Izimvume ku-Linux (chown, chmod, SUID, GUID, sticky bit, ACL, umask)

Sanibonani nonke. Lokhu ukuhunyushwa kwesihloko esivela encwadini ethi RedHat RHCSA RHCE 7 RedHat Enterprise Linux 7 EX200 kanye ne-EX300.

Phusha: Ngithemba ukuthi lesi sihloko sizoba usizo hhayi kwabaqalayo kuphela, kodwa futhi sizosiza abaphathi abanolwazi oluthe xaxa ukuthi baqondise ulwazi lwabo.

Ake sihambe.

Ukuze ufinyelele amafayela ku-Linux, izimvume ziyasetshenziswa. Lezi zimvume zabelwe izinto ezintathu: umnikazi wefayela, umnikazi weqembu, kanye nenye into (okungukuthi, wonke umuntu). Kulesi sihloko, uzofunda ukuthi ungazisebenzisa kanjani izimvume.

Lesi sihloko siqala ngokubukezwa kwemiqondo eyisisekelo, kulandelwa ingxoxo yezimvume Ezikhethekile kanye Nohlu Lokulawula Ukufinyelela (ACLs). Ekupheleni kwalesi sihloko, sihlanganisa ukusetha izimvume ezizenzakalelayo nge-umask, kanye nokuphatha izibaluli zomsebenzisi ezinwetshiwe.

Ukuphathwa kobunikazi befayela

Ngaphambi kokuxoxa ngezimvume, kufanele wazi indima yomnikazi wefayela nohlu lwemibhalo. Ubunikazi bamafayela nezinkomba kubalulekile ekubhekaneni nezimvume. Kulesi sigaba, uzoqale ufunde ukuthi ungambona kanjani umnikazi. Uyobe usufunda ukuthi ungamshintsha kanjani umnikazi weqembu nomsebenzisi wamafayela nezinkomba.

Ibonisa umnikazi wefayela noma uhla lwemibhalo

Ku-Linux, ifayela ngalinye nalo lonke uhla lwemibhalo lunabanikazi ababili: umsebenzisi nomnikazi weqembu.

Laba banikazi bayasethwa uma ifayela noma uhla lwemibhalo lwenziwa. Umsebenzisi odala ifayela uba umnikazi walelo fayela, futhi iqembu eliyinhloko lowo msebenzisi ayingxenye yalo liphinde libe umnikazi walelo fayela. Ukuze unqume ukuthi ingabe wena, njengomsebenzisi, unayo imvume yokufinyelela ifayela noma uhla lwemibhalo, igobolondo lihlola ubunikazi.

Lokhu kwenzeka ngendlela elandelayo:

1. Igobolondo liyahlola ukuze libone ukuthi ungumnikazi wefayela ofuna ukufinyelela kulo. Uma ungumnikazi, uthola izimvume futhi igobolondo liyayeka ukuhlola.
2. Uma ungeyena umnikazi wefayela, igobolondo lizohlola ukuze libone ukuthi ingabe uyilungu leqembu elinezimvume kufayela. Uma uyilungu laleli qembu, uzofinyelela ifayela elinezimvume iqembu elizimisile, futhi igobolondo lizoyeka ukuhlola.
3. Uma ungeyena umsebenzisi noma ungeyena umnikazi weqembu, unikezwa amalungelo abanye abasebenzisi (Okunye).

Ukuze ubone imisebenzi ezokwenziwa yomnikazi wamanje, ungasebenzisa umyalo ls-l. Lo myalo ubonisa umsebenzisi nomnikazi weqembu. Ngezansi ungabona izilungiselelo zomnikazi zezinkomba kuhla lwemibhalo/lwasekhaya.

[root@server1 home]# ls -l
total 8
drwx------. 3  bob            bob            74     Feb   6   10:13 bob
drwx------. 3  caroline       caroline       74     Feb   6   10:13 caroline
drwx------. 3  fozia          fozia          74     Feb   6   10:13 fozia
drwx------. 3  lara           lara           74     Feb   6   10:13 lara
drwx------. 5  lisa           lisa           4096   Feb   6   10:12 lisa
drwx------. 14 user           user           4096   Feb   5   10:35 user

Usebenzisa umyalo ls ungabonisa umnikazi wamafayela ohlwini lwemibhalo olunikeziwe. Ngezinye izikhathi kungase kube usizo ukuthola uhlu lwawo wonke amafayela ohlelweni anomsebenzisi othile noma iqembu njengomnikazi. Ukuze lokhu ungasebenzisa thola. Ukuphikisana thola umsebenzisi ingasetshenziselwa le njongo. Isibonelo, umyalo olandelayo ubala wonke amafayela aphethwe ngu-linda umsebenzisi:

find / -user linda

Ungasebenzisa futhi i- thola ukucinga amafayela aneqembu elithile njengomnikazi wawo.

Isibonelo, umyalo olandelayo usesha wonke amafayela eqembu abasebenzisi:

find / -group users

Ukushintsha komnikazi

Ukuze usebenzise izimvume ezifanele, into yokuqala okufanele icatshangelwe ubunikazi. Kukhona umyalo walokhu chown. I-syntax yalo myalo kulula ukuyiqonda:

chown кто что

Isibonelo, umyalo olandelayo ushintsha umnikazi we-directory/yekhaya/i-akhawunti ku-linda yomsebenzisi:

chown linda /home/account

Ithimba chown inezinketho ezimbalwa, enye yazo ewusizo kakhulu: -R. Ungakwazi ukuqagela ukuthi yenzani ngoba le nketho iyatholakala nakweminye imiyalo eminingi. Lokhu kukuvumela ukuthi usethe ngokuphindaphindiwe umnikazi, okukuvumela ukuthi usethe umnikazi wenkomba yamanje nakho konke okungezansi. Umyalo olandelayo ushintsha ubunikazi bohla lwemibhalo lwasekhaya nakho konke okungaphansi kwalo kumsebenzisi we-linda:

Manje abanikazi babukeka kanjena:

[root@localhost ~]# ls -l /home
total 0
drwx------. 2 account account 62 Sep 25 21:41 account
drwx------. 2 lisa    lisa    62 Sep 25 21:42 lisa

Masenzeni lokhu:

[root@localhost ~]# chown -R lisa /home/account
[root@localhost ~]#

Manje umsebenzisi u-lisa usephenduke umnikazi wenkomba ye-akhawunti:

[root@localhost ~]# ls -l /home
total 0
drwx------. 2 lisa account 62 Sep 25 21:41 account
drwx------. 2 lisa lisa    62 Sep 25 21:42 lisa

Shintsha umnikazi weqembu

Kunezindlela ezimbili zokushintsha ubunikazi beqembu. Ungakwenza lokhu usebenzisa chown, kodwa kunomyalo okhethekile okuthiwa chgrplokho kwenza umsebenzi. Uma ufuna ukusebenzisa umyalo chown, sebenzisa . noma : phambi kwegama leqembu.

