韩国阿v一区二区三区,午夜大陆理论免费观看,超caopor在线公开视频

本文介紹NFSv4 ACL權(quán)限順序、權(quán)限繼承、排序、合并、遷移等特性。

權(quán)限順序

權(quán)限生效的順序，按照顯示的ACE順序evaluate。

ACE類型支持Allow和Deny，Deny可以被設(shè)置在任何位置。假設(shè)ACL有兩個ACE（group:adminis:rwxc和group:adminis:r---），兩個ACE的先后順序會直接決定adminis2是否具有讀權(quán)限。您在設(shè)置ACL時，需要非常注意ACE的位置。

假設(shè)在目錄dir4中，用戶adminis2的權(quán)限如下所示，則表示用戶adminis2對目錄dir4具有所有權(quán)限。

#NFSv4 ACL
#owner:root
#group:root
group:adminis2:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (X)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:adminis2:r---:deny
 (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:owner@:---c:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (X)CHOWN        (-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:----:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:----:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

假設(shè)在目錄dir4中，用戶adminis2的權(quán)限如下所示，則表示用戶adminis2無讀權(quán)限。

#NFSv4 ACL
#owner:root
#group:root
group:adminis2:r---:deny
 (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

group:adminis2:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (X)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:owner@:---c:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (X)CHOWN        (-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:----:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:----:allow
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

ACL排序和合并

當(dāng)為用戶新增ACE后，新的ACE并不會與舊的ACE合并。

例如，用戶1001（屬于群組players）在文件file中具備如下ACL，為用戶player增加W權(quán)限的ACE后，新的ACE不會與舊的ACE合并。

舊ACE權(quán)限

#NFSv4 ACL
#owner:root
#group:root
special:everyone@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:group@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:owner@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

group:adminis:rwxc:allow:FileInherit:DirInherit
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (X)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:players:r-x-:allow:FileInherit:DirInherit
 (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

新ACE權(quán)限

#NFSv4 ACL
#owner:root
#group:root
group:players:rwx-:allow:Inherited
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:everyone@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:group@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:owner@:----:allow:FileInherit:DirInherit
 (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

group:adminis:rwxc:allow:FileInherit:DirInherit
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (X)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:players:r-x-:allow:FileInherit:DirInherit
 (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

驗(yàn)證新增的權(quán)限生效。

執(zhí)行命令

sudo su player -c 'echo 456 >> file'

sudo su player -c 'cat file'

返回示例
```
123
456
```

權(quán)限繼承

假設(shè)當(dāng)前目錄dir5的權(quán)限是owner可寫，group可讀，everyone不能訪問。

給用戶player增加讀寫權(quán)限并且可繼承。

為用戶player配置讀寫權(quán)限，并將規(guī)則保存至文本（例如，acl2.txt）中。

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:DirInherit
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

user:player:rwx-:allow:FileInherit
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

將acl2的規(guī)則應(yīng)用到目錄dir5上。
```
mmputacl -i ~/acl2.txt dir5
```

在目錄dir5下創(chuàng)建的文件或目錄就自動帶有繼承的ACE。

進(jìn)入目錄dir5。
```
cd  dir5
```
創(chuàng)建文件file。
```
touch file
```

確認(rèn)文件file自動繼承目錄dir5的ACE權(quán)限。

執(zhí)行命令
```
mmgetacl file
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

創(chuàng)建目錄subdir。
```
mkdir subdir
```

確認(rèn)子目錄subdir自動繼承目錄dir5的ACE權(quán)限。

執(zhí)行命令
```
mmgetacl subdir
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:DirInherit:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

user:player:rwx-:allow:FileInherit:InheritOnly:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

繼續(xù)在子目錄subdir下創(chuàng)建的文件或目錄就自動帶有繼承的ACE。

創(chuàng)建目錄subdir/subdir2。
```
mkdir subdir/subdir2
```

確認(rèn)目錄subdir/subdir2自動繼承子目錄subdir的ACE。

執(zhí)行命令
```
mmgetacl subdir/subdir2
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:DirInherit:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

user:player:rwx-:allow:FileInherit:InheritOnly:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

創(chuàng)建文件subdir/file2。
```
touch subdir/file2
```

確認(rèn)文件subdir/file2自動繼承子目錄subdir的ACE。

執(zhí)行命令
```
mmgetacl subdir/file2
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:Inherited
 (X)READ/LIST (X)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

