Windows system is similar to the Linux system, Windows system files, directory properties are read-only, hidden, and Linux is the same.
In Linux, every file has specific properties. It mainly includes two aspects: file type and file permission. There are five different types: normal files, catalog files, linked files, device files, and pipe files.
The so-called file permissions refer to access rights to files, including reading, writing, deleting, and executing files. Linux is a multi-user operating system that allows multiple users to log in and work at the same time. So Linux associates a file or directory with a user or group. The Access Control List (ACL) provides better access control for computers. It is used to restrict access to files, resources, or sockets for all users, including the root user. Here's how to set up a simple setup method.
Step 1 Check the system core
First check if the core of your Linux system has ACL support. Because the Linux system does not have the ability to support ACLs at the core of every version, the easiest way is to check whether the current core of the system can support:
[root@mail /]# cat /boot/config -kernel-version |
Grep -i ext3
CONFIG_EXT3_FS=m
CONFIG_EXT3_IDEX=y
CONFIG_EXT3_FS_XATTR_SHARING=y
CONFIG_EXT3_FS_XATTR_USER=y
CONFIG_EXT3_FS_XATTR_TRUSTED=y< Br>
CONFIG_EXT3_FS_ACL=y
If you can see the above items, it means that it has been compiled into the kernel. The ext3 file system already supports the ACL function. These functions can be found in the compile kernel options. . If you can't find it at compile time, you can go to the ACL's official website to install Kernel (acl.bestbits.at/).
Step 2 Mounting the partition
You can mount the partition and enable the ACL in the following ways:
#mount -t ext3 -o acl /dev/sda1 /fs1
You can also write directly in the /etc/fstab file so that you can support ACL after booting:
#vi /etc/fstab
Step 3 ACL Permissions
ACLs are often set up for individual users. Here are a few different examples:
For example, you need to create test1, test2, and test3 users. You can log in to the system as root first. Then execute the following command to create three usernames and passwords respectively:
[root@mail root]#adduser test1
[root@mail root]#adduser test2
[ ,null,null,3],Root@mail root]#adduser test3
[root@mail root]#passwd test1
[root@mail root]#passwd test2
[root@mail root] #passwd test3
Then mount an ext3 file to the directory /fs1:
[root@mail root]#mount -t ext3 -o acl /dev/sda1 /fs1
Set the file created by test1 to read and write Permissions for test2 :
[root@mail root]#chmod -R 777 /fs1
Allow all users to add files to the directory:
Log in to the system with test1 and execute the command:
[test1@mail test1]# cd /fs1
[test1@mail fs1]# echo "Create by test1" > test1.txt< Br>
[test1@mail fs1]# chmod go-r test1.txt
[test1@mail fs1]# ll test1.txt
-rw------ - 1 test1 test1 17 Jul 14 22:11 test1.txt
The following operations can be used to save test1.txt permissions (except root) except for the read and write permissions of test1. Test2 After logging in to the system, execute the following command:
[test2@mail test2]# cd /fs1
[test2@mail fs1]# cat test1.txt
cat : test1 .txt Permission denied
Then log in to the system with test1 and execute the following command:
[test1@mail fs1]# setfacl -mu:test2:rw test1.txt
Modifying permissions allows test2 to have read and write access to this file. Let's take a look at the changes in its file attributes:
[test1@mail fs1]# ll
-rw-rw-r--+ 1 test1 test1 10 Feb 16 13:52 test1. Txt
will see an additional "+", indicating that the file uses the ACL attribute settings, and then use the command getfacl to view the ACL file attribute settings:
[test1@ Mail fs1]# getfacl test1.txt
# file: test1.txt
# owner: test1
# group: test1
user::rw -
user:test2:rw-
group::rw-
mask::rw-
other::r--
You can see that test2 has permission to read and write this file.
We use test2 to log in to the system and execute the following command to see what happened?
[test2@mail test2]# cd /fs1
[test2@mail fs1]# cat test1.txt
Create by test1
Original test2 You can read the test1.txt file.
[test2@mail fs1]# echo "Modify by test2" >> test1.txt
[test2@mail fs1]# cat test1.txt
Create by test1
Modify by test2
Now test2 can also modify the test1.txt file.
Then log in to the system with test3:
[test3@mail test3]# cd /fs1
[test3@mail fs1]# cat test1.txt
cat : test1.txt Permission denied
嘿嘿, except for test1, test2, no other user has permission to read and write test1.txt (except root).
Although watching it is a little dizzy, in fact, the command is such one or two, mainly to explain the situation to everyone, so that everyone will find in Linux, compared to the vulnerable Windows permissions protection Linux is doing quite well!
The current system is already on the Win10 system, but some users are still using the WinXP system.
mentioned that the installation of XP system is believed to be familiar to everyone, this system wit
Fix 7: Form anti-phishing habits Phishing attackers use fraudulent emails and fake Web sites to cond
Friends who are engaged in financial work often need to input the RMB symbol “¥”, bu
Solutions to several common faults in Windows
Let Windows XP SP2 pass the Security Center "Security"
Turn off the DEP function of Windows XP SP3
Under WinXP, my document can't be opened to show how to resolve access.
What if the XP operating system forgets the password? (1)
Microsoft partners confirm that Windows XP SP3 has been delivered to production
Hidden files sometimes can't be found to solve problems
Windows computer practical tips
Introduction to the individual functions of the bridge in Windows XP system
WinXP tutorial to achieve rapid reconnection after disconnected network
Win7 dials vpn when the card is always used to verify the user name and password and the solution
Hard disk formatting patterns can also be low-level format
Use the Windows 7 system family group to let more computers interact
How to restore the input method float of Windows XP system
Win7 Ultimate system can not install IIS and FTP service how to solve
NVIDIA discrete graphics card HDMI can not achieve extended display solution under XP system