Umyalo olandelayo ushintsha noma yimuphi umnikazi weqembu/wekhaya/i-akhawunti eqenjini le-akhawunti:

chown .account /home/account

ungasebenzisa chown ukushintsha umnikazi womsebenzisi kanye/noma iqembu ngezindlela ezimbalwa. Nazi izibonelo:

• chown lisa myfile1 usetha umsebenzisi u-lisa njengomnikazi we-myfile1.
• chown lisa.sales myfile usetha umsebenzisi u-lisa njengomnikazi wefayela le-myfile, futhi usetha iqembu lokuthengisa njengomnikazi wefayela elifanayo.
• chown lisa:sales myfile okufanayo nomyalo odlule.
• chown .sales myfile usetha iqembu lokuthengisa njengomnikazi we-myfile ngaphandle kokushintsha umnikazi womsebenzisi.
• chown :sales myfile okufanayo nomyalo odlule.

Ungasebenzisa umyalo chgrpukushintsha umnikazi weqembu. Cabanga ngesibonelo esilandelayo, lapho ungasebenzisa khona chgrp setha umnikazi wohla lwemibhalo lwe-akhawunti eqenjini lokuthengisa:

chgrp .sales /home/account

Njengaku chown, ungasebenzisa inketho -R с chgrp, kanye nokushintsha ngokuphindaphindiwe umnikazi weqembu.

Ukuqonda Umnikazi Omisiwe

Kungenzeka ukuthi uqaphele ukuthi lapho umsebenzisi enza ifayela, ubunikazi obuzenzakalelayo busetshenziswa.
Umsebenzisi odala ifayela ngokuzenzakalelayo uba umnikazi walelo fayela, futhi iqembu eliyinhloko lalowo msebenzisi liba umnikazi walelo fayela ngokuzenzakalelayo. Ngokuvamile leli yiqembu elisohlwini lwefayela /etc/passwd njengeqembu eliyinhloko lomsebenzisi. Nokho, uma umsebenzisi eyilungu lamaqembu angaphezu kwelilodwa, umsebenzisi angashintsha iqembu eliyinhloko elisebenzayo.

Ukukhombisa iqembu eliyinhloko elisebenzayo lamanje, umsebenzisi angasebenzisa umyalo Amaqembu:

[root@server1 ~]# groups lisa
lisa : lisa account sales

Uma umsebenzisi wamanje we-linda efuna ukushintsha iqembu eliyinhloko elisebenzayo, uzosebenzisa umyalo newgpalandelwe yigama leqembu afuna ukulimisa njengeqembu eliyisisekelo elisha elisebenzayo. Ngemva kokusebenzisa umyalo newgp iqembu eliyinhloko lizosebenza kuze kube yilapho umsebenzisi efaka umyalo Phuma noma ungaphumi.

Okulandelayo kubonisa indlela umsebenzisi u-linda asebenzisa ngayo lo myalo, ngokuthengisa njengeqembu eliyinhloko:

lisa@server1 ~]$ groups
lisa account sales
[lisa@server1 ~]$ newgrp sales
[lisa@server1 ~]$ groups
sales lisa account
[lisa@server1 ~]$ touch file1
[lisa@server1 ~]$ ls -l
total 0
-rw-r--r--. 1 lisa sales 0 Feb 6 10:06 file1

Ngemva kokushintsha iqembu eliyinhloko elisebenzayo, wonke amafayela amasha adalwe umsebenzisi azoba nalelo qembu njengomnikazi weqembu. Ukuze ubuyele kusilungiselelo sangempela seqembu, sebenzisa Phuma.

Ukuze ukwazi ukusebenzisa umyalo newgp, umsebenzisi kufanele abe yilungu leqembu afuna ukulisebenzisa njengeqembu eliyinhloko. Ngaphezu kwalokho, iphasiwedi yeqembu ingasetshenziselwa iqembu elisebenzisa umyalo gwedwd. Uma umsebenzisi esebenzisa umyalo newgpkodwa akulona ilungu leqembu eliqondiwe, igobolondo liyala ngephasiwedi yeqembu. Ngemuva kokufaka igama eliyimfihlo leqembu elilungile, kuzosungulwa iqembu eliyisisekelo elisha elisebenzayo.

Ukuphathwa kwamalungelo ayisisekelo

Uhlelo lwemvume ye-Linux lwasungulwa ngeminyaka yawo-1970s. Njengoba izidingo zekhompyutha zazilinganiselwe ngaleyo minyaka, uhlelo lwemvume oluyisisekelo lwalulinganiselwe. Lolu hlelo lwemvume lusebenzisa izimvume ezintathu ezingasetshenziswa kumafayela nezinkomba. Kulesi sigaba, uzofunda ukuthi ungasebenzisa kanjani futhi uguqule lezi zimvume.

Ukuqonda Funda, Bhala, futhi Ukhiphe Izimvume

Izimvume ezintathu eziyisisekelo zikuvumela ukuthi ufunde, ubhale, futhi usebenzise amafayela. Umthelela walezi zimvume uyahluka uma usetshenziswa kumafayela noma izinkomba. Ngefayela, imvume yokufunda ikunikeza ilungelo lokuvula ifayela ukuze lifundwe. Ngakho-ke, ungafunda okuqukethwe kwayo, kodwa lokho kusho ukuthi ikhompuyutha yakho ingavula ifayela ukuze yenze okuthile ngalo.

Ifayela lohlelo elidinga ukufinyelela kumtapo wolwazi kufanele, isibonelo, libe nokufinyelela kokufunda kulowo mtapo wolwazi. Lokhu kulandela ukuthi imvume yokufunda iyimvume eyisisekelo oyidingayo ukuze usebenze ngamafayela.

