Mvumo muLinux (chown, chmod, SUID, GUID, sticky bit, ACL, umask)

Mhoroi mose. Iyi ishanduro yechinyorwa kubva mubhuku RedHat RHCSA RHCE 7 RedHat Enterprise Linux 7 EX200 uye EX300.

Sunda: Ndinovimba kuti chinyorwa chichave chinobatsira kwete kune vanotanga chete, asi chichabatsirawo vatariri vane ruzivo varongedze ruzivo rwavo.

Saka handei.

Kuti uwane mafaera muLinux, mvumo inoshandiswa. Mvumo iyi inopihwa kune zvinhu zvitatu: muridzi wefaira, muridzi weboka, uye chimwe chinhu (kureva, vamwe vese). Ichi chinyorwa chinokudzidzisa nzira yekushandisa mvumo.

Chinyorwa chinotanga netarisiro yezvakakosha pfungwa uye chobva chakurukura maSpecial mvumo uye Access Control Lists (ACLs). Magumo echinyorwa ichi anovhara kuseta zvibvumirano zvekusarudzika kuburikidza neumask, pamwe nekugadzirisa akawedzera mushandisi hunhu.

Mafaira emuridzi manejimendi

Usati wakurukura nezvemvumo, iwe unofanirwa kuziva nezve basa refaira uye dhairekitori muridzi. Uridzi hwemafaira nemadhairekitori kwakakosha pakushanda nemvumo. Muchikamu chino, iwe unotanga kudzidza kuti iwe unogona sei kuona muridzi. Ipapo iwe unozodzidza maitiro ekuchinja muridzi weboka uye mushandisi wemafaira nemadhairekitori.

Kuratidza muridzi wefaira kana dhairekitori

MuLinux, faira rega rega nedhairekitori rine varidzi vaviri: mushandisi uye muridzi weboka.

Varidzi ava vanoiswa kana faira kana dhairekitori ragadzirwa. Mushandisi anogadzira faira anova muridzi wefaira iri, uye boka rekutanga iro mushandisi mumwechete rinovawo muridzi wefaira iri. Kuti uone kana iwe semushandisi uine kodzero yekuwana faira kana dhairekitori, iyo shell inotarisa muridzi.

Izvi zvinoitika nenzira inotevera:

1. Iyo shell inotarisa kuti uone kana iwe uri muridzi wefaira raunoda kuwana. Kana iwe uri iye muridzi, unopihwa mvumo uye goko rinomira kutarisa.
2. Kana usiri muridzi wefaira, goko rinotarisa kuti rione kana uri nhengo yeboka rine mvumo pafaira. Kana iwe uri nhengo yeboka iri, uchawana faira nemvumo dzakagadzirirwa boka, uye goko rinomira kutarisa.
3. Kana usiri mushandisi kana muridzi weboka, unogamuchira Dzimwe kodzero dzevashandisi.

Kuti uone iye zvino muridzi wemigove unogona kushandisa murairo chisiye. Uyu murairo unoratidza mushandisi uye muridzi weboka. Pazasi iwe unogona kuona muridzi marongero emadhairekitori pasi pe / imba dhairekitori.

[root@server1 home]# ls -l
total 8
drwx------. 3  bob            bob            74     Feb   6   10:13 bob
drwx------. 3  caroline       caroline       74     Feb   6   10:13 caroline
drwx------. 3  fozia          fozia          74     Feb   6   10:13 fozia
drwx------. 3  lara           lara           74     Feb   6   10:13 lara
drwx------. 5  lisa           lisa           4096   Feb   6   10:12 lisa
drwx------. 14 user           user           4096   Feb   5   10:35 user

Nemurairo ls unogona kuratidza muridzi wemafaira mudhairekitori rakapihwa. Dzimwe nguva zvingave zvinobatsira kuwana runyoro rwemafaira ese pane system ane akapihwa mushandisi kana boka semuridzi. Nokuda kweizvi unogona kushandisa wana. Nharo tsvaga -mushandisi inogona kushandiswa nokuda kwechinangwa ichi. Semuenzaniso, murairo unotevera unoratidza mafaera ese ane linda semuridzi:

find / -user linda

Unogona zvakare kushandisa wana kutsvaga mafaira ane rimwe boka semuridzi waro.

Semuenzaniso, murairo unotevera unotsvaga mafaera ese eboka vanozvishandisa:

find / -group users

Kuchinja kwemuridzi

Kushandisa mvumo yakakodzera, chinhu chekutanga kufunga ndechemuridzi. Pane murairo weizvi chown. Syntax yemurairo uyu iri nyore kunzwisisa:

chown кто что

Semuenzaniso, murairo unotevera unoshandura muridzi we / imba / account dhairekitori kumushandisi linda:

chown linda /home/account

chikwata chown ine zvakawanda zvingasarudzwa, imwe yacho inonyanya kubatsira: -R. Unogona kufungidzira zvainoita nekuti iyi sarudzo inowanikwa kune mamwe akawanda mirairo zvakare. Izvi zvinokutendera kuti uise muridzi wacho kudzokorora, izvo zvinokutendera kuti uise muridzi weiyo dhairekitori yezvino uye zvese zviri pasi payo. Murairo unotevera unoshandura muridzi we / imba dhairekitori uye zvese zviri pasi payo kumushandisi linda:

Iye zvino varidzi vanoita seizvi:

[root@localhost ~]# ls -l /home
total 0
drwx------. 2 account account 62 Sep 25 21:41 account
drwx------. 2 lisa    lisa    62 Sep 25 21:42 lisa

Ngatiitei:

[root@localhost ~]# chown -R lisa /home/account
[root@localhost ~]#

Iye zvino mushandisi lisa ndiye muridzi weakaundi dhairekitori:

[root@localhost ~]# ls -l /home
total 0
drwx------. 2 lisa account 62 Sep 25 21:41 account
drwx------. 2 lisa lisa    62 Sep 25 21:42 lisa

Chinja muridzi weboka

Pane nzira mbiri dzekushandura muridzi weboka. Unogona kuita izvi uchishandisa chown, asi pane murairo unokosha unonzi chgrp, iyo inoita basa iri. Kana iwe uchida kushandisa murairo chown, shandisa . kana : pamberi pezita reboka.

