为了证明是 Allentunsgroup 组起的作用而非用户
[root@NFS_Client ~]# useradd scott1
[root@NFS_Client ~]# passwd scott1
Changing password for user scott1.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@allentuns onair]# su scott1
[scott1@NFS_Client ~]$ id
uid=501(scott1) gid=501(scott1) groups=501(scott1) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [scott1@NFS_Client ~]$ touch d.sh
touch: cannot touch `d.sh': Permission denied
[scott1@NFS_Client ~]$ id
uid=501(scott1) gid=501(scott1) groups=501(scott1)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[scott1@allentuns onair]$ exit
exit
[root@allentuns ~]# su scott1 [scott1@allentuns ~]$ touch d.sh [scott1@allentuns ~]$ ll
total 0
-rw-r--r--. 1 root root 0 May 4 01:45 a.sh
-rw-r--r--. 1 nobody Allentunsgroup 0 May 4 02:11 b.sh
-rw-r--r--. 1 nobody Allentunsgroup 0 May 4 04:37 c.sh
-rw-r--r--. 1 nobody Allentunsgroup 0 May 4 04:41 d.sh
---End2---
实验二 主要是 setfacl 的用法
实例三
仅给某个单一主机使用的目录设定
我要将一个私人的目录/homt/test 开放给 192.168.1.5 这个客户端,只有 apache 用户对此目录才
具有完整的权限
[ON Server]
[root@NFS_Server ~]# mkdir /home/test
[root@NFS_Server ~]# touch /home/test/ab.sh
[root@NFS_Server ~]# useradd apache [root@NFS_Server ~]# passwd apache Changing password for user apache. New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
[root@NFS_Server ~]# id apache
uid=502(apache) gid=502(apache) groups=502(apache) [root@NFS_Server ~]# setfacl -m u:apache:rwx /home/test [root@NFS_Server ~]# vim /etc/exports
/home/test 192.168.1.5(rw)
[root@NFS_Server ~]# exportfs -r
[root@NFS_Server ~]# ll /home/test/
total 0
-rw-r--r--. 1 root root 0 May 4 05:13 ab.sh
[ON Client]
[root@NFS_Client ~]# mkdir /usr/local/live
[root@NFS_Client ~]# showmount -e 192.168.1.4
Export list for 192.168.1.4:
/home/test 192.168.1.5
[root@NFS_Client ~]# mount -t nfs 192.168.1.4:/home/test /usr/local/live/
[root@NFS_Client ~]# ll
total 24
-rw-------. 1 root root 969 Apr 23 15:12 anaconda-ks.cfg
-rw-r--r--. 1 root root 15989 Apr 23 15:12 install.log
-rw-r--r--. 1 root root 3482 Apr 23 15:10 install.log.syslog
[root@NFS_Client ~]# cd /usr/local/live/ [root@NFS_Client live]# ll
total 0
-rw-r--r--. 1 root root 0 May 4 2014 ab.sh 用户切换验证,起作用的是 uid 号而不是用户名称 [root@NFS_Client ~]# useradd apache
uid=501(apache) gid=501(apache) groups=501(apache)
[root@NFS_Client ~]# passwd apache Changing password for user apache. New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@NFS_Client ~]# su apache
[apache@NFS_Client root]$ id
uid=501(apache) gid=501(apache) groups=501(apache)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[apache@NFS_Client root]$ whoami
apache
[apache@NFS_Client root]$ cd /usr/local/live/
[apache@NFS_Client live]$ ll
total 0
-rw-r--r--. 1 root root 0 May 4 05:13 ab.sh
-rw-rw-r--. 1 530 530 0 May 4 05:23 ddd.sh
[apache@NFS_Client live]$ touch ^C
[apache@NFS_Client live]$ ll total 0
-rw-r--r--. 1 root root 0 May 4 05:13 ab.sh
[apache@NFS_Client live]$ touch cd.sh
touch: cannot touch `cd.sh': Permission denied
[apache@NFS_Client live]$ su
[root@NFS_Client live]# useradd -u 502 allentuns
[root@NFS_Client live]# id allentuns
uid=502(allentuns) gid=502(allentuns) groups=502(allentuns) [root@NFS_Client live]# passwd allentuns
Changing password for user allentuns.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@NFS_Client live]# su allentuns
[allentuns@NFS_Client live]$ id
uid=502(allentuns) gid=502(allentuns) groups=502(allentuns)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[allentuns@NFS_Client live]$ whoami
allentuns
[allentuns@NFS_Client live]$ touch cd.sh
[allentuns@NFS_Client live]$ ll
total 0
-rw-r--r--. 1 root root 0 May 4 05:13 ab.sh
-rw-rw-r--. 1 530 530 0 May 4 2014 cd.sh
[ON Server] [allentuns@NFS_Client live]$ ll total 0
-rw-r--r--. 1 root root 0 May 4 05:13 ab.sh
-rw-rw-r--. 1 530 530 0 May 4 05:28 cd.sh
---End---
实例三其实与实例二大同小异,主要验证 uid 和 gid 对 nfs 权限的作用