我正在嘗試使用 ACL 在用戶之間設定伺服器上的權限。當我使用 檢查目錄之一的狀態時getfacl dir10,它顯示:
root@svn:/srv/resources/somedir# getfacl dir10
# file: dir10
# owner: root
# group: mygroup
# flags: -s-
這些標誌是什麼意思?我怎樣才能改變它們?
答案1
從man getfacl:
The output format of getfacl is as follows:
1: # file: somedir/
2: # owner: lisa
3: # group: staff
4: # flags: -s-
[...]
Line 4 indicates the setuid (s), setgid (s), and sticky (t) bits:
either the letter representing the bit, or else a dash (-).
This line is included if any of those bits is set and left out
otherwise, so it will not be shown for most files. (See
CONFORMANCE TO POSIX 1003.1e DRAFT STANDARD 17 below.)
設定這些值,請參閱man setfacl:
--restore=file
Restore a permission backup created by `getfacl -R' or similar.
All permissions of a complete directory subtree are restored using
this mechanism. If the input contains owner comments or group
comments, setfacl attempts to restore the owner and owning group. If
the input contains flags comments (which define the setuid, setgid,
and sticky bits), setfacl sets those three bits accordingly;
otherwise, it clears them. This option cannot be mixed with
other options except `--test'.
答案2
@umläute 關於該標誌的意思是完全正確的。但是,要擺脫它,-s-您需要將其從UNIX權限中刪除。
IE
chmod g-s ./dir10
唯一--restore=file的將權限恢復到以前的層級(這可能會刪除 setgid,也可能不會。)而且我認為它不適用於目錄,僅適用於檔案。