Iwo unotevera murairo unoshandura chero muridzi we / imba/akaundi boka kuboka reakaundi:

chown .account /home/account

unogona kushandisa chown kushandura muridzi wemushandisi uye/kana boka munzira dzinoverengeka. Heino mimwe mienzaniso:

• chown lisa myfile1 inoseta mushandisi lisa semuridzi wefaira myfile1.
• chown lisa.sales myfile inoseta mushandisi lisa semuridzi wefaira myfile, uye zvakare inoisa boka rekutengesa semuridzi wefaira rimwe chete.
• chown lisa:sales myfile zvakafanana neboka rapfuura.
• chown .sales myfile Inoisa boka rekutengesa kuti rive muridzi we myfile pasina kuchinja muridzi wemushandisi.
• chown :sales myfile zvakafanana neboka rapfuura.

Unogona kushandisa murairo chgrpkuchinja muridzi weboka. Chimbofunga muenzaniso unotevera waungashandisa chgrp Isa muridzi weakaundi dhairekitori kuboka rekutengesa:

chgrp .sales /home/account

Sezvo na chown, unogona kushandisa sarudzo -R с chgrp, uyezve shandura muridzi weboka recursively.

Default Muridzi Kunzwisisa

Iwe unogona kunge waona kuti kana mushandisi akagadzira faira, iyo default muridzi inoiswa.
Mushandisi anogadzira faira otomatiki anova muridzi wefaira iro, uye boka rekutanga remushandisi rinobva rave muridzi wefaira iroro. Kazhinji iri ndiro boka rakanyorwa mu /etc/passwd faira seboka rekutanga remushandisi. Zvisinei, kana mushandisi ari nhengo yemapoka akawanda, vanogona kushandura boka repuraimari rinoshanda.

Kuratidza boka razvino rinoshanda rekutanga, mushandisi anogona kushandisa rairo mapoka:

[root@server1 ~]# groups lisa
lisa : lisa account sales

Kana iyezvino mushandisi Linda achida kushandura iro rinoshanda rekutanga boka, anozoshandisa iwo murairo newgrpzvichiteverwa nezita reboka raanoda kugadza seboka repuraimari idzva rinoshanda. Mushure mekushandisa murairo newgrp boka rekutanga richashanda kusvika mushandisi apinda murairo mbudo kana kusabuda kunze kwehurongwa.

Heano mashandisiro anoita mushandisi linda uyu murairo, neboka rekutanga riri kutengesa:

lisa@server1 ~]$ groups
lisa account sales
[lisa@server1 ~]$ newgrp sales
[lisa@server1 ~]$ groups
sales lisa account
[lisa@server1 ~]$ touch file1
[lisa@server1 ~]$ ls -l
total 0
-rw-r--r--. 1 lisa sales 0 Feb 6 10:06 file1

Mushure mekuchinja boka rekutanga riripo, mafaera ese matsva akagadzirwa nemushandisi achave neboka iroro semuridzi weboka. Kuti udzokere kumaseting ekutanga eboka, shandisa mbudo.

Kugona kushandisa murairo newgrp, mushandisi anofanira kunge ari nhengo yeboka raanoda kushandisa sepuraimari. Pamusoro pezvo, password yeboka inogona kushandiswa kuboka rinoshandisa murairo gpasswd. Kana mushandisi akashandisa murairo newgrpasi haisi nhengo yeboka rinotarisirwa, shell inosimudzira password yeboka. Kana wangoisa password chaiyo yeboka, boka idzva rinoshanda repuraimari richaiswa.

Kutarisira Kodzero Dzakakosha

Iyo Linux mvumo system yakagadzirwa muma1970s. Sezvo zvinodikanwa zvekombuta zvakanga zvakaganhurirwa mumakore iwayo, gadziriro yemvumo huru yakanga yakaganhurirwa zvikuru. Iyi mvumo system inoshandisa zvibvumirano zvitatu zvinogona kuiswa kune mafaera uye madhairekitori. Muchikamu chino, iwe uchadzidza mashandisiro nekuchinja zvibvumirano izvi.

Kunzwisisa kuverenga, kunyora, uye kuita mvumo

Iwo matatu makuru mvumo anotendera iwe kuverenga, kunyora, uye kuita mafaera. Mhedzisiro yemvumo iyi inosiyana kana ikashandiswa kune mafaera kana madhairekitori. Kana yaiswa kufaira, mvumo yekuverenga inokupa iwe kodzero yekuvhura iyo faira kuti uverenge. Naizvozvo, unogona kuverenga zvirimo, asi izvi zvinoreva kuti komputa yako inogona kuvhura iyo faira kuita chimwe chinhu nayo.

Iyo purogiramu faira inoda kuwana raibhurari inofanira, semuenzaniso, kuve nekuverenga kuwana iyo raibhurari. Izvi zvinoreva kuti mvumo yekuverenga ndiyo inonyanya kukosha mvumo yaunoda kushanda nemafaira.

