iT邦幫忙

2024 iThome 鐵人賽

DAY 17
0

企鵝的第三天

昨天學了權限設定,今天我們試試看設定不同角色去進入不同權限的位置,已模擬多人使用的場景。

練習目標

  1. 創建用戶和組
  2. 創建具有不同權限的文件和目錄
  3. 嘗試以不同用戶身份訪問這些文件和目錄
  4. 修改權限並觀察結果

步驟和指令

1. 啟動容器&安裝套件

啟動 Ubuntu Docker 容器:

docker run -it ubuntu /bin/bash

安裝身分管理的套件:

apt update
apt install -y adduser passwd

2. 創建用戶和組

# 創建用戶
adduser alice
adduser bob
adduser charlie

# 創建組
groupadd developers
groupadd managers

# 將用戶加入組
usermod -aG developers alice
usermod -aG developers bob
usermod -aG managers charlie

CreateAddUserGroup

2. 創建文件和目錄

# 創建目錄
mkdir /project
mkdir /project/public
mkdir /project/private

# 創建文件
echo "This is a public file" > /project/public/public_file.txt
echo "This is a private file" > /project/private/private_file.txt
echo "This is a confidential file" > /project/private/confidential_file.txt

# 設置初始權限
chmod 755 /project
chmod 755 /project/public
chmod 700 /project/private
chmod 644 /project/public/public_file.txt
chmod 640 /project/private/private_file.txt
chmod 600 /project/private/confidential_file.txt

# 更改所有權
chown root:developers /project
chown root:developers /project/public
chown root:managers /project/private
chown alice:developers /project/public/public_file.txt
chown bob:developers /project/private/private_file.txt
chown charlie:managers /project/private/confidential_file.txt

ChmodChown

3. 測試權限

使用不同的用戶嘗試訪問文件和目錄:

# 切換到 alice 用戶
su - alice

# 嘗試讀取和修改文件
cat /project/public/public_file.txt
echo "Alice was here" >> /project/public/public_file.txt
cat /project/private/private_file.txt
echo "Alice was here" >> /project/private/private_file.txt
cat /project/private/confidential_file.txt

# 切換到 bob 用戶
su - bob

# 嘗試讀取和修改文件
cat /project/public/public_file.txt
echo "Bob was here" >> /project/public/public_file.txt
cat /project/private/private_file.txt
echo "Bob was here" >> /project/private/private_file.txt
cat /project/private/confidential_file.txt

# 切換到 charlie 用戶
su - charlie

# 嘗試讀取和修改文件
cat /project/public/public_file.txt
echo "Charlie was here" >> /project/public/public_file.txt
cat /project/private/private_file.txt
echo "Charlie was here" >> /project/private/private_file.txt
cat /project/private/confidential_file.txt
echo "Charlie was here" >> /project/private/confidential_file.txt

testAccess

4. 修改權限

回到 root 用戶,修改一些權限並再次測試:

# 切換回 root 用戶
exit  # 如果你是 charlie,可能需要執行兩次

# 修改權限
chmod 775 /project/private
chmod 664 /project/private/private_file.txt

# 再次使用不同用戶測試訪問
su - alice
cat /project/private/private_file.txt
echo "Alice accessed private file" >> /project/private/private_file.txt

su - bob
cat /project/private/private_file.txt
echo "Bob accessed private file" >> /project/private/private_file.txt

練習問題

  1. 為什麼 alice 可以讀取 public_file.txt 但不能讀取 private_file.txt?
  2. bob 為什麼可以修改 private_file.txt 但不能修改 confidential_file.txt?
  3. 在修改 /project/private 目錄的權限後,alice 為什麼突然可以訪問 private_file.txt 了?
  4. 如何修改權限,使得 developers 組的所有成員都可以讀取和修改 confidential_file.txt,但 managers 組只能讀取?

小結

學習到一些基本的Lunix權限管控方式,By User、Group、Other去個別設定r(讀)、w(寫)、x(執行),使用上因為不是GUI方式,有一點抽象,但慢慢熟悉!


上一篇
Day16-Linux 基礎入門-2
下一篇
Day18-Linux 基礎入門-4
系列文
從零開始的DevOps猴!30
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言