当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 17 篇帖子 ]  前往页数 1, 2  下一页
作者 内容
1 楼 
 文章标题 : [抛砖引玉]用户,用户组,关于linux的权限.
帖子发表于 : 2008-09-16 11:24 
头像

注册: 2006-04-12 18:54
帖子: 4671
送出感谢: 0 次
接收感谢: 7
前面在pk区看到个帖子,说道"为什么普通用户可以关机",后面有些讨论,干脆把我要说的发在这里,让大家有个感性认识吧.

先引用我举的一个例子:

引用:
"如果你住在大楼里

开门的钥匙(权限)是楼下管理员(root的守护程序)的

如果你半夜回家要开门,并不是你 去开门。

而是你通知管理员同志去开门

至于管理员同志开门还是不开门,就取决于他是否认识或者信任你了(在linux一般体现为用户组,比如你在用户组 “住户“里,管理员只有当你在这个组里才会给你开门)"


linux的确只把用户分为了 权限无限大的 root 用户 和权限小的可怜的非root用户.但是,这不代表非root用户无法 使用root的权限




"当你乘出租车的时候,方向盘是在出租车司机手里的.当我们没有驾驶汽车的权限的时候,我们是怎么到达目的地的呢?"

在linux下的一般的处理方法是,一个root权限的守护程序(daemon)来响应普通用户的要求,来实现普通用户可以使用特定的root权限的要求(比如gui的关机,比如xorg,比如我们普通用户的光驱挂载).这也就是一般教科书上的"多用户"的典型用法.





"上了出租车,我们不需要驾驶(权限)就能到达目的地,那岂不是任何人上任何车都可以到达目的地?"

普通用户可以使用root权限,这样系统安全会不会有问题?区分root和非root用户是不是没有必要了呢?

当然不是.

因为linux真正用来控制权限的并不是用户的权限,而是用户所在的用户组.

用户组这个东西,可以认识为对用户的不同身份的表示.以现实社会来说,你可能同时是在"男性"这个组里,"学生"这个组里,"XX大学"这个组里,"XX小区住户"这个组里.

而 相应的 "厕所管理员" "教师" "大学门卫" "小区门卫" ,则也会根据你是否在某个组的,决定你是否具有"进女厕所","听课","进入校区", "进入住宅区" 这些原本需要root权限的权力.

真正代表普通用户的权力的,是他在多少个用户组内.

而真正做到把root权限的某一部分允许特定用户使用的,是具有root权限的守护程序,对于用户所在组的认可.

而linux,根据这个用户组的使用,可以把权限设置做到一个极细致的程度.

比如,实际上,linux完全可以做到,允许某些用户 不需要输入任何密码就安装apt里的软件,但是,不能对系统作其他方面的任何设置.


_________________
荃创想


页首
 用户资料  
 
2 楼 
 文章标题 :
帖子发表于 : 2008-09-16 11:26 
头像

注册: 2006-04-12 18:54
帖子: 4671
送出感谢: 0 次
接收感谢: 7
感觉表达的还是有些零乱


_________________
荃创想


页首
 用户资料  
 
3 楼 
 文章标题 :
帖子发表于 : 2008-09-16 11:49 
头像

注册: 2005-08-01 9:14
帖子: 3666
送出感谢: 0 次
接收感谢: 0 次
好砖头 8)


_________________
Gedanken ohne Inhalt sind leer .Anschauungen ohne Begriffe sind blind.


页首
 用户资料  
 
4 楼 
 文章标题 :
帖子发表于 : 2008-09-16 11:56 
头像

注册: 2007-08-05 17:40
帖子: 4968
送出感谢: 0 次
接收感谢: 4
借我拍一下!


页首
 用户资料  
 
5 楼 
 文章标题 :
帖子发表于 : 2008-09-16 22:40 
头像

注册: 2007-10-06 3:48
帖子: 510
地址: 霍格沃茨魔法学校葛莱芬多学院
送出感谢: 0 次
接收感谢: 0 次
不错,基本问题说清楚了
最好再解释一下用户组的分类,root、sudo、adm之类,再解释一下权限、优先级的划分
这个帖子就值得移到教学区


_________________
Because...nobody really uses an operating system,
people use...programs...on their computer.
And the only mission in life of an operating system is to helps those programs run.
----Linus


页首
 用户资料  
 
6 楼 
 文章标题 :
帖子发表于 : 2008-09-17 3:09 

注册: 2008-03-15 10:34
帖子: 223
送出感谢: 0 次
接收感谢: 0 次
好文!学习了!


页首
 用户资料  
 
7 楼 
 文章标题 :
帖子发表于 : 2008-09-17 14:35 
头像

注册: 2007-05-06 8:19
帖子: 7433
送出感谢: 0 次
接收感谢: 4
凡是文件权限中带“s”的,执行的时候都是按照"root"的权限来执行的。


页首
 用户资料  
 
8 楼 
 文章标题 :
帖子发表于 : 2008-09-17 14:57 

注册: 2008-01-09 22:41
帖子: 18311
送出感谢: 0 次
接收感谢: 6
值得顶的好文!

