Yadda ake Saita Lissafin Kulawa da Samun damar (ACLs) da Ƙididdigar Disk don Masu amfani da Ƙungiyoyi

Lissafin Sarrafa Hannu (wanda kuma aka sani da ACLs) siffa ce ta kwaya ta Linux wacce ke ba da damar ayyana ƙarin haƙƙoƙin samun dama ga fayiloli da kundayen adireshi fiye da waɗanda aka kayyade ta izinin ugo/rwx na yau da kullun.

Misali, daidaitattun izini na ugo/rwx baya bada izinin saita izini daban-daban don masu amfani ko ƙungiyoyi daban-daban. Tare da ACLs wannan yana da sauƙin yi, kamar yadda za mu gani a wannan labarin.

Duba Dacewar Tsarin Fayil tare da ACLs

Don tabbatar da cewa tsarin fayilolinku a halin yanzu suna tallafawa ACLs, yakamata ku duba cewa an ɗora su ta amfani da zaɓi na acl. Don yin hakan, za mu yi amfani da tune2fs don tsarin fayilolin ext2/3/4 kamar yadda aka nuna a ƙasa. Sauya/dev/sda1 tare da na'urar ko tsarin fayil da kuke son dubawa:

# tune2fs -l /dev/sda1 | grep "Default mount options:"

Lura: Tare da XFS, ana tallafawa Lissafin Sarrafa Samun shiga daga cikin akwatin.

A cikin tsarin fayil na ext4 mai zuwa, zamu iya ganin cewa an kunna ACLs don /dev/xvda2:

# tune2fs -l /dev/xvda2 | grep "Default mount options:"

Idan umarnin da ke sama bai nuna cewa an ɗora tsarin fayil ɗin tare da goyan bayan ACLs ba, yana iya yiwuwa saboda zaɓi na noacl yana kasancewa a /etc/fstab.

A wannan yanayin, cire shi, cire tsarin fayil ɗin, sa'an nan kuma sake hawa shi, ko kawai sake kunna tsarin ku bayan adana canje-canje zuwa /etc/fstab.

Gabatar da ACLs a cikin Linux

Don kwatanta yadda ACLs ke aiki, za mu yi amfani da rukuni mai suna masu haɓakawa kuma mu ƙara masu amfani da walterwhite da saulgoodman (e, Ni mai Breaking Bad fan!) zuwa gare ta.:

# groupadd developers
# useradd walterwhite
# useradd saulgoodman
# usermod -a -G developers walterwhite
# usermod -a -G developers saulgoodman

Kafin mu ci gaba, bari mu tabbatar da cewa an ƙara masu amfani biyu zuwa rukunin masu haɓakawa:

# id walterwhite
# id saulgoodman

Yanzu bari mu ƙirƙiri jagorar da ake kira gwaji a /mnt, da fayil mai suna acl.txt a ciki (/mnt/test/acl.txt).

Sannan za mu saita mai rukunin ga masu haɓakawa kuma mu canza tsoffin izini na ugo/rwx akai-akai zuwa 770 (don haka ba da izinin karantawa, rubuta, da aiwatar da izini da aka bayar ga mai shi da mai rukunin fayil):

# mkdir /mnt/test
# touch /mnt/test/acl.txt
# chgrp -R developers /mnt/test
# chmod -R 770 /mnt/test

Kamar yadda ake tsammani, zaku iya rubuta zuwa /mnt/test/acl.txt azaman walterwhite ko saulgoodman:

# su - walterwhite
# echo "My name is Walter White" > /mnt/test/acl.txt
# exit
# su - saulgoodman
# echo "My name is Saul Goodman" >> /mnt/test/acl.txt
# exit

Ya zuwa yanzu yana da kyau. Koyaya, ba da daɗewa ba za mu ga matsala lokacin da muke buƙatar ba da damar rubutawa zuwa /mnt/test/acl.txt ga wani mai amfani da ba ya cikin ƙungiyar masu haɓakawa.

Madaidaicin izini na ugo/rwx na buƙatar ƙara sabon mai amfani zuwa rukunin masu haɓakawa, amma hakan zai ba shi/ta izini iri ɗaya akan duk abubuwan mallakar ƙungiyar. Wannan shine daidai inda ACLs ke zuwa da amfani.

Saita ACL a cikin Linux

Akwai nau'ikan ACL guda biyu: samun damar ACLs (waɗanda ake amfani da su zuwa fayil ko kundin adireshi), da tsoho (na zaɓi) ACLs, waɗanda kawai za'a iya amfani da su zuwa kundin adireshi.

Idan fayiloli a cikin kundin adireshi inda aka saita tsoho ACL ba su da ACL na kansu, sun gaji tsoho ACL na littafin iyayensu.

Bari mu ba mai amfani gacanepa karatu da rubuta damar zuwa /mnt/test/acl.txt. Kafin yin haka, bari mu kalli saitunan ACL na yanzu a cikin wannan jagorar tare da:

# getfacl /mnt/test/acl.txt

Sannan canza ACLs akan fayil ɗin, yi amfani da u: sannan sunan mai amfani da :rw don nuna izinin karantawa/rubuta:

# setfacl -m u:gacanepa:rw /mnt/test/acl.txt

Kuma sake kunna getfacl akan fayil ɗin don kwatantawa. Hoton da ke gaba yana nuna Kafin da Bayan:

# getfacl /mnt/test/acl.txt

Na gaba, za mu buƙaci ba wa wasu aiwatar da izini akan littafin /mnt/gwaji:

# chmod +x /mnt/test

Ka tuna cewa don samun damar abubuwan da ke cikin kundin adireshi, mai amfani na yau da kullun yana buