Linux

5/11 접근제어리스트(ACL) 설정 관리

접근제어리스트(ACL)

default ACL 설정되어 있으면 하위디렉토리가 상속받음.

접근제어리스트 적용유무확인

#ls -l /root/acl/file-name

접근제어리스트 정보 확인

getfacel file-name

접근제어리스트 설정

setfac1 [option] ENTRY:NAME:PERMS file-name

접근제어리스트 제거

setfacl -x ENTRY:NAME file-name (NAME까지만 입력하고 PERMS는 지정하지 않음)

setfacl [ {-b | -k} ] file-name

접근제어리스트 재귀적사용

setfacl -Rm ENTRY:NAME:PERMS file-name

예제)file: roster.txt

group:controllet

user:james:----

user:1005:rwx

group:sodor:r--

group:2210:rwx

mask: :rw-

effective:rw-

student@student-B85M-DS3H-A:~$ touch fileA
student@student-B85M-DS3H-A:~$ ls -al fileA 
-rw-rw-r-- 1 student student 0  5월 11 09:57 fileA
student@student-B85M-DS3H-A:~$ chmod 777
chmod: missing operand after ‘777’
Try 'chmod --help' for more information.
student@student-B85M-DS3H-A:~$ chmod 777 fileA 
student@student-B85M-DS3H-A:~$ ls -al fileA 
-rwxrwxrwx 1 student student 0  5월 11 09:57 fileA
student@student-B85M-DS3H-A:~$ getfacl fileA 
# file: fileA
# owner: student
# group: student
user::rwx
group::rwx
other::rwx

student@student-B85M-DS3H-A:~$ sudo useradd user01
[sudo] password for student: 
student@student-B85M-DS3H-A:~$ setfacl -m u:user01:r fileA 
student@student-B85M-DS3H-A:~$ getfacl  fileA 
# file: fileA
# owner: student
# group: student
user::rwx
user:user01:r--
group::rwx
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ setfacl -m u:user01:wx fileA 
student@student-B85M-DS3H-A:~$ getfacl fileA 
# file: fileA
# owner: student
# group: student
user::rwx
user:user01:-wx
group::rwx
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ chmod 555 fileA 
student@student-B85M-DS3H-A:~$ getfacl fileA 
# file: fileA
# owner: student
# group: student
user::r-x
user:user01:-wx			#effective:--x
group::rwx			#effective:r-x
mask::r-x
other::r-x

student@student-B85M-DS3H-A:~$ setfacl -x u:user01:wx fileA 
setfacl: Option -x: Invalid argument near character 10
student@student-B85M-DS3H-A:~$ setfacl -x user01 fileA 
student@student-B85M-DS3H-A:~$ getfacl fileA 
# file: fileA
# owner: student
# group: student
user::r-x
group::rwx
mask::rwx
other::r-x

student@student-B85M-DS3H-A:~$ ls -al fileA 
-r-xrwxr-x+ 1 student student 0  5월 11 09:57 fileA
student@student-B85M-DS3H-A:~$ touch roster.txt
student@student-B85M-DS3H-A:~$ ls -al roster.txt
-rw-rw-r-- 1 student student 0  5월 11 10:06 roster.txt
student@student-B85M-DS3H-A:~$ chmod 777 roster.txt
student@student-B85M-DS3H-A:~$ ls -al roster.txt
-rwxrwxrwx 1 student student 0  5월 11 10:06 roster.txt
student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: student
user::rwx
group::rwx
other::rwx


student@student-B85M-DS3H-A:~$ sudo useradd sodor
[sudo] password for student: 
student@student-B85M-DS3H-A:~$ sudo setfacl -m g:sodor:r roster.txt 
student@student-B85M-DS3H-A:~$ sudo useradd james
student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: student
user::rwx
group::rwx
group:sodor:r--
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ sudo setfacl -m u:james:0 roster.txt 
student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: student
user::rwx
user:james:---
group::rwx
group:sodor:r--
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ sudo chmod 770 roster.txt 
student@student-B85M-DS3H-A:~$ getfacl roster.txt 



udent@student-B85M-DS3H-A:~$ sudo useradd 2210 ->이 숫자는 UID라서 계정으로 만들면 안됨. 틀린것임
student@student-B85M-DS3H-A:~$ sudo setfacl -m g:2210:rwx roster.txt 
student@student-B85M-DS3H-A:~$ getfacl roster.txt 됨
# file: roster.txt
# owner: student
# group: student
user::rwx
user:james:---
group::rwx
group:sodor:r--
group:2210:rwx
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ sudo setfacl -m u:1005:rwx roster.txt 
student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: student
user::rwx
user:james:---
user:1005:rwx
group::rwx
group:sodor:r--
group:2210:rwx
mask::rwx
other::rwx