Kana ikaiswa kudhairekitori, kuverenga kunokubvumira kuratidza zviri mukati medhairekitori iroro. Iwe unofanirwa kuziva kuti iyi mvumo haikubvumidze kuverenga mafaera mudhairekitori. Iyo Linux mvumo system haizive nhaka, uye nzira chete yekuverenga faira ndeye kushandisa mvumo yekuverenga pane iro faira.

Sezvaunogona kufungidzira, nyora mvumo, kana yaiswa kune faira, inobvumira kunyora kune iyo faira. Mune mamwe mazwi, inokubvumira kuti uchinje zviri mukati mafaira aripo. Nekudaro, hazvikutendere iwe kugadzira kana kudzima mafaera matsva kana kushandura mvumo yefaira. Kuti uite izvi, unofanirwa kupa mvumo yekunyora kune dhairekitori kwaunoda kugadzira iyo faira. Mune madhairekitori, iyi mvumo zvakare inobvumidza iwe kugadzira uye kudzima subdirectories nyowani.

Execute permit ndiyo yaunoda kuti uite faira. Iyo haizombofa yakagadzikwa neyakagadzika, izvo zvinoita kuti Linux iite kudzivirirwa zvachose kumavhairasi. Chete munhu ane mukana wekunyora kune dhairekitori anogona kushandisa mvumo yekuita.

Izvi zvinotevera muchidimbu kushandiswa kwemvumo dzekutanga:

Kushandisa chmod

Kugadzirisa kodzero, shandisa murairo chmod... Kushandisa chmod unogona kuseta mvumo yemushandisi, boka, uye zvimwe. Iwe unogona kushandisa murairo uyu mumamodhi maviri: hama modhi uye mhedziso modhi. Mune absolute modhi, manhamba matatu anoshandiswa kuseta ekutanga mvumo.

Kana uchiseta mvumo, verenga kukosha kwaunoda. Kana iwe uchida kuseta kuverenga, kunyora uye kuita kune mushandisi, verenga uye ita yeboka, uye verenga uye uite kune vamwe mu / somefile ipapo iwe unoshandisa murairo unotevera. chmod:

chmod 755 /somefile

Paunoshandisa chmod Nenzira iyi, zvibvumirano zvese zvazvino zvinotsiviwa nemvumo yawakaseta.

Kana iwe uchida kushandura mvumo maererano nemvumo iripo, unogona kushandisa chmod mune imwe nzira. Kushandisa chmod mune imwe nzira unoshanda nezviratidzo zvitatu kuratidza zvaunoda kuita:

1. Kutanga unotsanangura waunoda kushandura mvumo. Kuti uite izvi unogona kusarudza pakati pemushandisi (u), boka (g) nevamwe (o).
2. Iwe wobva washandisa chirevo kuwedzera kana kubvisa zvibvumirano kubva kune yazvino modhi, kana kuzvimisa zvachose.
3. Pakupedzisira unoshandisa r, w и xkutaura kuti ndedzipi mvumo dzaunoda kuseta.

Kana uchichinja mvumo mune imwe nzira, unogona kusvetuka "ku" chikamu kuti uwedzere kana kubvisa mvumo yezvinhu zvese. Semuenzaniso, uyu murairo unowedzera mvumo yekuita kune vese vashandisi:

chmod +x somefile

Paunenge uchishanda mune imwe nzira, unogona zvakare kushandisa mirairo yakaoma. Semuenzaniso, uyu murairo unowedzera mvumo yekunyora kuboka uye unobvisa mvumo yekuverenga yevamwe:

chmod g+w,o-r somefile

Paunoshandisa chmod -R o+rx /data iwe unoseta mvumo yekuita kune ese madhairekitori, pamwe nemafaira ari mu/data dhairekitori. Kuseta mvumo yekuita chete pamadhairekitori uye kwete mafaera, shandisa chmod -R o+ rX / data.

Iyo yepamusoro X inova nechokwadi chekuti mafaera haazopihwe mvumo yekuita kunze kwekunge iyo faira yatoisa mvumo yekuita pane zvimwe zvinhu. Izvi zvinoita kuti X ive yakangwara nzira yekubata nemvumo yekuuraya; izvi zvinodzivirira kuisa mvumo iyi pamafaira pazvisingadiwe.

Kuwedzerwa kodzero

Pamusoro pemvumo dzekutanga dzauchangobva kuverenga nezvadzo, Linux zvakare ine seti yemvumo yepamusoro. Aya haasi iwo mvumo yaunoseta nekusarudzika, asi dzimwe nguva ivo vanopa inobatsira yekuwedzera. Muchikamu chino iwe uchadzidza kuti chii uye kuti ungazvimisa sei.

Kunzwisisa SUID, GUID uye inonamira zvishoma yakawedzera kodzero

Pane zvigadziriso zvitatu zvepamusoro. Yekutanga ndiyo Set User ID (SUID) mvumo. Mune zvimwe zviitiko zvakakosha, ungangoda kushandisa iyi mvumo kune mafaera anogona kuitiswa. Nekumisikidza, mushandisi anomhanyisa anomhanyisa faira iro nemvumo yavo.

Kune vashandisi venguva dzose, izvi zvinowanzoreva kuti kushandiswa kwechirongwa kunogumira. Nekudaro, mune dzimwe nguva, mushandisi anoda mvumo yakakosha chete kuita rimwe basa.

