Chekwaa faịlụ/akwụkwọ ndekọ aha site na iji ACL (Nchịkwa Nweta Nweta) na Linux

Dị ka onye nchịkwa Sistemu, ihe mbụ anyị ga-eme bụ ichekwa ma chekwaa data site na ịnweta enweghị ikike. Anyị niile maara ikike anyị na-edobere site na iji ụfọdụ iwu Linux na-enyere aka dị ka chmod, chown, chgrp… wdg. Otú ọ dị, ndị a ndabere ikike tent nwere ụfọdụ mmachi na mgbe ụfọdụ nwere ike ọ gaghị arụ ọrụ dị ka kwa anyị mkpa. Dịka ọmụmaatụ, anyị enweghị ike ịtọ ntọala ikike dị iche iche maka ndị ọrụ dị iche iche n'otu ndekọ ma ọ bụ faịlụ. Yabụ, etinyere ndepụta njikwa nnweta (ACLs).

Ka anyị kwuo, ị nwere ndị ọrụ atọ, 'tecmint1', 'tecmint2' na 'tecmint3'. Onye ọ bụla nwere otu ọnụ na-ekwu 'acl'. Onye ọrụ 'tecmint1' chọrọ naanị 'tecmint2' onye ọrụ nwere ike ịgụ ma nweta faịlụ nke 'tecmint1' na ọ nweghị onye ọzọ kwesịrị ịnweta ohere na nke ahụ.

ACLs (Nchịkọta Nweta ohere) na-enye anyị ohere ịme otu aghụghọ ahụ. ACL ndị a na-enye anyị ohere ịnye ikike maka onye ọrụ, otu na otu ndị ọrụ ọ bụla na-anọghị na ndepụta otu onye ọrụ.

Mara: Dị ka Redhat Product Documentation, ọ na-enye nkwado ACL maka usoro faịlụ ext3 na sistemụ faịlụ mbupụ NFS.

Otu esi elele Nkwado ACL na Sistemụ Linux

Tupu ịga n'ihu, ị ga-enwe nkwado maka ACL na kernel ugbu a na sistemụ faịlụ agbakwunyere.

Gbaa iwu a ka ịlele Nkwado ACL maka sistemụ faịlụ yana nhọrọ POSIX_ACL = Y (ọ bụrụ na enwere N kama Y, mgbe ahụ ọ pụtara na Kernel anaghị akwado ACL ma ọ dị mkpa ka achịkọta ya).

 grep -i acl /boot/config*

CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_JFS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_GENERIC_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_CIFS_ACL=y
CONFIG_9P_FS_POSIX_ACL=y

Tupu ịmalite iji ACL egwuri egwu, jide n'aka na ị wụnyela ngwugwu. N'okpuru bụ ngwugwu achọrọ nke a ga-arụnye site na iji yum ma ọ bụ apt-get.

 yum install nfs4-acl-tools acl libacl		[on RedHat based systems]

 mount  | grep -i root

/dev/mapper/fedora-root on / type ext4 (rw,relatime,data=ordered)

Ma n'ọnọdụ anyị, ọ naghị egosi acl na ndabara. Ya mere, ọzọ anyị nwere nhọrọ iji remounted mounted nkebi ọzọ iji acl nhọrọ. Ma, tupu ịga n'ihu, anyị nwere nhọrọ ọzọ iji jide n'aka na a na-etinye nkebi na nhọrọ acl ma ọ bụ na ọ bụghị, n'ihi na maka usoro na-adịbeghị anya ọ nwere ike jikọta ya na nhọrọ nrịgo ndabara.

 tune2fs -l /dev/mapper/fedora-root | grep acl

Default mount options:    user_xattr acl

Na mmepụta dị n'elu, ị nwere ike ịhụ na nhọrọ mgbago ndabara enweela nkwado maka acl. Nhọrọ ọzọ bụ ịkwanye nkebi ahụ dị ka egosiri n'okpuru.

 mount -o remount,acl /

Na-esote, tinye ntinye dị n'okpuru na faịlụ '/etc/fstab' ka ọ na-adịgide adịgide.

