BSD HACKS摘录(二)
# shutdown now*** FINAL System shutdown message from root@mycompany.com ***System going down IMMEDIATELYDec 11 10:28:07 genisis shutdown: shutdown by root:System shutdown time has arrivedWriting entropy file:.Shutting down daemon processes:.Saving firewall state tables:.Dec 11 10:28:10 genisis syslogd: exiting on signal 15Enter full pathname of shell or RETURN for /bin/sh:#
At the prompt, type:
# /sbin/tunefs -a enable /# /sbin/tunefs -a enable /usr# exit
Things [Hack #54] . Don’t reboot yet; you still need to initialize the extended attributes on each file system.
For example, to initialize extended attributes on the /var filesystem, use
# mkdir -p /var/.attribute/system# cd /var/.attribute/system# extattrctl initattr -p /var 388 posix1e.acl_access# extattrctl initattr -p /var 388 posix1e.acl_default
Okay, you’ve successfully enabled ACLs. Now what? Let’s start by viewing ACLs. Looking at ACLs is simple. Files with ACLs will be designated with a + in the long listing provided by ls -l:
% ls -l acl-test-rw-rw-r–+ 1 rob rob 0 Apr 19 17:27 acl-test
% getfacl acl-test#file:acl-test#owner:1000#group:1000user::rw-user:nobody:rw-group::r–group:wheel:rw-mask::rw-other::r–
The user::, group::, and other:: fields should all be familiar. They are simply the ACL representations of the standard Unix nobody and wheel lines, however, are new. These specify permissions for specific users and groups (in this case, the nobody user and the wheel group) in addition to the normal set of permissions.
The mask field sets maximum permissions, so an r– mask (set with m::r) in combination with an rw- permission for a user will give the user only r– permissions on the file.
The chmod, only the file’s owner or the superuser can use this command. You only need to use a few of its options to start manipulating ACLs.
First, a word on syntax. ACLs are specified just as they’re printed by getfacl. Let’s remove and reconstruct the ACL for acl-test:
% setfacl -b acl-test% setfacl -m user:nobody:rw-,group:wheel:rw- acl-test
The -b option removes all ACLs, except for the standard user, group, and other lines. The -m option modifies the ACL with the specified entry (or comma-separated entries). Entries may also be abbreviated: the code here could have been shortened to u:nobody:rw-,g:wheel:rw-.
You can even use setfacl to modify traditional permissions; setting a user::rw- ACL entry is equivalent to running chmod u=rw on a file.
Removing ACLs is almost identical: setfacl -x u:nobody:rw-,g:wheel:rw- removes that ACL. You can also specify ACLs in files. The -M and -X options perform the functions of their lowercase relatives, but read their entries from a file. Consider the acl-test file again:
% cat test-acl-listu:nobody:rw-# this is a commentg:wheel:rw-% setfacl -X test-acl-list acl-test% getfacl acl-test#file:acl-test#owner:1000#group:1000user::rw-group::r–mask::r–other::r–