Funga, semuenzaniso, mamiriro ezvinhu apo mushandisi anoda kuchinja password yavo. Kuti aite izvi, mushandisi anofanira kunyora password yake nyowani ku /etc/shadow file. Nekudaro, iyi faira hainyorwe nevasiri-midzi vashandisi:

root@hnl ~]# ls -l /etc/shadow
----------. 1 root root 1184 Apr 30 16:54 /etc/shadow

Mvumo yeSUID inopa mhinduro kudambudziko iri. Mu /usr/bin/passwd utility, mvumo iyi inoshandiswa nekukasira. Izvi zvinoreva kuti kana password yachinjwa, mushandisi anowana midzi ropafadzo kwenguva pfupi, iyo inovabvumira kunyora kune /etc/shadow file. Unogona kuona mvumo yeSUID nayo chisiye sei s munzvimbo yaunowanzo kutarisira kuona x kune mvumo yetsika:

[root@hnl ~]# ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 32680 Jan 28 2010 /usr/bin/passwd

Mvumo yeSUID inogona kutaridzika inobatsira (uye mune dzimwe nguva ndizvo), asi zvakare inogona kuve nengozi. Kana ikashandiswa zvisizvo, unogona kupa netsaona mvumo yemidzi. Nokudaro, ndinokurudzira kuishandisa chete nekuchenjerera kwakanyanya.

Vazhinji vatungamiri havazombofaniri kuishandisa; iwe unongozviona mune mamwe mafaera uko iyo inoshanda sisitimu inofanirwa kuimisa nekukasira.

Yechipiri yakakosha mvumo iGroup ID (SGID). Iyi mvumo ine maitiro maviri. Kana ikashandiswa kune faira rinoshandiswa, inopa mushandisi ari kushandisa faira mvumo yemuridzi weboka refaira. Saka SGID inogona kuita zvimwe kana zvishoma zvakafanana neSUID. Nekudaro, SGID hainyanyi kushandiswa kune ichi chinangwa.

Sezvakaita nemvumo yeSUID, SGID inoshandiswa kune mamwe mafaera ehurongwa seyakagadzikwa.

Kana ikaiswa kune dhairekitori, SGID inogona kubatsira nekuti unogona kuishandisa kuseta iyo default muridzi weboka kune mafaera uye subdirectories akagadzirwa mune iro dhairekitori. Nekumisikidza, kana mushandisi akagadzira faira, boka ravo rekutanga rinoshanda rinoiswa semuridzi weboka refaira iro.

Izvi hazviwanzo batsira zvakanyanya, kunyanya sezvo vashandisi veRed Hat/CentOS vane boka ravo rekutanga rakaiswa kuboka rine zita rakafanana nemushandisi, uye iro mushandisi ndiye ega nhengo. Saka, nekusarudzika, mafaera anogadzirwa nemushandisi anogovaniswa boka.

Fungidzira mamiriro ezvinhu apo vashandisi linda na lori vanoshanda mu accounting uye inhengo dzeboka Nhoroondo. Nekutadza, vashandisi ava inhengo dzeboka rakazvimiririra iro ivo chete nhengo. Nekudaro, vese vashandisi inhengo dzeboka reakaundi, asiwo seyechipiri boka parameter.

Mamiriro ezvinhu ekuti kana chero wevashandisi ava akagadzira faira, boka rekutanga rinova muridzi. Naizvozvo, nekusarudzika, linda haakwanise kuwana mafaera akagadzirwa na lori, uye zvinopesana. Nekudaro, kana iwe ukagadzira dhairekitori reboka rakagovaniswa (taura / mapoka/akaundi) uye woona kuti mvumo yeSGID inoshandiswa kune iro dhairekitori uye kuti account yeboka yakaiswa kuGroup Muridzi weiyo dhairekitori, mafaera ese akagadzirwa mune iro dhairekitori nezvose zvaro. subdirectories, torawo account yeboka semuridzi weboka.

Nechikonzero ichi, mvumo yeSGID mvumo inobatsira kwazvo yekuisa pamadhairekitori eboka reruzhinji.

Iyo SGID mvumo inoratidzwa mune zvakabuda chisiye sei s panzvimbo yaunowanzo kuwana mvumo yekuuraya boka:

[root@hnl data]# ls -ld account
drwxr-sr-x. 2 root account 4096 Apr 30 21:28 account

Chetatu chemvumo dzakakosha chinonamira zvishoma. Mvumo iyi inobatsira kuchengetedza mafaera kubva mukudzimwa netsaona munzvimbo ine vashandisi vazhinji vane mukana wekunyora kune imwechete dhairekitori. Kana iyo inonamira bit ikashandiswa, mushandisi anogona chete kudzima faira kana vari ivo muridzi wefaira kana dhairekitori rine faira. Nechikonzero ichi, ndiyo mvumo yekusarudzika yeiyo /tmp dhairekitori uye inogona kubatsira kune veruzhinji madhairekitori eboka zvakare.

Pasina iyo inonamira zvishoma, kana mushandisi achigona kugadzira mafaera mudhairekitori, anogona zvakare kudzima mafaera kubva kune iro dhairekitori. Munharaunda yeboka revanhu izvi zvinogona kutsamwisa. Fungidzira vashandisi linda na lori, avo vese vane mvumo yekunyora kune / data/akaundi dhairekitori uye vawane mvumo iyi kuburikidza nenhengo muboka reakaundi. Naizvozvo, linda anogona kudzima mafaera akagadzirwa na lori, uye zvinopesana.

Kana iwe ukaisa zvinonamira zvishoma, mushandisi anogona chete kudzima mafaera kana chimwe cheanotevera mamiriro chiri chokwadi:

• Mushandisi ndiye muridzi wefaira;
• Mushandisi ndiye muridzi wedhairekitori mune iyo faira.

Paunoshandisa chisiye, unogona kuona zvakanamira senge t munzvimbo yaunowanzo kuona kuita mvumo kune vamwe:

[root@hnl data]# ls -ld account/
drwxr-sr-t. 2 root account 4096 Apr 30 21:28 account/

Kushandisa kodzero dzakawedzerwa

Kuisa SUID, SGID uye inonamira zvishoma iwe unogona zvakare kushandisa chmod. SUID ine nhamba inokosha ye4, SGID ine nhamba inokosha ye2, uye inonamira bhiti ine nhamba inokosha ye1.

