Linux 如何仅授予某些用户对子文件夹的权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19110891/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to give to some user permissions only to subfolder
提问by pawel
I have root permissions on my server and I want to give permissions to particular groups and users of it. There is a one case, there is directory tree:
我在我的服务器上有 root 权限,我想授予它的特定组和用户权限。有一种情况,有目录树:
dir1
├── subdir1
├── subdir2
├── subdir3
I have three users (user1, user2, user3) - i want each of them to have permissions only to one directory (user1 - subdir1, user2 - subdir2, user3 - subdir3). User1 should not be able to see whats int subdir2 or subdir3, but he cant see that they exist, same with other users and their dirs.
我有三个用户(user1、user2、user3) - 我希望他们每个人都只拥有一个目录的权限(user1 - subdir1、user2 - subdir2、user3 - subdir3)。User1 应该看不到 int subdir2 或 subdir3,但他看不到它们的存在,与其他用户及其目录一样。
I give persmissions using getfacl and setfacl commands.
我使用 getfacl 和 setfacl 命令授予权限。
What permissions should these users have to dir1 and subdirs?
这些用户应该对 dir1 和 subdirs 拥有什么权限?
采纳答案by Nicolai
To allow all users see list of files in dir1set permissions 0755 to this folder
允许所有用户查看dir1此文件夹的设置权限 0755中的文件列表
$ chmod dir1 0755
To separate access to subfolders assign owner to each folder:
要单独访问子文件夹,请为每个文件夹分配所有者:
$ cd dir1
$ chown user1:user1 -R subdir1
$ chown user2:user2 -R subdir2
$ chown user3:user3 -R subdir3
Now make subfolders readable only for theirs owners:
现在使子文件夹仅对其所有者可读:
$ chmod user* 0700
Now all users see that folders user* exist, but they can enter only in own folder
现在所有用户都看到文件夹 user* 存在,但他们只能进入自己的文件夹
UpdateSorry, can't format text in comments.
更新抱歉,无法格式化评论中的文本。
When I have more users than these three, and I want only these three to be able to enter dir1 - what then?
当我的用户多于这三个,而我只希望这三个能够进入 dir1 时 - 那怎么办?
Then you have to assign them one special group and allow this group to read content of dir1.
然后你必须给他们分配一个特殊的组,并允许这个组读取 dir1 的内容。
Create group specialusers
创建组 specialusers
$ groupadd specialusers
Add users in this group
在该组中添加用户
$ usermod -aG specialusers user1
$ usermod -aG specialusers user2
$ usermod -aG specialusers user3
Allow specialusersto read folder
允许specialusers读取文件夹
$ chown root:specialusers dir1
$ chmod dir1 0750
Now only users from in group specialuserscan see a list of folders under dir1
现在只有组内的用户specialusers才能看到 dir1 下的文件夹列表