比喻的很详细很恰当


页首
 用户资料  
 
9 楼 
 文章标题 :
帖子发表于 : 2008-09-17 18:03 
头像

注册: 2007-09-29 3:09
帖子: 5773
送出感谢: 0 次
接收感谢: 3
先转到教学版然后再慢慢修改有没有意见? :D

确实好砖


_________________
HUNT Unfortunately No Talent...


页首
 用户资料  
 
10 楼 
 文章标题 :
帖子发表于 : 2008-09-17 18:32 
头像

注册: 2007-05-12 22:48
帖子: 1344
送出感谢: 0 次
接收感谢: 0 次
改变拥有者 chown
change owner
代码:
chown -R  user(帐号):group(组群)  文件或者目录

引用:
<--- Man --->
chown
CHOWN(1) User Commands CHOWN(1)



NAME
chown - change file owner and group

SYNOPSIS
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...

DESCRIPTION
This manual page documents the GNU version of chown. chown changes the
user and/or group ownership of each given file. If only an owner (a
user name or numeric user ID) is given, that user is made the owner of
each given file, and the files' group is not changed. If the owner is
followed by a colon and a group name (or numeric group ID), with no
spaces between them, the group ownership of the files is changed as
well. If a colon but no group name follows the user name, that user is
made the owner of the files and the group of the files is changed to
that user's login group. If the colon and group are given, but the
owner is omitted, only the group of the files is changed; in this case,
chown performs the same function as chgrp. If only a colon is given,
or if the entire operand is empty, neither the owner nor the group is
changed.

OPTIONS
Change the owner and/or group of each FILE to OWNER and/or GROUP. With
--reference, change the owner and group of each FILE to those of RFILE.

-c, --changes
like verbose but report only when a change is made

--dereference
affect the referent of each symbolic link (this is the default),
rather than the symbolic link itself

-h, --no-dereference
affect each symbolic link instead of any referenced file (useful
only on systems that can change the ownership of a symlink)

--from=CURRENT_OWNER:CURRENT_GROUP
change the owner and/or group of each file only if its current
owner and/or group match those specified here. Either may be
omitted, in which case a match is not required for the omitted
attribute.

--no-preserve-root
do not treat `/' specially (the default)

--preserve-root
fail to operate recursively on `/'

-f, --silent, --quiet
suppress most error messages

--reference=RFILE
use RFILE's owner and group rather than specifying OWNER:GROUP
values

-R, --recursive
operate on files and directories recursively

-v, --verbose
output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the
final one takes effect.

-H if a command line argument is a symbolic link to a directory,
traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)

--help display this help and exit

--version
output version information and exit

Owner is unchanged if missing. Group is unchanged if missing, but
changed to login group if implied by a `:' following a symbolic OWNER.
OWNER and GROUP may be numeric as well as symbolic.

EXAMPLES
chown root /u
Change the owner of /u to "root".

chown root:staff /u
Likewise, but also change its group to "staff".

chown -hR root /u
Change the owner of /u and subfiles to "root".

AUTHOR
Written by David MacKenzie and Jim Meyering.

REPORTING BUGS
Report bugs to <bug-coreutils@gnu.org>.

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
chown(2)

The full documentation for chown is maintained as a Texinfo manual. If
the info and chown programs are properly installed at your site, the
command

info coreutils 'chown invocation'

should give you access to the complete manual.



GNU coreutils 6.10 April 2008 CHOWN(1)


最后由 jeffwei 编辑于 2008-09-17 18:44,总共编辑了 1 次

页首
 用户资料  
 
11 楼 
 文章标题 :
帖子发表于 : 2008-09-17 18:36 
头像

注册: 2007-05-12 22:48
帖子: 1344
送出感谢: 0 次
接收感谢: 0 次
改变群组 chgrp
change group
代码:
chgrp    组群名称   文件或者目录

引用:
<--- Man --->
chgrp
CHGRP(1) User Commands CHGRP(1)



NAME
chgrp - change group ownership

SYNOPSIS
chgrp [OPTION]... GROUP FILE...
chgrp [OPTION]... --reference=RFILE FILE...

DESCRIPTION
Change the group of each FILE to GROUP. With --reference, change the
group of each FILE to that of RFILE.

-c, --changes
like verbose but report only when a change is made

--dereference
affect the referent of each symbolic link (this is the default),
rather than the symbolic link itself

-h, --no-dereference
affect each symbolic link instead of any referenced file (useful
only on systems that can change the ownership of a symlink)

--no-preserve-root
do not treat `/' specially (the default)

--preserve-root
fail to operate recursively on `/'

-f, --silent, --quiet
suppress most error messages

--reference=RFILE
use RFILE's group rather than specifying a GROUP value

-R, --recursive
operate on files and directories recursively

-v, --verbose
output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the
final one takes effect.

-H if a command line argument is a symbolic link to a directory,
traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)

--help display this help and exit

--version
output version information and exit

EXAMPLES
chgrp staff /u
Change the group of /u to "staff".

chgrp -hR staff /u
Change the group of /u and subfiles to "staff".