Kana iwe uchida kushandisa zvibvumirano izvi unofanirwa kuwedzera nharo yemhando ina kune chmod, nhamba yekutanga iyo inoreva kune dzakakosha mvumo. Mutsara unotevera, semuenzaniso, uchawedzera mvumo yeSGID kune dhairekitori uye isa rwx yemushandisi uye rx yeboka uye nevamwe:

chmod 2755 /somedir

Izvi hazvigoneke kana iwe uchida kuona zvibvumirano zvazvino zvakaiswa usati washanda nazvo chmod mune absolute mode. (Unoisa panjodzi yekuregererwa kwemvumo kana ukasaita izvi.) Saka ndinokurudzira kushanda mune imwe modhi kana uchida kushandisa chero mvumo yakakosha:

1. Yekushandisa SUID chmod u+s.
2. Yekushandisa SGID chmod g+s.
3. Yekushandisa inonamira bit chmod +tichiteverwa nezita refaira kana dhairekitori raunoda kuseta mvumo.

Iyo tafura inopfupikisa zvese zvaunoda kuziva nezve kutonga kwakakosha mvumo.

Muenzaniso wekushanda nekodzero dzakakosha

Mumuenzaniso uyu, unoshandisa mvumo dzakakosha kuti zvive nyore kunhengo dzeboka kugovera mafaera mudhairekitori reboka rakagovaniswa. Iwe unopa iyo ID bit yeakaseti yeboka ID pamwe neinonamira bit, uye woona kuti kana yangoiswa, maficha anowedzerwa kuti zvive nyore kuti nhengo dzeboka dzishande pamwechete.

1. Vhura terminal pauri mushandisi linda. Iwe unogona kugadzira mushandisi nemirairo Linda, wedzera password akadaro Linda.
2. Gadzira / data dhairekitori mumudzi uye / data/sales subdirectory ine murairo mkdir -p /data/sales. Execute cd /data/saleskuenda kudhairekitori rekutengesa. Execute bata linda1 и bata linda2kugadzira mafaera maviri asina chinhu alinda.
3. Kuuraya su-lisa kushandura mushandisi wazvino kumushandisi lisa, ari zvakare nhengo yeboka rekutengesa.
4. Kuuraya cd /data/sales uye kubva pane ino dhairekitori run chisiye. Iwe uchaona mafaera maviri akagadzirwa nemushandisi linda uye ari weboka relinda. Execute rm -f linda*. Izvi zvinobvisa mafaera ese ari maviri.
5. Kuuraya bata lisa1 и bata lisa2kugadzira mafaera maviri ari emushandisi lisa.
6. Kuuraya su - kuwedzera maropafadzo ako kumidzi.
7. Kuuraya chmod g+s,o+t /data/saleskuseta iyo group identifier (GUID) bit pamwe neinonamira bit mudhairekitori reboka rakagovaniswa.
8. Kuuraya su-linda. Zvadaro ita bata linda3 и bata linda4. Iwe unofanirwa kuona ikozvino kuti mafaera maviri awakasika ndeayo eboka rekutengesa, iro riri muridzi weboka re / data/sales directory.
9. Kuuraya rm -rf lisa*. Sticky bit inodzivirira kubviswa kwemafaira aya semushandisi linda nekuti hausi muridzi wemafaira aya. Ziva kuti kana mushandisi Linda ari iye muridzi we / data/sales dhairekitori, anogona kudzima mafaera aya zvakadaro!

ACL manejimendi (setfacl, getfacl) muLinux

Kunyangwe mvumo yepamberi yakurukurwa pamusoro ichiwedzera mashandiro anobatsira kune nzira iyo Linux inobata nemvumo, hazvikubvumidze iwe kupa mvumo kune vanopfuura mumwe mushandisi kana boka rimwe pafaira rimwe chete.

Access control list inopa basa iri. Ivo zvakare vanobvumira vatariri kuseta zvibvumirano zvekusarudzika nenzira yakaoma apo mvumo yakatarwa inogona kusiyana pakati pedhairekitori.

Kunzwisisa ACLs

Kunyangwe iyo ACL subsystem inowedzera hukuru mashandiro kune server yako, ine imwe drawback: hazvisi zvese zvinoshandiswa zvinoitsigira. Nekuda kweizvozvo, unogona kurasikirwa neACL marongero paunenge uchikopa kana kufambisa mafaera, uye backup software inogona kusatsigira ACL marongero.

Iyo tara utility haitsigire ACLs. Kuve nechokwadi chekuti ACL marongero haana kurasika kana kugadzira negadziriro yeparutivi, kushandisa nyeredzi panzvimbo yetara. nyeredzi inoshanda nemaitiro akafanana netara; inongowedzera rutsigiro rwe ACL marongero.

Unogonawo kutsigira ACL uchishandisa www, iyo inogona kudzoreredzwa uchishandisa iyo setfacl command. Kugadzira backup, shandisa getfacl -R /directory> file.acls. Kudzoreredza marongero kubva kune backup faira, shandisa setfacl --restore=file.acl.

Kushaikwa kwerutsigiro kune mamwe maturusi hakufanirwe kuve dambudziko. ACLs kazhinji kushandiswa kuna Directories sezvo structural chiyero pane kuti munhu mafaira.
Naizvozvo, hakuzove nevakawanda vavo, asi vashoma chete, vanoiswa munzvimbo dzakangwara mune faira system. Naizvozvo, zviri nyore kudzoreredza yekutanga ACLs yawakashanda nayo, kunyangwe kana yako negadziriro yeparutivi software isingavatsigire.

