclrm.txt<span style="font-size:20px;font-family:‘宋体‘;">文件,然后再执行命令。这样就可以设置删除</span>liubei<span style="font-size:20px;font-family:‘宋体‘;">和</span>shuguo<span style="font-size:20px;font-family:‘宋体‘;">的</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">设置。(如果没有</span>shuguo<span style="font-size:20px;font-family:‘宋体‘;">或者</span>liubei<span style="font-size:20px;font-family:‘宋体‘;">就不删除,也不会报错)</span></span></p><p><span style="font-size:20px;">&nbsp;</span></p><p><span style="font-size:20px;">setfacl <strong><span style="font-size:20px;color:#FF0000;">-b</span></strong> f1 <em><span style="font-size:20px;text-decoration:underline;"><span style="font-size:20px;font-family:‘宋体‘;">去除该文件上的</span>ACL</span></em><em><span style="text-decoration:underline;font-size:20px;font-family:‘宋体‘;">属性。</span></em></span></p><p><img alt="技术分享" onl oad="if(this.width>650) this.width=650;" src="https://s4.51cto.com/wyfs02/M02/9D/33/wKiom1l7NBjjpDnsAAIoBPC9gjE241.png" style="float:none;" title="image037.png" alt="wKiom1l7NBjjpDnsAAIoBPC9gjE241.png" /></p><p style="text-indent:28px;"><span style="font-size:20px;"><span style="font-family:‘宋体‘;">主要的文件操作命令</span>cp<span style="font-family:‘宋体‘;">和</span>mv<span style="font-family:‘宋体‘;">都支持</span>ACL<span style="font-family:‘宋体‘;">,只是</span>cp<span style="font-family:‘宋体‘;">命令需要加上</span>-p <span style="font-family:‘宋体‘;">参数。但是</span>tar<span style="font-family:‘宋体‘;">等常见的备份工具是不会保留目录和文件的</span>ACL<span style="font-family:‘宋体‘;">信息。</span></span></p><p style="text-indent:28px;"><span style="font-size:20px;"><strong><span style="font-size:20px;color:#FF0000;">getfacl -R /tmp/dir1 &gt; acl.txt</span></strong>&nbsp; <span style="font-size:20px;font-family:‘宋体‘;">将目录下的所有文件的</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">属性备份到文件(路径是相对路径)</span></span></p><p style="text-indent:28px;"><span style="font-size:20px;">setfacl -R -b/tmp/dir1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">清除目录下所有文件的</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">属性</span></span></p><p style="text-indent:28px;"><span style="font-family:‘宋体‘;font-size:20px;">两种还原方法:</span></p><p style="text-indent:28px;"><span style="font-size:20px;"><strong><span style="font-size:20px;color:#FF0000;">setfacl -R --set-file=acl.txt/tmp/dir1</span></strong>&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">通过文件还原</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">属性的方法</span>1</span></p><p style="text-indent:28px;"><span style="font-size:20px;"><strong><span style="font-size:20px;color:#FF0000;">setfacl --restore acl.txt </span></strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size:20px;font-family:‘宋体‘;">通过文件还原</span>ACL<span style="font-size:20px;font-family:‘宋体‘;">属性的方法</span>2</span></p><p><br /></p><p>本文出自 “Ty_endless” 博客,请务必保留此出处http://tyendless.blog.51cto.com//</p><p>文件权限——Linux基本命令(8)</p></span>

讯享网
小讯
上一篇 2025-05-21 23:41
下一篇 2025-05-01 18:34

相关推荐

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请联系我们,一经查实,本站将立刻删除。
如需转载请保留出处:https://51itzy.com/kjqy/154068.html