Uma kusetshenziswa kuhla lwemibhalo, ukufunda kukuvumela ukuthi ubonise okuqukethwe kwalolo hlu lwemibhalo. Kufanele uqaphele ukuthi le mvume ayikuvumeli ukuthi ufunde amafayela ohlwini lwemibhalo. Isistimu yemvume ye-Linux ayilazi ifa, futhi okuwukuphela kwendlela yokufunda ifayela ukusebenzisa izimvume zokufunda kulelo fayela.

Njengoba ungase uqagele, imvume yokubhala, uma isetshenziswa efayeleni, ivumela ukubhala kufayela. Ngamanye amazwi, ikuvumela ukuthi uguqule okuqukethwe kwamafayela akhona. Nokho, ayikuvumeli ukuthi udale noma ususe amafayela amasha noma ushintshe izimvume zefayela. Ukuze wenze lokhu, udinga ukunikeza imvume yokubhala kumkhombandlela lapho ufuna ukudala khona ifayela. Kuzinhlu, le mvume ikuvumela ukuthi udale futhi ususe ama-subdirectory amasha.

Ukukhipha imvume yilokho okudingayo ukuze usebenzise ifayela. Ngeke ifakwe ngokuzenzakalelayo, okwenza i-Linux icishe ivikeleke ngokuphelele kumagciwane. Umuntu onezimvume zokubhala kuhla lwemibhalo kuphela ongafaka isicelo semvume yokukhipha.

Okulandelayo kufingqa ukusetshenziswa kwezimvume eziyisisekelo:

Ukusebenzisa i-chmod

Umyalo usetshenziselwa ukuphatha izimvume. chmod... Ukusebenzisa chmod ungasetha izimvume zomsebenzisi (umsebenzisi), amaqembu (iqembu) nabanye (okunye). Ungasebenzisa lo myalo ngezindlela ezimbili: imodi yesihlobo kanye nemodi ephelele. Kumodi ephelele, amadijithi amathathu asetshenziswa ukusetha izimvume eziyisisekelo.

Uma usetha izimvume, bala inani olidingayo. Uma ufuna ukusetha ukufunda/ukubhala/ukwenzele umsebenzisi, funda/wenzela iqembu, futhi ufunde/ukhiphele abanye ku/somefile bese usebenzisa umyalo olandelayo chmod:

chmod 755 /somefile

Lapho usebenzisa chmod ngale ndlela, zonke izimvume zamanje zithathelwa indawo izimvume ozisethile.

Uma ufuna ukushintsha izimvume ngokuhlobene nezimvume zamanje, ungasebenzisa chmod ngemodi ehlobene. Ukusebenzisa chmod kwimodi ehlobene usebenza nezinkomba ezintathu ukukhombisa ofuna ukukwenza:

1. Okokuqala ucacisa ukuthi ubani ofuna ukuguqulela izimvume. Ukuze wenze lokhu, ungakhetha phakathi komsebenzisi (u), iqembu (g) nabanye (o).
2. Bese usebenzisa isitatimende ukuze wengeze noma ususe izimvume kumodi yamanje, noma uzisethe ngokuphelele.
3. Ekugcineni usebenzisa r, w и xukucacisa ukuthi yiziphi izimvume ofuna ukuzisetha.

Lapho ushintsha izimvume kumodi ehlobene, ungeqa ingxenye ethi "kuya" ukuze wengeze noma ususe imvume yazo zonke izinto. Isibonelo, lo myalo wengeza imvume yokusebenzisa kubo bonke abasebenzisi:

chmod +x somefile

Uma usebenza kwimodi ehlobene, ungasebenzisa futhi imiyalo eyinkimbinkimbi. Isibonelo, lo myalo wengeza imvume yokubhala eqenjini futhi ususa imvume yokufunda kwabanye:

chmod g+w,o-r somefile

Lapho usebenzisa chmod -R o+rx /data usetha imvume yokukhipha yazo zonke izinkomba kanye namafayela kuhla lwemibhalo/lwedatha. Ukusetha imvume yokukhipha yezinkomba kuphela hhayi amafayela, sebenzisa chmod -R o+ rX /data.

Usonhlamvukazi X uqinisekisa ukuthi amafayela awayitholi imvume yokusayinda ngaphandle uma ifayela seliyithathile kakade imvume yokusebenzisa kwezinye izinto. Lokhu kwenza i-X ibe yindlela ehlakaniphile yokubhekana nezimvume zokukhipha; lokhu kuzogwema ukusetha le mvume kumafayela lapho ingadingeki khona.

Amalungelo anwetshiwe

Ngokungeziwe kuzimvume eziyisisekelo osanda kufunda ngazo, i-Linux futhi inesethi yezimvume ezithuthukile. Lezi akuzona izimvume ozisethe ngokuzenzakalelayo, kodwa ngezinye izikhathi zinikeza isengezo esiwusizo. Kulesi sigaba, uzofunda ukuthi ziyini nokuthi zingasethwa kanjani.

Ukuqonda i-SUID, i-GUID, kanye Nezimvume Ezinwetshiwe Zebhithi Enamathelayo

Kunezimvume ezintathu ezithuthukisiwe. Eyokuqala yalezi yimvume yokusetha isihlonzi somsebenzisi (SUID). Kwezinye izimo ezikhethekile, ungasebenzisa le mvume kumafayela asebenzisekayo. Ngokuzenzakalelayo, umsebenzisi osebenzisa okusebenzisekayo ugijima lelo fayela ngezimvume zakhe.

Kubasebenzisi abajwayelekile, lokhu ngokuvamile kusho ukuthi ukusetshenziswa kohlelo kunomkhawulo. Nokho, kwezinye izimo, umsebenzisi udinga izimvume ezikhethekile, kuphela ukwenza umsebenzi othile.

Cabanga, isibonelo, isimo lapho umsebenzisi adinga ukushintsha iphasiwedi yakhe. Ukuze wenze lokhu, umsebenzisi kufanele abhale iphasiwedi yakhe entsha kufayela /etc/shadow. Nokho, leli fayela alibhaleki abasebenzisi abangenazimpande:

root@hnl ~]# ls -l /etc/shadow
----------. 1 root root 1184 Apr 30 16:54 /etc/shadow

Imvume ye-SUID inikeza isisombululo kule nkinga. I/usr/bin/passwd insiza isebenzisa le mvume ngokuzenzakalelayo. Lokhu kusho ukuthi lapho ushintsha iphasiwedi, umsebenzisi uba impande okwesikhashana, okumvumela ukuthi abhalele kufayela /etc/shadow. Ungabona imvume ye-SUID nge ls-l kanjani s endaweni lapho ubungalindela ukubona khona x ngezimvume ezenziwe ngokwezifiso:

[root@hnl ~]# ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 32680 Jan 28 2010 /usr/bin/passwd

Imvume ye-SUID ingase ibukeke iwusizo (futhi kwezinye izimo injalo), kodwa ngesikhathi esifanayo ingaba yingozi. Uma ingasetshenziswanga kahle, unganikeza izimvume zezimpande ngephutha. Ngakho-ke, ngincoma ukuyisebenzisa kuphela ngokucophelela okukhulu.

