In the security management increasingly important today, traditional Unix file system permission management is UGO to meet day-to-day system administration needs.
The ACL mechanism gradually become the mainstream of permissions management. This article describes the kernel based on Linux2.6 release Fedora Core on some of the basic function of the ACL. Profile of user permissions ACL management has always been the UNIX system administration in the most important aspects. Everyone on Linux/Unix permissions management of UGO will certainly not new, there are the most common chmod command. In order to achieve some of the more complex permissions management, often have to create many of the group, and detailed logging and distinguish the (very often is the Administrator's nightmare). For a user to specify a particular file, I'm afraid that administrators are looking forward to. For example, on a specific file, A user can read, user B group can modify, you can not only user b. ... So there will be a standard in this ACL IEEEPOSIX1003.1e. The so-called ACL, is the AccessControlList, a file/directory access control lists, you can target any given user/group is assigned permissions RWX. Now the mainstream commercial Unix systems support the ACL. FreeBSD also provides support to the ACL. Linux in this area will not be backward, starting from 2.6 kernel supports ACL. Readiness to support the ACL you need kernel and file systems support. Now 2.6 kernel with EXT2/EXT3, JFS, XFS, ReiserFS, and other file systems are capable of supporting the ACL. Use your own work experience with physical partitions ACL, always unwise behaviour. In case of improper operation caused the damage, caused the partition data lost, the loss is big. Make a loop device is a safe alternative. This does not require a separate partition, nor does it require a lot of hard disk space, about a hundred KB is enough for our experience. OK, here I am using FedoraCore5 and ext3 file ACLs on Linux experience. First create a blank file: 512KB root @ FC3-vm opt] # ddif =/dev/zeroof =/opt/testptncount = 512512 + 0recordsin512 + 0recordsout and a loop device linked to the: root @ FC3-vm opt] # losetup/dev/loop0/opt/testptn create an EXT2 file system: root @ FC3-vm opt] # mke2fs/dev/loop0mke2fs1.35 (28-Feb-2004) max_blocks262144, rsv_groups = 32, rsv_gdb = 0Filesystemlabel = OStype: LinuxBlocksize = 1024 (log = 0) Fragmentsize = 1024 (log = 0) 32inodes, 256blocks12blocks (4.69%) reservedforthesuperuserFirstdatablock = 11blockgroup8192blockspergroup, 8192fragmentspergroup32inodespergroupWritinginodetables: doneWritingsuperblocksandfilesystemaccountinginformation: doneThisfilesystemwillbeautomaticallycheckedevery30mountsor180days, whichevercomesfirst.Usetune2fs-cor-itooverride. Mount the new file system (note the ACLs in the mount options, we rely on it to tell the kernel what we need in the file system ACLs): root @ FC3-vm opt] # mount-orw, acl/dev/loop0/mntroot @ FC3-vm opt] # cd/mnt mntroot @ FC3-vm] # lslost + found now I've got a small file system. But also support ACLs. And even if the total damage will not affect the hard disk on other valuable data. You can start our ACL experience.
No comments:
Post a Comment