student@student-B85M-DS3H-A:~$ sudo setfacl -m m::rw roster.txt 
student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: student
user::rwx
user:james:---
user:1005:rwx			#effective:rw-
group::rwx			#effective:rw-
group:sodor:r--
group:2210:rwx			#effective:rw-
mask::rw-
other::rwx


student@student-B85M-DS3H-A:~$ sudo groupadd controller 
-> 문자로 된건 무조건 ~add로 만들어주고 sudo chown~해줘야함
(숫자로 된거는 UID라서 add로 생성안하고 바로 sudo chown~으로 넘버 써주면 바로 바뀜)

student@student-B85M-DS3H-A:~$ sudo chown :controller roster.txt
-> 한번에 user랑 group을 바꿀려면 sudo chown USER-NAME:GROUP-NAME File-name 
이런 형식으로 바로 입력하면됨


student@student-B85M-DS3H-A:~$ getfacl roster.txt 
# file: roster.txt
# owner: student
# group: controller
user::rwx
user:james:---
user:1005:rwx			#effective:rw-
group::rwx			#effective:rw-
group:sodor:r--
group:2210:rwx			#effective:rw-
mask::rw-
other::rwx

student@student-B85M-DS3H-A:~$

예제 정답)

chmod 7777 fileA
 chmod 0777 fileA

   95  touch fileA
   96  ls -al fileA 
   97  chmod 777 fileA 
   98  ls -al fileA 
   99  getfacl fileA 
  100  sudo useradd user01
  101  setfacl -m u:user01:r fileA 
  102  getfacl fileA 
  103  setfacl -m u:user01:wx fileA 
  104  getfacl fileA 
  106  chmod 555 fileA 
  107  getfacl fileA 
  108  setfacl -x u:user01:wx fileA 
  109  setfacl -x user01 fileA
  110  getfacl fileA
  111  ls -al fileA 

 30 분까지 쉬는시간
----------------------------------------------
실습1
  113  touch roster.txt
  114  sudo useradd student
  115  sudo useradd james
  116  sudo groupadd controller
  117  sudo groupadd sodor
  118  ls -al roster.txt 
  119  getfacl roster.txt 
  120  chown student roster.txt 
  121  sudo chown student roster.txt 
  122  getfacl roster.txt 
  123  sudo chown :controller roster.txt 
  124  ls -al roster.txt 
  125  getfacl roster.txt 
  126  sudo chmod 770 roster.txt 
  127  getfacl roster.txt 
  128  sudo setfacl -m u:james:0 roster.txt 
  129  getfacl roster.txt 
  130  sudo setfacl -m u:1005:rwx roster.txt 
  131  sudo setfacl -m g:sodor:r roster.txt 
  132  sudo setfacl -m g:2210:rwx roster.txt 
  133  getfacl roster.txt 
  134  ls -al roster.txt 
  135  sudo setfacl -m m::rw roster.txt 
  136  getfacl roster.txt 
  137  ls -al roster.txt 
  138  history

student@student-B85M-DS3H-A:~$ sudo groupadd aclgroup
student@student-B85M-DS3H-A:~$ sudo useradd user02 -g aclgroup 
student@student-B85M-DS3H-A:~$ sudo mkdir /ptest
student@student-B85M-DS3H-A:~$ sudo chmod 777 /ptest
student@student-B85M-DS3H-A:~$ sudo mkdir /ptest/dir02
student@student-B85M-DS3H-A:~$ sudo setfacl -m u:user03:0 /ptest/dir02
student@student-B85M-DS3H-A:~$ sudo touch /ptest/dir02/file01
student@student-B85M-DS3H-A:~$ sudo setfacl -m u:user01:rw, g:aclgroup:w /ptest/dir02/file01
student@student-B85M-DS3H-A:~$ 



student@student-B85M-DS3H-A:~$ sudo mkdir /ptest/dir02/dir04
student@student-B85M-DS3H-A:~$ sudo chmod 000 /ptest/dir02/dir04
student@student-B85M-DS3H-A:~$ sudo setfacl -m u:user04:7 /ptest/dir02/dir04

Contents

내 블로그 - 관리자 홈 전환	`Q` `Q`
새 글 쓰기	`W` `W`

글 수정 (권한 있는 경우)	`E` `E`
댓글 영역으로 이동	`C` `C`

이 페이지의 URL 복사	`S` `S`
맨 위로 이동	`T` `T`
티스토리 홈 이동	`H` `H`
단축키 안내	`Shift` + `/` `⇧` + `/`

새소식

인기 검색어

5/11 접근제어리스트(ACL) 설정 관리

당신이 좋아할만한 콘텐츠

티스토리툴바

단축키

내 블로그

블로그 게시글

모든 영역