Abalawuli abaningi abasoze badinga ukuyisebenzisa; uzoyibona kuphela kwamanye amafayela lapho isistimu yokusebenza kufanele iwasethe ngokuzenzakalelayo.

Imvume yesibili ekhethekile isihlonzi seqembu (SGID). Le mvume inemiphumela emibili. Uma isetshenziswa efayeleni elisebenzisekayo, inikeza umsebenzisi osayinde ifayela izimvume zomnikazi weqembu lefayela. Ngakho-ke i-SGID ingenza okungaphezulu noma okuncane okufanayo ne-SUID. Nokho, i-SGID empeleni ayisetshenziselwa le njongo.

Njengemvume ye-SUID, i-SGID isetshenziswa kwamanye amafayela esistimu njengesilungiselelo esizenzakalelayo.

Uma isetshenziswa kuhla lwemibhalo, i-SGID ingaba usizo ngoba ungakwazi ukuyisebenzisela ukusetha umnikazi weqembu ozenzakalelayo wamafayela neziqondiso ezingaphansi ezidalwe kulolo hlu lwemibhalo. Ngokuzenzakalelayo, lapho umsebenzisi enza ifayela, iqembu labo eliyinhloko elisebenzayo limiswa njengomnikazi weqembu walelo fayela.

Lokhu akuhlali kuwusizo kakhulu, ikakhulukazi njengoba abasebenzisi be-Red Hat/CentOS beneqembu labo eliyinhloko elibekwe eqenjini elinegama elifanayo nelomsebenzisi, futhi umsebenzisi okuyilungu lalo kuphela. Ngakho, ngokuzenzakalelayo, amafayela akhiwa umsebenzisi azokwabiwa ngobuningi.

Ake ucabange ngesimo lapho abasebenzisi u-linda no-lori besebenza ku-accounting futhi bengamalungu eqembu i-akhawunti. Ngokuzenzakalela, laba basebenzisi bangamalungu eqembu eliyimfihlo okuyibo bodwa abangamalungu alo. Nokho, bobabili abasebenzisi bangamalungu eqembu le-akhawunti, kodwa futhi njengepharamitha yeqembu lesibili.

Isimo esizenzakalelayo siwukuthi uma noma yimuphi walaba basebenzisi adala ifayela, iqembu eliyinhloko liba umnikazi. Ngakho-ke, ngokuzenzakalelayo, i-linda ayikwazi ukufinyelela amafayela adalwe ngu-lori, futhi ngokuphambene nalokho. Nokho, uma udala uhla lwemibhalo lweqembu okwabelwana ngalo (yithi /amaqembu/i-akhawunti) futhi uqinisekise ukuthi imvume ye-SGID isetshenziswa kuleyo mibhalo nokuthi i-akhawunti yeqembu isethwe njengomnikazi weqembu walolo hlu lwemibhalo, wonke amafayela adalwe kulolo hlu lwemibhalo kanye nawo wonke. yezinhlu zayo ezingaphansi , futhi thola i-akhawunti yeqembu njengomnikazi weqembu ngokuzenzakalela.

Ngalesi sizathu, imvume ye-SGID iyimvume ewusizo kakhulu yokusethwa kunkhombandlela yeqembu lomphakathi.

Imvume ye-SGID eboniswa kokuphumayo ls-l kanjani s endaweni lapho ngokuvamile ungathola khona imvume yokusebenzisa iqembu:

[root@hnl data]# ls -ld account
drwxr-sr-x. 2 root account 4096 Apr 30 21:28 account

Okwesithathu kwezimvume ezikhethekile ucezu olunamathelayo. Le mvume iwusizo ekuvikeleni amafayela ekususweni ngephutha endaweni lapho abasebenzisi abaningi bekwazi ukubhala khona uhla lwemibhalo olufanayo. Uma ibhithi elinamathelayo lisetshenziswa, umsebenzisi angasusa ifayela kuphela uma engumnikazi womsebenzisi wefayela noma uhla lwemibhalo oluqukethe ifayela. Ngalesi sizathu, isetshenziswa njengemvume ezenzakalelayo yohla lwemibhalo lwe-/tmp futhi ingaba usizo kuzinkomba zeqembu lomphakathi futhi.

Ngaphandle kwebhithi enamathelayo, uma umsebenzisi ekwazi ukudala amafayela kuhla lwemibhalo, angaphinda asuse amafayela kulolo hlu lwemibhalo. Emphakathini weqembu, lokhu kungase kucasule. Cabanga ngabasebenzisi u-linda no-lori, bobabili abanezimvume zokubhala kunkomba yedatha/ye-akhawunti futhi bathole lezo zimvume ngokuba ngamalungu eqembu le-akhawunti. Ngakho-ke, u-linda angasusa amafayela adalwe ngu-lori futhi ngokuphambene nalokho.

Uma usebenzisa ibhithi elinamathelayo, umsebenzisi angasusa amafayela kuphela uma eyodwa yale mibandela elandelayo iyiqiniso:

• Umsebenzisi ungumnikazi wefayela;
• Umsebenzisi ungumnikazi wohla lwemibhalo lapho ifayela likhona.

Lapho usebenzisa ls-l, ungabona okunamathelayo njenge t endaweni lapho ujwayele ukubona khona imvume yokwenza kwabanye:

[root@hnl data]# ls -ld account/
drwxr-sr-t. 2 root account 4096 Apr 30 21:28 account/

Ukusebenzisa amalungelo anwetshiwe

Ukusebenzisa i-SUID, i-SGID kanye nebhithi enamathelayo ungasebenzisa futhi chmod. I-SUID inenani lenombolo elingu-4, i-SGID inenani lenombolo elingu-2, futhi ibhithi enamathelayo inenani lenombolo elingu-1.

