分类: LINUX
2011-06-14 22:54:00
一个文件权限的问题
[root@station15 ~]$ id student1
uid=505(student1) gid=500(student) groups=500(student) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@station15 ~]$ id student2
uid=506(student2) gid=500(student) groups=500(student) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@station15 ~]# mkdir /a
[root@station15 ~]# su - student1
[student1@station15 ~]$ cd /a
[student1@station15 a]$ >b
[student1@station15 a]$ ll b
-rw-r--r-- 1 student1 student 0 06-14 22:18 b
[student1@station15 a]$ setfacl -m u:student2:rwx b
[student1@station15 a]$ ll b
-rw-rwxr--+ 1 student1 student 0 06-14 22:18 b
[student1@station15 a]$ getfacl b
# file: b
# owner: student1
# group: student
user::rw-
user:student2:rwx
group::r--
mask::rwx
other::r--
[student1@station15 a]$ su - student2
口令:
[student2@station15 ~]$ vim /a/b
aaaaaaaaa
可以写入,继续
[student2@station15 ~]$ su - student1
口令:
[student1@station15 ~]$ chmod 644 /a/b
[student1@station15 ~]$ ll /a/b
-rw-r--r--+ 1 student1 student 21 06-14 22:22 /a/b
[student1@station15 ~]$ getfacl /a/b
getfacl: Removing leading '/' from absolute path names
# file: a/b
# owner: student1
# group: student
user::rw-
user:student2:rwx #effective:r--
group::r--
mask::r--
other::r--
[student1@station15 ~]$ su - student2
口令:
[student2@station15 ~]$ vim /a/b
aaaaaaaa
bbbbbbbb
:wq!保存
[student2@station15 ~]$ ll /a/b
-rw-r--r-- 1 student2 student 42 06-14 22:43 /a/b
[student2@station15 ~]$ vim /a/b
aaaaaaaa
bbbbbbbb
可以看出强制执行成功,acl消失,拥有者改变
[student2@station15 ~]$ su - student1
口令:
[student1@station15 ~]$ vim /a/b
aaaaaaaa
bbbbbbbb
ccccccccc
:wq!保存
[student1@station15 ~]$ ll /a/b
-rw-r--r-- 1 student1 student 63 06-14 22:50 /a/b
[student1@station15 ~]$ vim /a/b
aaaaaaaa
bbbbbbbb
ccccccccc