AUTHOR
Written by David MacKenzie and Jim Meyering.

REPORTING BUGS
Report bugs to <bug-coreutils@gnu.org>.

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
The full documentation for chgrp is maintained as a Texinfo manual. If
the info and chgrp programs are properly installed at your site, the
command

info coreutils 'chgrp invocation'

should give you access to the complete manual.



GNU coreutils 6.10 April 2008 CHGRP(1)



页首
 用户资料  
 
12 楼 
 文章标题 :
帖子发表于 : 2008-09-17 18:42 
头像

注册: 2007-05-12 22:48
帖子: 1344
送出感谢: 0 次
接收感谢: 0 次
改变拥有者 chown
代码:
chown -R  user(帐号):group(组群)  文件或者目录

引用:
<--- Man --->
chown
CHOWN(1) User Commands CHOWN(1)



NAME
chown - change file owner and group

SYNOPSIS
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...

DESCRIPTION
This manual page documents the GNU version of chown. chown changes the
user and/or group ownership of each given file. If only an owner (a
user name or numeric user ID) is given, that user is made the owner of
each given file, and the files' group is not changed. If the owner is
followed by a colon and a group name (or numeric group ID), with no
spaces between them, the group ownership of the files is changed as
well. If a colon but no group name follows the user name, that user is
made the owner of the files and the group of the files is changed to
that user's login group. If the colon and group are given, but the
owner is omitted, only the group of the files is changed; in this case,
chown performs the same function as chgrp. If only a colon is given,
or if the entire operand is empty, neither the owner nor the group is
changed.

OPTIONS
Change the owner and/or group of each FILE to OWNER and/or GROUP. With
--reference, change the owner and group of each FILE to those of RFILE.

-c, --changes
like verbose but report only when a change is made

--dereference
affect the referent of each symbolic link (this is the default),
rather than the symbolic link itself

-h, --no-dereference
affect each symbolic link instead of any referenced file (useful
only on systems that can change the ownership of a symlink)

--from=CURRENT_OWNER:CURRENT_GROUP
change the owner and/or group of each file only if its current
owner and/or group match those specified here. Either may be
omitted, in which case a match is not required for the omitted
attribute.

--no-preserve-root
do not treat `/' specially (the default)

--preserve-root
fail to operate recursively on `/'

-f, --silent, --quiet
suppress most error messages

--reference=RFILE
use RFILE's owner and group rather than specifying OWNER:GROUP
values

-R, --recursive
operate on files and directories recursively

-v, --verbose
output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the
final one takes effect.

-H if a command line argument is a symbolic link to a directory,
traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)

--help display this help and exit

--version
output version information and exit

Owner is unchanged if missing. Group is unchanged if missing, but
changed to login group if implied by a `:' following a symbolic OWNER.
OWNER and GROUP may be numeric as well as symbolic.

EXAMPLES
chown root /u
Change the owner of /u to "root".

chown root:staff /u
Likewise, but also change its group to "staff".

chown -hR root /u
Change the owner of /u and subfiles to "root".

AUTHOR
Written by David MacKenzie and Jim Meyering.

REPORTING BUGS
Report bugs to <bug-coreutils@gnu.org>.

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
chown(2)

The full documentation for chown is maintained as a Texinfo manual. If
the info and chown programs are properly installed at your site, the
command

info coreutils 'chown invocation'

should give you access to the complete manual.



GNU coreutils 6.10 April 2008 CHOWN(1)


页首
 用户资料  
 
13 楼 
 文章标题 :
帖子发表于 : 2008-09-17 18:44 
头像

注册: 2007-05-12 22:48
帖子: 1344
送出感谢: 0 次
接收感谢: 0 次
不好意思,出故障,改正出错,点编辑点到引用囧


页首
 用户资料  
 
14 楼 
 文章标题 : Re: [抛砖引玉]用户,用户组,关于linux的权限.
帖子发表于 : 2009-03-12 4:19 
头像

注册: 2009-01-29 2:18
帖子: 41
地址: 河南省平顶山市
送出感谢: 0 次
接收感谢: 0 次
关注,楼主继续讲讲。


_________________
让复杂的事情变得简单起来。
樱木花盗's Blog http://www.03389.com


页首
 用户资料  
 
15 楼 
 文章标题 : Re: [抛砖引玉]用户,用户组,关于linux的权限.
帖子发表于 : 2009-03-12 9:07 
头像

注册: 2007-04-06 10:24
帖子: 2487
地址: ~/Shanghai
送出感谢: 0 次
接收感谢: 0 次
额~个人意见还是不要这样讲权限的好


_________________
http://silenceisdefeat.com/~greco
代码:
''.join([chr(ord(c)-2) for c in 'O{"G/ockn"ku<"itgeq0ujkBiockn0eqo'])
echo -n "Z3JlY28uc2hpQGdtYWlsLmNvbQ==" | base64 -d


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 17 篇帖子 ]  前往页数 1, 2  下一页

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 5 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译