| |
1.ACL (Access Control List) for a single user can be a single file or directory to r, w, x's permission specification. ACL mainly for the following aspects to control permissions:
1): Can for users. To set permissions
2) Groups: For groups object to set its permissions
3) default properties: You can also create a new file in for the directory, when the directory specification data default permissions
2.ACL traditional Unix-Like operating systems support additional projects, and therefore must have a file system ACL support for the job. At present, most file systems support ACL features, including ReiserFS, EXT2 / EXT3, JFS, XFS, etc.
3. Start acl method:
1) mount -o remount, acl /: only valid in this, but a virtual machine test is invalid
2) to directly modify / etc / fstab, after the first record defaults plus ", acl"
4.setfacl [-bkRd] [{- m | -x} acl parameter] destination file name: obtain a file or directory ACL set project parameters,
1) -m: After setting the parameters for subsequent acl file to use, can not be combined with the -x
2) -x: Delete the subsequent acl parameters can not be combined with -m
3) -b: Remove all ACL set parameters
4) -k: Remove the default ACL parameters
5) -R: recursively set acl, that is including this directory will be set up
6) -d: set the "default acl parameter" means only valid for the directory, the directory in the new data will refer to this default.
7) for a particular user mode u: [User List]: [rwx]
5.getfacl filename: acl get file permissions, setfacl parameters substantially identical
6.su [-lm] [- c command] [username]: Switch User, parameters,
1) - Username: Simple to use - such as "su -" representatives to use login-shell variable file read mode to log into the system (that is, the parameters set by the user reads the login related files and modify the current environment variables ), if not add a user name, it represents the switch to the root.
2) -l: and - similar, but later need to add To switch to the user's account
3) -m: -m and -p is the same, that "the use of the current environment settings without reading a new user profile
4) -c: instruction only once, so the back can add -c command
7.sudo [-b] [- u New User]: Enter the user's password without having to switch the case to switch accounts, this method is relatively safe
1) -b: the subsequent instruction into the background enables the system to perform without affecting the current shell
2) -u: To switch back can take the user Without this option represents the switching status is root, it can be directly connected to the back of the instruction
The default command can be executed only root, to perform, you need to modify / etc / sudoers, can modify the document by visudo command
8.visudo: Setting sudo pass, make account sudo command can be executed only to find the root of that line, and then imitate the bottom line in a new row, place the root modification specified account, the value of the line: root ALL = (ALL) ALL, meaning four components of the line are:
1) system which accounts can use the sudo command, the default is root
2) When there is this account which connect to the host portion of the Linux host, which means this account which may be online by the host computer over a network, this setting can specify that the client computer (trusted users). The default root may be from any one network host
3) this account can be switched into what identity issued subsequent instruction, the default root can switch to any person
4) You can use this identity issued what instructions? Always use this command to write the absolute path. You can switch any preset root identity and the meaning of any instruction
By User_Alias, Cmnd_Alias were set user list and a list of instructions to achieve the purpose of batch processing
sudo command in the two time intervals of not more than five minutes, the second instruction is executed without entering the password again
9.w, who: view the current user login system, wherein w information than the whole thing, you can view the load balancing and other relevant information, and who only a user name, terminal information and session length
10.lastlog: only root can use the identity command to read / var / log / lastlog file
11.write recipient account [the user's terminal interface]: then the content, use the instructions can log into the system account with the current conversation.
12.mesg [yn]: Use this instruction may accept or reject the user through the information sent to write, but can not refuse root information sent, where y represents the reception, n refused
13.wall messge: The instruction can send a message to all logged account. |
|
|
|