前言

Linux的UGO权限模型，可以满足日常的权限需求。

什么是UGO权限模型？

实践

步骤1：创建用户，并将用户加入新创建的群组

[[email protected] ~]# groupadd students
[[email protected] ~]# groupadd profs
[[email protected] ~]# useradd linda -G students
useradd lisa -G students
[[email protected] ~]# useradd lisa -G students
useradd anouk -G profs
[[email protected] ~]# useradd anouk -G profs
useradd anna -G profs
[[email protected] ~]# useradd anna -G profs
[[email protected] ~]# 

步骤2：创建两个文件夹/data/students与/data/profs

[[email protected] ~]# mkdir -p /data/students /data/profs
[[email protected] ~]# ls -l /data
total 0
drwxr-xr-x. 2 root root 6 Jul  2 01:47 profs
drwxr-xr-x. 2 root root 6 Jul  2 01:47 students

步骤3：将刚创建的文件夹，分别更改群组为students, profs，权限为770

[[email protected] ~]# chgrp students /data/students
[[email protected] ~]# chgrp profs /data/profs
[[email protected] ~]# chmod 770 /data/{students,profs}
[[email protected] ~]# ls -l /data
total 0
drwxrwx---. 2 root profs    6 Jul  2 01:47 profs
drwxrwx---. 2 root students 6 Jul  2 01:47 students

步骤4：验证：anna成功往/data/profs创建文件，anouk无法写属主为anna权限为644的文件。

[[email protected] ~]# id anna
uid=1004(anna) gid=1006(anna) groups=1006(anna),1002(profs)
[[email protected] ~]# su anna -c "touch /data/profs/anna"
[[email protected] ~]# ls -l /data/profs/anna
-rw-r--r--. 1 anna anna 0 Jul  2 01:58 /data/profs/anna
[[email protected] ~]# su anouk -c "echo anouk > /data/profs/anna"
bash: /data/profs/anna: Permission denied