Uma ufuna ukusebenzisa lezi zimvume, udinga ukwengeza i-agumenti enezinhlamvu ezine kuzo chmod, idijithi yayo yokuqala isho izimvume ezikhethekile. Umugqa olandelayo, isibonelo, uzokwengeza imvume ye-SGID kumkhombandlela futhi usethe i-rwx yomsebenzisi kanye ne-rx yeqembu nabanye:

chmod 2755 /somedir

Lokhu akwenzeki uma udinga ukubona izimvume zamanje ezisethiwe ngaphambi kokusebenza nazo chmod kwimodi ephelele. (Unengozi yokubhala phezu kwezimvume uma ungakwenzi.) Ngakho-ke ngincoma ukuthi usebenzise imodi ehlobene uma udinga ukusebenzisa noma yiziphi izimvume ezikhethekile:

1. Ukusetshenziswa kwe-SUID chmod u+s.
2. Ukusetshenziswa kwe-SGID i-chmod g+s.
3. Ukuze usebenzise ibhithi elinamathelayo i-chmod +t, kulandelwa igama lefayela noma uhla lwemibhalo ofuna ukusethela izimvume zalo.

Ithebula lifingqa konke odinga ukukwazi mayelana nokuphatha izimvume ezikhethekile.

Isibonelo sokusebenza ngamalungelo akhethekile

Kulesi sibonelo, usebenzisa izimvume ezikhethekile ukwenza kube lula kumalungu eqembu ukwabelana ngamafayela ohlwini lwemibhalo lweqembu okwabelwana ngalo. Unikeza ibhithi ye-ID ku-ID yeqembu elimisiwe kanye nebhithi enamathelayo, futhi uyabona ukuthi uma isisethiwe, izici ziyengezwa ukuze kube lula kumalungu eqembu ukusebenzisana.

1. Vula itheminali lapho ungumsebenzisi we-linda. Ungakha umsebenzisi ngomyalo sebenzisa linda, engeza iphasiwedi linda linda.
2. Dala uhla lwemibhalo lwedatha empandeni kanye nemibhalo engaphansi kwedatha/yokuthengisa ngomyalo mkdir -p /data/sales. Qedela cd /data/salesukuya kuhla lwemibhalo yokuthengisa. Qedela thinta uLinda1 и thinta uLinda2ukwakha amafayela amabili angenalutho aphethwe u-linda.
3. Gijima su-lisa ukushintsha umsebenzisi wamanje kumsebenzisi u-lisa, ophinde abe yilungu leqembu lokuthengisa.
4. Gijima cd /data/sales futhi kusukela kulolo lwemibhalo khipha ls-l. Uzobona amafayela amabili adalwe ngumsebenzisi we-linda futhi ayingxenye yeqembu le-linda. Qedela rm -f linda*. Lokhu kuzosusa womabili amafayela.
5. Gijima thinta lisa1 и thinta lisa2ukudala amafayela amabili aphethwe umsebenzisi lisa.
6. Gijima su- ukukhuphula amalungelo akho ezimpandeni.
7. Gijima I-chmod g+s,o+t /data/salesukusetha ibhithi yenkomba yeqembu (GUID) kanye nebhithi enamathelayo ohlwini lwemibhalo lweqembu okwabelwana ngalo.
8. Gijima su-linda. Bese wenza thinta uLinda3 и thinta uLinda4. Manje kufanele ubone ukuthi amafayela amabili owadalile aphethwe yiqembu lokuthengisa, elingumnikazi weqembu lohla lwemibhalo /idatha/yokuthengisa.
9. Gijima rm -rf lisa*. Ibhithi elinamathelayo livimbela lawa mafayela ukuthi asuswe esikhundleni somsebenzisi we-linda, njengoba ungeyena umnikazi walawa mafayela. Qaphela ukuthi uma umsebenzisi we-linda engumnikazi wohla lwemibhalo /idatha/yokuthengisa, angawasusa lawa mafayela noma kunjalo!

Ukuphathwa kwe-ACL (setfacl, getfacl) ku-Linux

Noma izimvume ezinwetshiwe okuxoxwe ngazo ngenhla zengeza ukusebenza okuwusizo endleleni i-Linux ephatha ngayo izimvume, ayikuvumeli ukuthi unikeze izimvume kubasebenzisi abangaphezu koyedwa noma iqembu kufayela elilodwa.

Uhlu lokulawula ukufinyelela lunikeza lesi sici. Ukwengeza, bavumela abalawuli ukuthi bahlele izimvume ezizenzakalelayo ngendlela eyinkimbinkimbi, lapho izimvume ezimisiwe zingase zihluke kusukela kuhla lwemibhalo kuye kohla lwemibhalo.

Ukuqonda ama-ACL

Yize uhlelo olungaphansi lwe-ACL lwengeza ukusebenza okuhle kuseva yakho, lunobubi obukodwa: akuzona zonke izinsiza ezisisekelayo. Ngakho-ke, ungase ulahlekelwe izilungiselelo zakho ze-ACL lapho ukopisha noma uhambisa amafayela, futhi isofthiwe yakho eyisipele ingase yehluleke ukwenza isipele izilungiselelo zakho ze-ACL.

Insiza yetiyela ayisekeli ama-ACL. Ukuqinisekisa ukuthi izilungiselelo ze-ACL azilahleki uma udala ikhophi yasenqolobaneni, sebenzisa inkanyezi esikhundleni setiyela. inkanyezi isebenza ngezinketho ezifanayo netiyela; ivele yengeze ukusekelwa kwezilungiselelo ze-ACL.

Ungakwazi futhi ukwenza ikhophi yasenqolobaneni yama-ACL nge imvu, engabuyiselwa kusetshenziswa umyalo we-setfacl. Ukuze udale ikhophi yasenqolobaneni, sebenzisa getfacl -R /directory > file.acls. Ukuze ubuyisele izilungiselelo efayelini eliyisipele, sebenzisa setfacl --restore=file.acl.

Ukushoda kokusekelwa ngamanye amathuluzi akufanele kube yinkinga. Ama-ACL avame ukusetshenziswa kunkhombandlela njengesilinganiso sesakhiwo esikhundleni samafayela ngamanye.
Ngakho-ke, ngeke zibe eziningi zazo, kodwa ezimbalwa kuphela, ezisetshenziswa ezindaweni ezihlakaniphile ohlelweni lwefayela. Ngakho-ke, ukubuyisela ama-ACL okuqala osebenze nawo kulula, ngisho noma isofthiwe yakho eyisipele ingabasekeli.

