Home >Operation and Maintenance >Linux Operation and Maintenance >How to configure high-availability permission management on Linux

How to configure high-availability permission management on Linux

王林
王林Original
2023-07-06 11:30:101390browse

How to configure high-availability permission management on Linux

In the Linux operating system, permission management is a very important and essential task. High-availability permission management prevents unauthorized users from accessing sensitive data, protecting system security and integrity. This article will introduce how to configure high-availability permission management on Linux, and use code examples to help readers better understand and practice.

1. Understand the Linux permission model

In Linux, each file and directory has a set of permissions to determine the user's access rights to it. There are three main categories of permissions: owner, group and others. The permissions of each category can be subdivided into three permissions: read (r), write (w) and execute (x). The numerical values ​​corresponding to the permissions are 4, 2 and 1, which can be used in combination. For example, rwx (read, write, execute) corresponds to a digital permission value of 7, and r-x (read, do not write, execute) corresponds to a digital permission value of 5.

For example, we can use the following command to view the detailed permission information of a file:

$ ls -l file.txt
-rw-r--r-- 1 user group 1024 Sep 30 10:00 file.txt

In the above output results, "-rw-r--r--" in the first column means File permissions. Among them, the first one represents the file type, the next three are the permissions of the owner, the next three are the permissions of users in the same group, and the last three are the permissions of other users.

2. Use Access Control List (ACL) to extend permission control

In Linux, Access Control List (ACL) is an extended permission control mechanism that can be used for specific users or user groups. Assign specified permissions. ACL can achieve more flexible and fine-grained permission control.

First, we need to ensure that the ACL toolkit is installed. On a Debian/Ubuntu system, you can use the following command to install:

$ sudo apt-get install acl

On a CentOS/RHEL system, you can use the following command to install:

$ sudo yum install acl

Next, we will demonstrate how to specify a user Grant read and write permissions to the file. Suppose we have a file file.txt, and we want to grant read and write permissions to user john.

First, the file system where the file is located needs to be mounted to support ACL. Find the partition where the file is located and use the following command to mount it:

$ sudo mount -o remount,acl /dev/sdaX /mnt

where /dev/sdaX is the device name of the target partition and /mnt is the mount point .

Then, you can use the following command to set the ACL for the file:

$ sudo setfacl -m u:john:rw file.txt

In the above command, -m means modifying the ACL, u:john means Add ACL for user john, rw indicates read and write permissions. Use the getfacl command to view the ACL information of the file:

$ getfacl file.txt
# file: file.txt
# owner: user
# group: group
user::rw-
user:john:rw-
group::r--
mask::rw-
other::r--

Among them, user::rw- represents the owner's permissions, user:john:rw - represents the permissions of user john, group::r-- represents the permissions of users in the same group, mask::rw- represents the maximum permissions, other::r-- indicates the permissions of other users.

To continue reading, please visit [https://linux.cn/article-12863-1.html](https://linux.cn/article-12863-1.html)

The above is the detailed content of How to configure high-availability permission management on Linux. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn