我正在尝试使用 ACL 在用户之间设置服务器上的权限。当我使用 检查目录之一的状态时getfacl dir10,它显示:
root@svn:/srv/resources/somedir# getfacl dir10
# file: dir10
# owner: root
# group: mygroup
# flags: -s-
这些标志是什么意思?我怎样才能改变它们?
答案1
从man getfacl:
The output format of getfacl is as follows:
1: # file: somedir/
2: # owner: lisa
3: # group: staff
4: # flags: -s-
[...]
Line 4 indicates the setuid (s), setgid (s), and sticky (t) bits:
either the letter representing the bit, or else a dash (-).
This line is included if any of those bits is set and left out
otherwise, so it will not be shown for most files. (See
CONFORMANCE TO POSIX 1003.1e DRAFT STANDARD 17 below.)
设置这些值,请参阅man setfacl:
--restore=file
Restore a permission backup created by `getfacl -R' or similar.
All permissions of a complete directory subtree are restored using
this mechanism. If the input contains owner comments or group
comments, setfacl attempts to restore the owner and owning group. If
the input contains flags comments (which define the setuid, setgid,
and sticky bits), setfacl sets those three bits accordingly;
otherwise, it clears them. This option cannot be mixed with
other options except `--test'.
答案2
@umläute 关于该标志的含义是完全正确的。但是,要摆脱它,-s-您需要将其从UNIX权限中删除。
IE
chmod g-s ./dir10
唯一--restore=file的将权限恢复到上一个级别(这可能会删除 setgid,也可能不会。)而且我认为它不适用于目录,仅适用于文件。