Ilungiselela isistimu yefayela yama-ACL

Ngaphambi kokuthi uqale ukusebenza nama-ACL, kungase kudingeke ukuthi ulungise isistimu yakho yefayela ukuze isekele ama-ACL. Ngenxa yokuthi imethadatha yesistimu yefayela idinga ukunwetshwa, alukho njalo usekelo oluzenzakalelayo lwama-ACL ohlelweni lwefayela. Uma uthola umlayezo othi "ukusebenza akusekelwe" lapho usetha ama-ACL ohlelo lwefayela, isistimu yakho yefayela ingase ingawasekeli ama-ACL.

Ukuze ulungise lokhu udinga ukwengeza inketho acl entabeni ku-/etc/fstab ukuze uhlelo lwefayela lufakwe ngokusekelwa kwe-ACL ngokuzenzakalelayo.

Ukushintsha nokubuka izilungiselelo ze-ACL nge-setfacl kanye ne-getfacl

Ukusetha i-ACL udinga umyalo setfacl. Ukuze ubone izilungiselelo zamanje ze-ACL, udinga imvu. Ithimba ls-l ayibonisi noma yimaphi ama-ACL akhona; ivele ibonise u-+ ngemva kohlu lwemvume, okubonisa ukuthi ama-ACL ayasebenza nasefayelini.

Ngaphambi kokumisa ama-ACL, kuhlale kuwumqondo omuhle ukubonisa izilungiselelo zamanje ze-ACL ngazo imvu. Esibonelweni esingezansi, ungabona izimvume zamanje, njengoba kuboniswe nge ls-l, futhi njengoba kukhonjisiwe nge imvu. Uma ubhekisisa ngokwanele, uzobona ukuthi ulwazi olubonisiwe lufana ncamashi.

[root@server1 /]# ls -ld /dir
drwxr-xr-x. 2 root root 6 Feb 6 11:28 /dir
[root@server1 /]# getfacl /dir
getfacl: Removing leading '/' from absolute path names
# file: dir
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Njengomphumela wokwenza umyalo imvu ngezansi ungabona ukuthi izimvume ziboniswa ezintweni ezintathu ezihlukene: umsebenzisi, iqembu nezinye. Manje ake sengeze i-ACL ukuze sinikeze izimvume zokufunda futhi sisebenzise eqenjini lokuthengisa. umyalo walokhu setfacl -mg:ukuthengisa:rx /dir. Kuleli qembu -m ibonisa ukuthi izilungiselelo zamanje ze-ACL zidinga ukushintshwa. Ngemva kwalokho g:ukuthengisa:rx itshela umyalo ukuthi usethe i-read-execute ACL (rx) okweqembu (g) ukuthengisa. Ngezansi ungabona ukuthi umyalo ubukeka kanjani, kanye nokuphuma komyalo we-getfacl ngemva kokushintsha izilungiselelo ze-ACL zamanje.

[root@server1 /]# setfacl -m g:sales:rx /dir
[root@server1 /]# getfacl /dir
getfacl: Removing leading '/' from absolute path names
# file: dir
# owner: root
# group: root
user::rwx
group::r-x
group:sales:r-x
mask::r-x
other::r-x

Manje njengoba usuqonda ukuthi ungasetha kanjani iqembu le-ACL, kulula ukuqonda ama-ACL kubasebenzisi nabanye abasebenzisi. Ngokwesibonelo, umyalo setfacl -mu:linda:rwx /data inikeza izimvume kumsebenzisi u-linda kunkomba yedatha ngaphandle kokumenza umnikazi noma ukushintsha isabelo somnikazi wamanje.

Ithimba setfacl inezici eziningi nezinketho. Inketho eyodwa ibaluleke kakhulu, ipharamitha -R. Uma isetshenziswa, inketho yenza i-ACL isethelwe wonke amafayela neziqondiso ezingaphansi ezikhona njengamanje kuhla lwemibhalo lapho usethe khona i-ACL. Kunconywa ukuthi uhlale usebenzisa le nketho lapho ushintsha ama-ACL ezinkomba ezikhona.

Ukusebenza ngama-ACL azenzakalelayo

Enye yezinzuzo zokusebenzisa ama-ACL ukuthi ungakwazi ukunikeza izimvume kubasebenzisi abaningi noma amaqembu ohlwini lwemibhalo. Enye inzuzo ukuthi ungakwazi ukunika amandla ifa ngokusebenzisana nama-ACL azenzakalelayo.

Ngokusetha i-ACL ezenzakalelayo, unquma izimvume ezizosethelwa zonke izinto ezintsha ezidalwe ohlwini lwemibhalo. Qaphela ukuthi i-ACL ezenzakalelayo ayizishintshi izimvume kumafayela akhona nasezindaweni ezingaphansi. Ukuze uzishintshe, udinga ukwengeza i-ACL evamile futhi!

Lokhu kubalulekile ukwazi. Uma ufuna ukusebenzisa i-ACL ukuze ulungiselele abasebenzisi abaningi noma amaqembu ukufinyelela uhla lwemibhalo olufanayo, kufanele usethe i-ACL kabili. Ukusetshenziswa kokuqala setfacl -R -mukushintsha ama-ACL kumafayela amanje. Bese usebenzisa setfacl-md:ukunakekela zonke izakhi ezintsha ezizophinde zidalwe.

Ukusetha i-ACL ezenzakalelayo udinga nje ukwengeza inketho d ngemva kwenketho -m (i-oda libalulekile!). Ngakho sebenzisa setfacl -md:g:sales:rx/datauma ufuna ukuthengiswa kweqembu kufunde futhi kwenze noma yini eke yadalwa kuhla lwemibhalo/yedatha.

Uma usebenzisa ama-ACL amisiwe, kungase futhi kube usizo ukusetha ama-ACL kwabanye. Lokhu ngokuvamile akuwenzi umqondo omkhulu ngoba ungakwazi futhi ukushintsha izimvume kwabanye abazisebenzisayo chmod. Nokho, yini ongakwazi ukuyenza chmod, ukucacisa amalungelo okufanele anikezwe abanye abasebenzisi kulo lonke ifayela elisha elike lakhiwe. Uma ufuna ukuvimbela abanye ekutholeni izimvume kunoma yini edalwe ku/datha ngokwesibonelo ukusetshenziswa setfacl -md:o::- /data.