Kugadzirira iyo faira system ye ACLs

Usati watanga kushanda ne ACLs, ungada kugadzirira yako faira system kutsigira ACLs. Nekuti faira system metadata inoda kuwedzerwa, hapasi nguva dzose tsigiro yeACLs pane faira system. Kana iwe ukagamuchira "kushanda kusina kutsigirwa" meseji paunenge uchigadzira ACLs yefaira system, faira yako inogona kusatsigira ACLs.

Kugadzirisa izvi unoda kuwedzera sarudzo acl mount mu /etc/fstab faira kuitira kuti faira system igadzirwe neACL rutsigiro nekukasira.

Kuchinja uye kuona ACL marongero uchishandisa setfacl uye getfacl

Kuisa ACL unofanira murayiro setfacl. Kuti uone ikozvino ACL marongero aunoda www. Team chisiye haaratidze chero iripo ACLs; inongoratidza a + mushure mekunyorwa kwemvumo, izvo zvinoratidza kuti ma ACL anoshanda kune faira zvakare.

Usati configuring ACLs, nguva dzose ipfungwa yakanaka kuratidza azvino ACL marongero uchishandisa www. Pazasi muenzaniso iwe unogona kuona zvibvumirano zvazvino sezvakaratidzwa nazvo chisiye, uyewo sezvakaratidzwa ne www. Kana iwe ukanyatsotarisisa zvakakwana, uchaona kuti ruzivo rwakaratidzwa rwakafanana chaizvo.

[root@server1 /]# ls -ld /dir
drwxr-xr-x. 2 root root 6 Feb 6 11:28 /dir
[root@server1 /]# getfacl /dir
getfacl: Removing leading '/' from absolute path names
# file: dir
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Somugumisiro wekuita murairo www Pazasi iwe unogona kuona kuti mvumo inoratidzwa yezvinhu zvitatu zvakasiyana: mushandisi, boka uye zvimwe. Zvino ngatiwedzerei ACL kupa kuverenga uye kuita mvumo kuboka rekutengesa. Murairo weizvi ndouyu setfacl -mg:kutengesa:rx /dir. Pachikwata ichi -m inoratidza kuti ikozvino ACL marongero anoda kuchinjwa. Mushure maizvozvo g:kutengesa:rx inoudza murairo kuseta kuverenga uye kuita ACL (rx) yeboka (g) kutengesa. Pazasi iwe unogona kuona kuti murairo unotaridzika sei, pamwe nekubuda kweiyo getfacl kuraira mushure mekushandura ikozvino ACL marongero.

[root@server1 /]# setfacl -m g:sales:rx /dir
[root@server1 /]# getfacl /dir
getfacl: Removing leading '/' from absolute path names
# file: dir
# owner: root
# group: root
user::rwx
group::r-x
group:sales:r-x
mask::r-x
other::r-x

Zvino zvauri kunzwisisa sei kuisa boka ACL, zviri nyore kunzwisisa ACLs kuti vanoshandisa uye vamwe vanoshandisa. Somuenzaniso, murayiro setfacl -mu:linda:rwx /data Inopa mvumo kumushandisi linda mu / data dhairekitori pasina kumuita iye muridzi kana kushandura basa remuridzi wazvino.

chikwata setfacl ine zvinhu zvakawanda uye sarudzo. Imwe sarudzo inonyanya kukosha, iyo parameter -R. Kana yakashandiswa, iyo sarudzo inoita iyo ACL marongero kune ese mafaera uye madhairekitori aripo iye zvino mudhairekitori pamunoisa iyo ACL. Zvinokurudzirwa kushandisa sarudzo iyi nguva dzose paunenge uchichinja maACL kune madhairekitori aripo.

Kushanda neDefault ACLs

Imwe yemabhenefiti ekushandisa ACLs ndeyekuti iwe unogona kupa mvumo kune vakawanda vashandisi kana mapoka mudhairekitori. Imwe bhenefiti ndeyekuti iwe unogona kugonesa nhaka uchishanda neiyo default ACL.

Nekugadzika ACL yakasarudzika, iwe unozoona mvumo ichaiswa pazvinhu zvese zvitsva zvakagadzirwa mudhairekitori. Ramba uchifunga kuti iyo default ACL haishandure mvumo yemafaira aripo uye subdirectories. Kuti uvashandure, iwe unofanirwa kuwedzera yenguva dzose ACL zvakare!

Izvi zvakakosha kuziva. Kana uchida kushandisa ACL kugadzirisa vakawanda vanoshandisa kana mapoka kuwana chete dhairekitori, unofanira kuisa ACL kaviri. Kutanga kushandiswa setfacl -R -mkuchinja ACL nokuda mafaira ano. Zvadaro shandisa setfacl -md:kutarisira zvinhu zvitsva zvese zvichagadzirwawo.

Kuseta default ACL unongoda kuwedzera sarudzo d mushure mesarudzo -m (kurongeka kunokosha!). Saka shandisa setfacl -md:g:sales:rx /datakana iwe uchida kuti boka rekutengesa riverenge uye riite zvese zvinozombogadzirwa mu / data dhairekitori.

Paunenge uchishandisa default ACLs, zvingavawo zvinobatsira kumisa ACLs vamwe. Kazhinji izvi hazvina musoro nekuti iwe unogona zvakare kushandura mvumo kune vamwe vanoshandisa chmod. Zvisinei, chii chausingagoni kuita nacho chmod, ndeyekudoma kodzero dzinofanirwa kupihwa kune vamwe vashandisi kune yega yega faira idzva rinombogadzirwa. Kana iwe uchida kudzivirira vamwe kubva kuwana chero mvumo pane chero yakagadzirwa mu / data, semuenzaniso, shandisa setfacl -md:o::-/data.

