<br>计算机爱好者<br>云计算<br>云存储<br>网络技术<br>非洲酋长<br>可爱的胖子<br>十年攻城狮

    acl

    [busuanzi]
    字数统计: 387字   |   阅读时长≈ 2分

    相关

    http://www.manongjc.com/detail/28-ilmhnafpdkkkqiu.html

    usage

    1
    acl filepath

    作用,给某个文件附加调用者的rwx权限

    acl

    • acl权限查看 getfacl
    • acl权限设置 setfacl
      1
      2
      3
      4
      5
      6
      7
      8
      ygh@ygh:~/code/test$ getfacl /dev/bus/usb/001/003 
      getfacl: 从绝对路径名尾部去除" / "字符。
      # file: dev/bus/usb/001/003
      # owner: root
      # group: root
      user::rw-
      group::rw-
      other::r--

    acl系列函数

    classDiagram
class acl_t{
    +acl_get_file()
    +acl_get_entry()
    +acl_create_entry()
    +acl_delete_entry()
    +acl_calc_mask()
}

acl_t o-- acl_entry_t
class acl_entry_t{
    +acl_get_permset()
}

acl_entry_t o-- acl_permset_t
class acl_permset_t{
    +acl_add_perm()
}

    • 通过super权限,以root用户启动程序,对其他用户进行操作提权

    • 通过 acl 获取 对应uid的entry

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      static acl_entry_t acl_get_entry_by_user(acl_t acl, acl_entry_t entry, uid_t uid)
      {
      	acl_entry_t next_entry;
      	acl_permset_t permset;
      	uid_t entry_uid;

      	if (acl_get_tag_type(entry, &entry_uid) != 0)
      		return (acl_entry_t)0;
      	if (entry_uid == uid)
      		return entry;
      	if (acl_get_permset(entry, &permset) != 0)
      		return (acl_entry_t)0;
      	if (acl_get_entry(acl, ACL_NEXT_ENTRY, &next_entry) != 0)
      		return (acl_entry_t)0;
      	return acl_get_entry_by_user(acl, next_entry, uid);
      }

      static acl_entry_t acl_get_entry_by_acl_user(acl_t acl, uid_t uid)
      {
      	acl_entry_t entry;

      	if (acl_get_entry(acl, ACL_FIRST_ENTRY, &entry) != 0)
      		return (acl_entry_t)0;
      	return acl_get_entry_by_user(acl, entry, uid);
      }

    • 给对应uid增加 7权限 rwx

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      26
      27
      28
      29
      30
      31
      32
      33
      34
      35
      36
      37
      38
      39
      40
      41
      42
      43
      44
      45
      46
      47
      48
      49
      50
      static int set_facl(const char* filename, uid_t uid)
      {
          acl_t acl;
          acl_entry_t entry = NULL;
          acl_permset_t permset;
          int ret;

          /* don't touch ACLs for root */
          if (uid == 0){
      	    printf("uid 0 no need to set facl\n");
              return 0;
          }

          /* read current record */
          acl = acl_get_file(filename, ACL_TYPE_ACCESS);
          if (!acl){
      	    printf("acl get file failed\n");
              return -1;
          }

      	entry = acl_get_entry_by_acl_user(acl, uid);

      	if (!entry){
      		ret = acl_create_entry(&acl, &entry);
      		printf("acl create entry\n");
      		if (ret == 0){
      			acl_set_tag_type(entry, ACL_USER);
      			acl_set_qualifier(entry, &uid);
      		}else{
      			acl_free(acl);
      			printf("acl create entry failed\n");
      			return -1;
      		}
      	}

          /* add permissions for uid */
          acl_get_permset(entry, &permset);
          acl_add_perm(permset, ACL_READ|ACL_WRITE|ACL_EXECUTE);
          /* update record */
          acl_calc_mask(&acl);
          ret = acl_set_file(filename, ACL_TYPE_ACCESS, acl);
          if (ret != 0){
      	    printf("error to set ret:%d\n", ret);
      		acl_free(acl);
      		return -1;
          }

          acl_free(acl);
          return 0;
      }