Ama-ACL nezimvume ezijwayelekile azihlali zihlanganiswe kahle. Izinkinga zingavela uma usebenzisa i-ACL ezenzakalelayo kumkhombandlela, bese izinto zengezwa kuleyo mibhalo, bese uzama ukushintsha izimvume ezivamile. Izinguquko ezisebenza kuzimvume ezijwayelekile ngeke zibonakale kahle ekubukezweni kwe-ACL. Ukuze ugweme izinkinga, setha izimvume ezivamile kuqala, bese usetha ama-ACL azenzakalelayo (bese uzama ukungawashintshi futhi ngemva kwalokho).

Isibonelo Sokuphathwa Kwamalungelo Aphakeme Ngokusebenzisa ama-ACL

Kulesi sibonelo, uzoqhubeka nemibhalo/yedatha/i-akhawunti kanye/nedatha/yokuthengisa oyidale ngaphambilini. Ezibonelweni ezedlule, uqinisekise ukuthi iqembu lokuthengisa linezimvume zokuthi /idatha/ukuthengisa futhi i-akhawunti yeqembu inezimvume kokuthi /idatha/i-akhawunti.

Okokuqala, qiniseka ukuthi iqembu le-akhawunti lithola izimvume zokufunda kuhla lwemibhalo /idatha/yokuthengisa futhi iqembu lokuthengisa lithola izimvume zokufunda kuhla lwemibhalo lwedatha/lwe-akhawunti.

Bese usetha ama-ACL azenzakalelayo ukuze wenze isiqiniseko sokuthi wonke amafayela amasha anezimvume ezifanele ezisethelwe zonke izinto ezintsha.

1. Vula itheminali.
2. Gijima setfacl -mg:akhawunti:rx /data/sales и setfacl -mg:ukuthengisa:rx /data/account.
3. Gijima imvuukuze uqinisekise ukuthi izimvume zisethwe ngendlela ofisa ngayo.
4. Gijima setfacl -md:g:akhawunti:rwx,g:sales:rx /data/salesukusetha i-ACL emisiwe yohla lwemibhalo yokuthengisa.
5. Engeza i-ACL ezenzakalelayo yohla lwemibhalo /idatha/i-akhawunti usebenzisa setfacl -md:g:sales:rwx,g:account:rx /data/account.
6. Qinisekisa ukuthi izilungiselelo ze-ACL ziyasebenza ngokwengeza ifayela elisha ku-/data/sales. Qedela thinta /data/sales/newfile futhi akhiphe getfacl /data/sales/newfile ukuhlola izimvume zamanje.

Ukusetha izimvume ezizenzakalelayo nge-umask

Ngenhla, ufunde ukuthi ungasebenza kanjani ngama-ACL azenzakalelayo. Uma ungasebenzisi i-ACL, kukhona inketho yegobolondo enquma izimvume ezizenzakalelayo ozozithola: umask (imaski ehlehlisayo). Kulesi sigaba, uzofunda ukuthi ungazishintsha kanjani izimvume ezizenzakalelayo nge umask.

Kungenzeka ukuthi uqaphele ukuthi uma udala ifayela elisha, izimvume ezithile ezizenzakalelayo ziyasethwa. Lezi zimvume zinqunywa isilungiselelo umask. Lesi silungiselelo sesheli sisebenza kubo bonke abasebenzisi ku-logon. Kupharamitha umask kusetshenziswa inani lenombolo, elikhishwa ezimvumeni eziphezulu ezingasethwa ngokuzenzakalelayo kufayela; isilungiselelo esiphezulu samafayela singu-666 futhi ohlwini lwemibhalo ngu-777.

Nokho, kukhona okuhlukile okusebenzayo kulo mthetho. Ungathola ukubuka konke okuphelele kwezilungiselelo umask kulelithebula elingezansi.

Kwezinombolo ezisetshenziswe ku umask, njengasendabeni yezingxabano zezinombolo zomyalo chmod, idijithi yokuqala ibhekisela ezimvumeni zomsebenzisi, idijithi yesibili ibhekisela ezimvumeni zeqembu, futhi eyokugcina ibhekisela kuzimvume ezizenzakalelayo ezisethelwe abanye. Incazelo umask okuzenzakalelayo u-022 unikeza u-644 kuwo wonke amafayela amasha kanye no-755 kuzo zonke izinkomba ezintsha ezidalwe kuseva yakho.

Ukubuka okuphelele kwawo wonke amanani ezinombolo umask kanye nemiphumela yabo kulelithebula elingezansi.

Indlela elula yokubona ukuthi isilungiselelo se-umask sisebenza kanje: qala ngezimvume ezizenzakalelayo zefayela ezisethelwe ku-666 futhi ukhiphe umask ukuze uthole izimvume ezisebenzayo. Yenza okufanayo ngohla lwemibhalo nezimvume zalo ezizenzakalelayo ze-777.

Kunezindlela ezimbili zokushintsha isilungiselelo se-umask: kubo bonke abasebenzisi nakubasebenzisi ngabanye. Uma ufuna ukusetha umask kubo bonke abasebenzisi, kufanele uqinisekise ukuthi ukulungiselelwa umask kuyacatshangelwa lapho uqala amafayela emvelo yegobolondo, njengoba kucacisiwe ku-/etc/profile. Indlela efanele iwukwenza umbhalo wegobolondo obizwa ngokuthi umask.sh kuhla lwemibhalo /etc/profile.d futhi ucacise umask ofuna ukuwusebenzisa kuleso script segobolondo. Uma i-umask ishintshwa kuleli fayela, isetshenziswa kubo bonke abasebenzisi ngemuva kokungena kuseva.

Enye indlela yokusetha umask nge-/etc/profile kanye namafayela ahlobene, lapho kusebenza khona kubo bonke abasebenzisi abangena ngemvume, ukushintsha izilungiselelo ze-umask efayeleni elibizwa ngokuthi .profile elakhiwe kuhla lwemibhalo lwasekhaya lomsebenzisi ngamunye.

Izilungiselelo ezisetshenziswe kuleli fayela zisebenza kuphela kumsebenzisi ngamunye; ngakho-ke lena indlela enhle uma udinga imininingwane eyengeziwe. Mina ngokwami ​​ngithanda lesi sici ukushintsha umask ozenzakalelayo womsebenzisi wempande ube ngu-027 kuyilapho abasebenzisi abajwayelekile besebenza nge-umask ezenzakalelayo ye-022.