ACLs uye mvumo yenguva dzose haisi nguva dzose yakanyatsobatanidzwa. Matambudziko anogona kumuka kana iwe ukaisa ACL yakasarudzika kune dhairekitori mushure mekuwedzera zvinhu kune iro dhairekitori, uye woedza kushandura zvakajairika mvumo. Shanduko dzinoshanda kumvumo dzenguva dzose hadzizoratidzike zvakanaka muchidimbu che ACL. Kuti udzivise matambudziko, tanga waisa zvibvumirano zvakajairika, wobva waisa maACL (uye mushure meizvozvo, edza kusachinja zvakare).

Muenzaniso wekutonga kodzero dzakawedzerwa uchishandisa ACLs

Mumuenzaniso uyu, ucharamba uchishanda ne/data/account uye/data/sales madhairekitori awakagadzira kare. Mumienzaniso yapfuura, iwe wakave nechokwadi chekuti boka rekutengesa raive nemvumo ku/data/kutengesa uye boka reakaundi raive nemvumo ku/data/account.

Kutanga, ita shuwa kuti boka reakaundi rakaverenga mvumo pa / data/sales dhairekitori uye kuti boka rekutengesa rakaverenga mvumo pa / data/akaundi dhairekitori.

Iwe wobva waisa default ACLs kuve nechokwadi chekuti mafaera ese matsva ane mvumo akaiswa nemazvo pazvinhu zvese zvitsva.

1. Vhura terminal.
2. Kuuraya setfacl -mg:account:rx /data/sales и setfacl -mg: sales:rx /data/account.
3. Kuuraya wwwkuve nechokwadi chekuti mvumo yakaiswa nenzira yaunoda.
4. Kuuraya setfacl -md:g:akaundi:rwx,g:sales:rx/data/saleskuseta iyo default ACL yedhairekitori rekutengesa.
5. Wedzera yakasarudzika ACL ye / data/account dhairekitori uchishandisa setfacl -md:g:sales:rwx,g:account:rx/data/account.
6. Simbisa kuti yako ACL marongero ari kushanda nekuwedzera faira idzva ku /data/sales. Execute bata /data/sales/newfile uye kuita getfacl /data/sales/newfile kutarisa mvumo ikozvino.

Kuseta zvibvumirano zvekusarudzika uchishandisa umask

Pamusoro wakadzidza kushanda pamwe default ACLs. Kana ukasashandisa ACL, pane goko sarudzo inosarudza zvibvumirano zvauchagamuchira: umask (reverse mask). Muchikamu chino, iwe uchadzidza maitiro ekuchinja maredhiyo ekutanga uchishandisa umask.

Iwe unogona kunge waona kuti kana iwe ukagadzira faira idzva, dzimwe mvumo yekusarudzika inoiswa. Mvumo idzi dzinotemerwa nekuseta umask. Iyi gadziriso yegomba inoshanda kune vese vashandisi pa logon. Mune parameter umask kukosha kwenhamba kunoshandiswa iyo inobviswa kubva kune yakanyanya mvumo inogona kuisirwa otomatiki faira; Iyo yakanyanya kuseta yemafaira ndeye 666, uye yedhairekitori ndeye 777.

Zvisinei, zvimwe zvisiri izvo zvinoshanda kumutemo uyu. Iwe unogona kuwana tarisiro yakazara yezvirongwa umask mutafura iri pasi apa.

Kubva kunhamba dzakashandiswa mu umask, sezvakaita nenhamba dzenharo kumurairo chmod, nhamba yekutanga inoreva mvumo yemushandisi, yechipiri inoreva mvumo yeboka, uye yekupedzisira inoreva mvumo yekusagadzika yakaseterwa vamwe. Meaning umask iyo default 022 inopa 644 kune ese mafaera matsva uye 755 kune ese madhairekitori matsva akagadzirwa pane yako server.

Hwirudzuro yakazara yenhamba dzese kukosha umask uye mhedzisiro yavo mutafura iri pazasi.

Nzira iri nyore yekuona kuti umask setting inoshanda sei inotevera: tanga nemvumo yefaira yefaira yakagadzirirwa ku666 uye kubvisa umask kuti uwane zvibvumirano zvinobudirira. Ita zvakafanana kune dhairekitori uye zvibvumirano zvayo zve777.

Pane nzira mbiri dzekushandura umask setting: yevashandisi vese uye yevashandisi vega. Kana iwe uchida kuseta umask kune vese vashandisi, unofanirwa kuve nechokwadi chekuti umask yekumisikidza inoremekedzwa paunenge uchimhanyisa mafaera emamiriro ekunze, sezvakatsanangurwa mu /etc/profile. Nzira yakarurama ndeyekugadzira shell script inonzi umask.sh mu /etc/profile.d dhairekitori uye tsanangura umask waunoda kushandisa mune iyo shell script. Kana umask ichishandurwa mune iyi faira, inoshandiswa kune vese vashandisi mushure mekupinda muvhavha.

Imwe nzira yekuisa umask kuburikidza ne / etc / profile uye mafaira akabatanidzwa, iyo inoshandiswa kune vese vashandisi vanopinda mukati, ndeyekuchinja zvirongwa zveumask mufaira inonzi .profile, iyo inogadzirwa mubhuku remusha wega wega.

Zvirongwa zvinoshandiswa mufaira iri zvinoshanda chete kumushandisi wega; saka, iyi inzira yakanaka kana iwe uchida rumwe ruzivo. Ini pachangu ndinoda chimiro ichi kuti ndichinje midzi yemushandisi yekusarudzika umask ku027, nepo vashandisi vakajairwa vanoshanda neiyo default umask ye022.