/dev/mapper/fedora-root /	ext4    defaults,acl 1 1

Ọzọ, remount nkebi.

 mount -o remount  /

Na sava NFS, ọ bụrụ na sistemụ faịlụ nke ihe nkesa NSF na-ebupụ na-akwado ACL na ndị ahịa NFS nwere ike ịgụ ACL, yabụ Sistemụ ahịa na-eji ACLs.

Maka iwepu ACL na òkè NFS, ị ga-agbakwunye nhọrọ \no_acl na faịlụ '/etc/exportfs' na NFS Server. Iji gbanyụọ ya n'akụkụ ndị ahịa NSF ọzọ jiri nhọrọ \no_acl n'oge oge mgbago.

Otu esi etinye nkwado ACL na Linux Systems

Enwere ụdị ACL abụọ:

1. Nnweta ACL: A na-eji nweta ACL maka inye ikike na faịlụ ma ọ bụ ndekọ ọ bụla.
2. ACL ndị ndabara: ACL ndị ndabara ka a na-eji maka inye/ịtọpụta ndepụta njikwa ohere na naanị akwụkwọ ndekọ aha.

Ọdịiche dị n'etiti Access ACL na ACL ndabara:

1. Enwere ike iji ACL ndabara na ọkwa ndekọ naanị.
2. Akwụkwọ ndekọ ma ọ bụ faịlụ ọ bụla emepụtara n'ime akwụkwọ ndekọ aha ahụ ga-eketa ACL n'akwụkwọ ndekọ aha nne na nna ya. N'aka nke ọzọ faịlụ na-eketa ACL ndabara dị ka ịnweta ACLs.
3. Anyị na-eji \-d maka ịtọ ntọala ACL na ndabara ACL bụ nhọrọ.

Iji chọpụta ACL ndabara maka otu faịlụ ma ọ bụ ndekọ aha, jiri iwu 'getfacl'. N'ihe atụ dị n'okpuru, a na-eji getfacl nweta ACL ndabara maka nchekwa 'Egwu'.

 getfacl Music/

# file: Music/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::rw-

Ka ịtọọ ACL ndabara maka otu faịlụ ma ọ bụ ndekọ aha, jiri iwu 'setfacl'. N'ihe atụ dị n'okpuru, iwu setfacl ga-edobe ACL ọhụrụ (gụọ ma mebie) na nchekwa 'Egwu'.

 setfacl -m d:o:rx Music/
 getfacl Music/
# file: Music/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x

Jiri iwu 'setfacl' maka ịtọ ma ọ bụ gbanwee na faịlụ ma ọ bụ ndekọ ọ bụla. Dịka ọmụmaatụ, inye ikike ịgụ na ide ikike maka onye ọrụ 'tecmint1'.

# setfacl -m u:tecmint1:rw /tecmint1/example

Jiri iwu 'getfacl' maka ilele ACL na faịlụ ma ọ bụ ndekọ ọ bụla. Dịka ọmụmaatụ, ilele ACL na '/ tecmint1/emple' jiri iwu dị n'okpuru.

# getfacl /tecmint1/example

# file: tecmint1/example/
# owner: tecmint1
# group: tecmint1
user::rwx
user:tecmint1:rwx
user:tecmint2:r--
group::rwx
mask::rwx
other::---

Maka iwepu ACL na faịlụ/akwụkwọ ndekọ aha ọ bụla, anyị na-eji nhọrọ x na b dị ka egosiri n'okpuru.

# setfacl -x ACL file/directory  	# remove only specified ACL from file/directory.

# setfacl -b  file/directory   		#removing all ACL from file/direcoty

Ka anyị mejuputa ACL na-esote ọnọdụ.

Ndị ọrụ abụọ (tecmint1 na tecmint2), ha abụọ nwere otu nke abụọ akpọrọ 'acl'. Anyị ga-emepụta otu ndekọ aha 'tecmint1' ma nye onye ọrụ 'tecmint2' ikike ịgụ ma mebie ikike na ndekọ ahụ.