InheritOnly在當(dāng)前目錄不參加權(quán)限校驗(yàn)，但ACE會繼承。

說明

DirInherit和FileInherit要分成兩個ACE配置，否則會報錯Combining FileInherit and DirInherit makes the mask ambiguous。
inherit only時，由于ACE本身不做權(quán)限檢查，父目錄上要配置rx權(quán)限，否則player無法進(jìn)入子目錄。

輸出

不支持通過extended attributes輸出NFSv4 ACL。

遷移

支持cp等工具遷移NFSv4 ACL。

阿里云CPFS支持使用Redhat NFSv4 ACL遷移工具說明中提到的cp、tar、rsync工具遷移NFSv4 ACL。

下面例子中cp --preserve=xattr file2 file5拷貝file2到file5時拷貝了ACL。

說明

rsync工具可能由于版本低于3.1.2而不能遷移NFSv4 ACL。

將file2的ACL遷移至file5。

cp --preserve=xattr newsub/file2 newsub/file5

查看file2的ACL。

執(zhí)行命令
```
mmgetacl newsub/file2
```

返回示例

#NFSv4 ACL
#owner:player
#group:players
user:player:rwx-:allow:Inherited
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (X)WRITE_ATTR (-)WRITE_NAMED

查看file5的ACL。

執(zhí)行命令
```
mmgetacl newsub/file5
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
user:player:rwx-:allow:Inherited
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL  (-)READ_ATTR  (-)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (X)WRITE_ATTR (-)WRITE_NAMED

NFSv4 ACL與mode的互操作

支持NFSv4 ACL和mode之間的互操作，修改ACL可能引起mode的改變，反之亦然。

例如，文件file當(dāng)前mode為0666。

文件file的mode權(quán)限

-rw-rw-rw- 1 root root 0 Jun  1 14:45 file

文件file的ACE權(quán)限

#NFSv4 ACL
#owner:root
#group:root
special:owner@:rw-c:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (X)CHOWN        (-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:rw--:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:rw--:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

通過設(shè)置mode給owner增加執(zhí)行權(quán)限，相應(yīng)ACE也會增加執(zhí)行權(quán)限。

通過設(shè)置mode給owner增加執(zhí)行權(quán)限。
```
chmod u+x file
```
查看文件file的mode權(quán)限。
- 執(zhí)行命令
```
ls -l file
```
- 返回示例
```
-rwxrw-rw- 1 root root 0 Jun  1 14:45 file
```

確認(rèn)ACE中owner已增加執(zhí)行權(quán)限。

執(zhí)行命令
```
mmgetacl file
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
special:owner@:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (X)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:rw--:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:rw--:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

通過設(shè)置ACE給group增加執(zhí)行權(quán)限，相應(yīng)mode也會增加執(zhí)行權(quán)限。

編輯file的ACL屬性給group增加執(zhí)行權(quán)限。
```
mmeditacl file
```
在返回的信息后，輸入yes，確認(rèn)應(yīng)用修改的權(quán)限。

查看在文件file中group擁有的ACE權(quán)限。

執(zhí)行命令
```
mmgetacl file
```

返回示例

#NFSv4 ACL
#owner:root
#group:root
special:owner@:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (X)CHOWN        (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

special:group@:rwx-:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

special:everyone@:rw--:allow
 (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (-)DELETE    (-)DELETE_CHILD (-)CHOWN        (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED

確認(rèn)在mode中group已增加執(zhí)行權(quán)限。
- 執(zhí)行命令
```
ls -l file
```
- 返回示例
```
-rwxrwxrw- 1 root root 0 Jun  1 14:45 file
```

NFSv4 ACL與POSIX ACL互操作

不支持與POSIX ACL互操作。

日本熟妇hd丰满老熟妇,中文字幕一区二区三区在线不卡 ,亚洲成片在线观看,免费女同在线一区二区

NFSv4 ACL特性

權(quán)限順序

ACL排序和合并

權(quán)限繼承

輸出

遷移

NFSv4 ACL與mode的互操作

NFSv4 ACL與POSIX ACL互操作