這是以前沒有的觀念,故在此做個筆記:
Objective: 讓一般user可以控管(新增/刪除)群組的成員
Environment:
law -> g1 group的群組管理員
g1 -> 測試用的group
alex -> 將被law assign到g1 group
/home/g1 -> g1 group的共用目錄,權限為770
Setup1. 將law設定為g1群組管理員:
[root@server3 home]# gpasswd -A law g1
[root@server3 home]# grep law /etc/gshadow
law:!::
g1:!:law:
(可在/etc/gshadow中,每個群組的第三個欄位查詢群組管理員
Setup2. 將alex加讓到g1 group:
[law@server3 ~]$ id alex
uid=502(alex) gid=503(alex) groups=503(alex)
[law@server3 ~]$ gpasswd -a alex g1
Adding user alex to group g1
[law@server3 ~]$ id alex
uid=502(alex) gid=503(alex) groups=503(alex),502(g1)
Setup3. 驗證一下alex可至/home/g1 建立檔案:
[alex@server3 home]$ ls -dl /home/g1/
drwxrwx--- 2 root g1 4096 Oct 21 05:06 /home/g1/
[alex@server3 home]$ cd g1
[alex@server3 g1]$ touch alex
[alex@server3 g1]$ ls -l alex
-rw-rw-r-- 1 alex alex 0 Oct 21 05:13 alex
No comments:
Post a Comment