Kwụpụ 1: Mepụta ndị ọrụ abụọ wee wepu paswọọdụ na ha abụọ

 for user in tecmint1 tecmint2

> do
> useradd $user
> passwd -d $user
> done
Removing password for user tecmint1.
passwd: Success
Removing password for user tecmint2.
passwd: Success

Kwụpụ 2: Mepụta otu na ndị ọrụ na otu nke abụọ.

 groupadd acl
 usermod -G acl tecmint1
 usermod -G acl tecmint2

Kwụpụ 3: Mepụta ndekọ /tecmint wee gbanwee nwe ya ka ọ bụrụ tecmint1.

 mkdir /tecmint1
 chown tecmint1 /tecmint1/

 ls -ld /tecmint1/

drwxr-xr-x 2 tecmint1 root 4096 Apr 17 14:46 /tecmint1/

 getfacl /tecmint1

getfacl: Removing leading '/' from absolute path names
# file: tecmint1
# owner: tecmint1
# group: root
user::rwx
group::r-x
other::r-x

Kwụpụ 4: Jiri tecmint1 banye wee mepụta ndekọ na folda /tecmint.

[[email  ~]$ su - tecmint1

Last login: Thu Apr 17 14:49:16 IST 2014 on pts/4

[[email  ~]$ cd /tecmint1/
[[email  tecmint1]$ mkdir example

[[email  tecmint1]$ ll

total 4
drwxrwxr-x 2 tecmint1 tecmint1 4096 Apr 17 14:50 example

[[email  tecmint1]$ whoami 
tecmint1

Kwụpụ 5: Ugbu a tọọ ACL site na iji 'setfacl', nke mere na 'tecmint1' ga-enwe ikike rwx niile, 'tecmint2' ga-agụ naanị ikike na folda 'ihe atụ' na ndị ọzọ agaghị enwe ikike.

$ setfacl -m u:tecmint1:rwx example/
$ setfacl -m u:tecmint2:r-- example/
$ setfacl -m  other:--- example/
$ getfacl example/

# file: example
# owner: tecmint1
# group: tecmint1
user::rwx
user:tecmint1:rwx
user:tecmint2:r--
group::r-x
mask::rwx
other::---

Kwụpụ 6: Ugbu a banye na onye ọrụ ọzọ ie 'tecmint2' na ọdụ ọzọ wee gbanwee ndekọ ka '/ tecmint1'. Ugbu a gbalịa lelee ọdịnaya site na iji iwu 'ls' wee gbalịa gbanwee ndekọ wee hụ ọdịiche dị n'okpuru.

[[email  ~]$ su - tecmint2

Last login: Thu Apr 17 15:03:31 IST 2014 on pts/5

[[email  ~]$ cd /tecmint1/
[[email  tecmint1]$ ls -lR example/
example/:
total 0

[[email  tecmint1]$ cd example/

-bash: cd: example/: Permission denied

[[email  tecmint1]$ getfacl example/

# file: example
# owner: tecmint1
# group: tecmint1
user::rwx
user:tecmint1:rwx
user:tecmint2:r--
group::rwx
mask::rwx
other::---

Kwụpụ 7: Ugbu a nye 'execute' ikike 'tecmint2' na folda 'ihe atụ' wee jiri 'cd' iwu ịhụ mmetụta. Ugbu a 'tecmint2' nwere ikike ịlele na gbanwee ndekọ, mana enweghị ikike maka ide ihe ọ bụla.

[[email  tecmint1]$ setfacl -m u:tecmint2:r-x example/
[[email  tecmint1]$ getfacl example/

# file: example
# owner: tecmint1
# group: tecmint1
user::rwx
user:tecmint1:rwx
user:tecmint2:r-x
group::rwx
mask::rwx
other::---

[[email  ~]$ su - tecmint2

Last login: Thu Apr 17 15:09:49 IST 2014 on pts/5

[[email  ~]$ cd /tecmint1/
[[email  tecmint1]$ cd example/
[[email  example]$ getfacl .

[[email  example]$ mkdir test

mkdir: cannot create directory ‘test’: Permission denied

[[email  example]$ touch test

touch: cannot touch ‘test’: Permission denied

Mara: Mgbe emechara ACL, ị ga-ahụ akara '+' maka mmepụta 'ls -l' dị ka n'okpuru.

 ll

total 4
drwxrwx---+ 2 tecmint1 tecmint1 4096 Apr 17 17:01 example

Njikọ ntụaka

Akụkọ ihe mere eme nke ACL