Ukusebenza ngezibaluli zomsebenzisi ezinwetshiwe

Lesi yisigaba sokugcina sezimvume ze-Linux.

Lapho usebenza ngezimvume, kuhlala kunobudlelwano phakathi komsebenzisi noma into yeqembu kanye nezimvume umsebenzisi noma izinto zeqembu ezinazo kufayela noma uhla lwemibhalo. Enye indlela yokuvikela amafayela kuseva ye-Linux ukusebenza ngezibaluli.
Izibaluli zenza umsebenzi wazo ngokunganaki ukuthi umsebenzisi ufinyelela ifayela.

Njengama-ACL, izibaluli zefayela zingadinga ukufaka inketho khuphuka.

Lena inketho umsebenzisi_xattr. Uma uthola umlayezo othi "ukusebenza akusekelwe" lapho usebenza ngezibaluli zomsebenzisi ezinwetshiwe, qiniseka ukuthi usetha ipharamitha khuphuka ku-/etc/fstab.

Izimfanelo eziningi zibhaliwe. Ezinye izibaluli ziyatholakala kodwa azikasetshenziswa. Ungawasebenzisi; ngeke bakulethele lutho.

Ngezansi izici eziwusizo kakhulu ongazisebenzisa:

A Lesi sibaluli siqinisekisa ukuthi isikhathi sokufinyelela ifayela lefayela asishintshi.
Ngokuvamile, isikhathi ngasinye lapho kuvulwa ifayela, isikhathi sokufinyelela sefayela kufanele sirekhodwe kumethadatha yefayela. Lokhu kunomthelela omubi ekusebenzeni; ngakho-ke kumafayela atholakala njalo, isibaluli A ingasetshenziswa ukukhubaza lesi sici.

a Lesi sibaluli sikuvumela ukuthi wengeze kodwa ungalisusi ifayela.

c Uma usebenzisa isistimu yefayela esekela ukuminyaniswa kwezinga levolumu, lesi sibaluli sefayela siqinisekisa ukuthi ifayela liyacindezelwa okokuqala ngqa indlela yokucindezela inikwe amandla.

D Lesi sibaluli siqinisekisa ukuthi izinguquko kumafayela zibhalwa kudiski ngokushesha kunokuba zifakwe kunqolobane kuqala. Lesi isibaluli esiwusizo kumafayela esizindalwazi abalulekile ukuze uqiniseke ukuthi awalahleki phakathi kwenqolobane yefayela ne-hard drive.

d Lesi sibaluli siqinisekisa ukuthi ifayela ngeke lilondolozwe kuzipele lapho kusetshenziswa insiza yokulahla.

I Lesi sibaluli sinika amandla ukukhonjwa kohlu lwemibhalo lapho lunikwe amandla khona. Lokhu kunikeza ukufinyelela okusheshayo kwefayela kumasistimu efayela akudala njenge-Ext3 engasebenzisi isizindalwazi se-B-tree ukufinyelela ifayela ngokushesha.

i Lesi sibaluli senza ifayela lingaguquleki. Ngakho-ke, azikho izinguquko ezingenziwa kufayela, eliwusizo kumafayela adinga ukuvikelwa okwengeziwe.

j Lesi sibaluli siqinisekisa ukuthi, ohlelweni lwefayela le-ext3, ifayela libhalwa kuqala kujenali bese libhalwa kumabhulokhi wedatha ku-hard disk.

s Bhala phezu kwamabhulokhi lapho ifayela lilondolozwe kuma-0s ngemva kokususa ifayela. Lokhu kuqinisekisa ukuthi ifayela alikwazi ukubuyiselwa uma selisusiwe.

u Lesi sibaluli sigcina ulwazi mayelana nokususwa. Lokhu kukuvumela ukuthi uthuthukise insiza esebenza nalolu lwazi ukutakula amafayela asusiwe.

Uma ufuna ukusebenzisa izimfanelo, ungasebenzisa umyalo ingxoxo. Ngokwesibonelo, sebenzisa chattr +s somefileukusebenzisa izimfanelo kufayela elithile. Udinga ukususa isibaluli? Bese usebenzisa chattr -s somefilefuthi izosuswa. Ukuze uthole ukubuka konke kwazo zonke izibaluli ezisetshenziswayo njengamanje, sebenzisa umyalo Lsattr.

Isifingqo

Kulesi sihloko, ufunde ukuthi usebenza kanjani ngezimvume. Ufunda mayelana nezimvume ezintathu eziyisisekelo, izimvume ezithuthukisiwe, kanye nendlela yokusebenzisa ama-ACL kusistimu yefayela. Ufunde futhi ukusebenzisa inketho ye-umask ukuze usebenzise izimvume ezizenzakalelayo. Ekupheleni kwalesi sihloko, ufunde ukuthi ungasebenzisa kanjani izibaluli ezinwetshiwe ukuze usebenzise isendlalelo esengeziwe sokuphepha kwesistimu yefayela.

Uma ukuthandile lokhu kuhumusha, sicela ubhale ngakho emazwaneni. Kuzoba nesikhuthazo esengeziwe sokwenza ukuhumusha okuwusizo.

Kulungiswe amanye amaphutha okuthayipha nawohlelo ku-athikili. Kwehliswe izigaba ezinkulu zaba ezincane ukuze zifundeke kangcono.

Esikhundleni sokuthi "Umuntu onamalungelo okuphatha kuhla lwemibhalo kuphela ongafaka isicelo semvume yokukhipha." okugxilwe kokuthi "Umuntu onezimvume zokubhala kuhla lwemibhalo kuphela ongafaka imvume yokukhipha.", okungaba okulungile kakhulu.

Siyabonga ngamazwana berez.

Kufakwe esikhundleni:
Uma ungeyena umnikazi womsebenzisi, igobolondo lizohlola ukuze libone ukuthi ingabe uyilungu leqembu, elaziwa nangokuthi iqembu lefayela.

Use:
Uma ungeyena umnikazi wefayela, igobolondo lizohlola ukuze libone ukuthi ingabe uyilungu leqembu elinezimvume kufayela. Uma uyilungu laleli qembu, uzofinyelela ifayela elinezimvume iqembu elizimisile, futhi igobolondo lizoyeka ukuhlola.

Ngiyabonga ngokuphawula kwakho I-CryptoPirate

Source: www.habr.com