Kushanda neakawedzera mushandisi hunhu

Ichi ndicho chikamu chekupedzisira pane Linux mvumo.

Paunenge uchishanda nemvumo, panogara paine hukama pakati pemushandisi kana chinhu cheboka uye zvibvumirano izvo izvo mushandisi kana boka zvinhu zvine pafaira kana dhairekitori. Imwe nzira yekudzivirira mafaera paLinux server ndeyekushanda nehunhu.
Maitiro anoita basa rawo zvisinei nemushandisi anowana faira.

Sezvakaita neACLs, faira hunhu hungada kugoneswa. pagomo.

Iyi isarudzo user_xattr. Kana iwe ukagamuchira "operation isingatsigirwe" meseji paunenge uchishanda neakawedzera mushandisi hunhu, ita shuwa yekuseta iyo pagomo mufaira /etc/fstab.

Hunhu hwakawanda hwakanyorwa. Humwe hunhu huripo asi husati hwaitwa. Usazvishandisa; hapana chavangakuunzira.

Pazasi pane anonyanya kubatsira maitiro aunokwanisa kushandisa:

A Hunhu uhu hunovimbisa kuti nguva yefaira yefaira haichinje.
Kazhinji, nguva imwe neimwe faira inovhurwa, nguva iyo faira yakasvika inofanira kunyorwa mumetadata yefaira. Izvi zvinokanganisa kushanda; saka, kune mafaira anowanikwa nguva dzose, hunhu A inogona kushandiswa kudzima chimiro ichi.

a Uhu hunhu hunokutendera kuti uwedzere, asi kwete kudzima, faira.

c Kana iwe uri kushandisa faira system inotsigira vhoriyamu-level compression, iyi faira hunhu hunova nechokwadi chekuti faira rinodzvanywa kana injini yekumanikidza yatanga kugoneswa.

D Uhu hunhu hunovimbisa kuti shanduko kumafaira dzinonyorerwa kudhisiki nekukasira kwete kutanga kuchengetwa. Ichi chinhu chinobatsira pane akakosha dhatabhesi mafaera kuti ave nechokwadi chekuti haana kurasika pakati pefaira cache uye hard drive.

d Unhu uhwu hunovimbisa kuti faira haina kuchengetwa mumabhakoni panoshandiswa dump utility.

I Hunhu uhu hunogonesa kuita indexing yedhairekitori umo inogoneswa. Izvi zvinopa kukurumidza faira kupinda kune ekare faira masisitimu akadai seExt3, asingashandise B-muti dhatabhesi yekukurumidza kuwana faira.

i Hunhu uhu hunoita kuti faira risashanduke. Naizvozvo, hapana shanduko inogona kuitwa kune faira, iyo inobatsira kune mafaera anoda kuwedzera kuchengetedzwa.

j Uhu hunhu hunovimbisa kuti pane ext3 faira system, faira rinotanga kunyorwa kujenari uyezve kune mabhuroki edata pane hard disk.

s Nyora zvidhinha umo faira rakachengeterwa 0 s mushure mekunge faira radzimwa. Izvi zvinovimbisa kuti faira haigone kudzoserwa kana yadzimwa.

u Hunhu uhu hunochengetedza ruzivo nezve kudzima. Izvi zvinokutendera kuti ugadzire chishandiso chinoshanda neruzivo urwu kununura mafaira akadzimwa.

Kana iwe uchida kushandisa hunhu unogona kushandisa murairo chatter. Somuenzaniso, kushandisa chattr +s somefilekushandisa hunhu kune somefile. Unoda kubvisa hunhu? Zvadaro shandisa chattr -s somefile, uye ichadzimwa. Kuti uwane tarisiro yezvese hunhu huri kushandiswa parizvino, shandisa murairo lsattr.

Summary

Muchikamu chino, wakadzidza kushanda nemvumo. Iwe unoverenga nezve matatu ekutanga mvumo, mvumo yepamberi, uye mashandisiro eACLs pane faira system. Iwe wakadzidzawo mashandisiro aungaita umask parameter kushandisa zvibvumirano zvakasarudzika. Pakupera kwechinyorwa chino, iwe wakadzidza mashandisiro ekushandisa-akawedzera hunhu kuisa imwe yekuwedzera dhizaini yekuchengetedza faira system.

Kana wakafarira shanduro iyi, tapota nyora pamusoro payo mumashoko. Pachave nekurudziro yakawanda yekuita shanduro dzinobatsira.

Ndakagadzirisa mamwe matypos uye zvikanganiso zvegirama muchinyorwa. Yakaderedza dzimwe ndima dzakakura kuita diki kuti zvive nyore kuverenga.

Panzvimbo yekuti "Munhu chete ane kodzero dzekutonga kune dhairekitori anogona kushandisa mvumo yekuita." yakagadziriswa ku "Munhu chete ane mukana wekunyora kune dhairekitori anogona kushandisa mvumo yekuita.", zvingave zvakanyanya.

Ndatenda nemacomments berez.

Akatsiviwa:
Kana usiri muridzi wemushandisi, goko rinotarisa kuona kana iwe uri nhengo yeboka, inonziwo boka refaira.

Pa:
Kana usiri muridzi wefaira, goko rinotarisa kuti rione kana uri nhengo yeboka rine mvumo pafaira. Kana iwe uri nhengo yeboka iri, uchawana faira nemvumo dzakagadzirirwa boka, uye goko rinomira kutarisa.

Ndatenda nemhinduro yenyu CryptoPirate

Source: www.habr.com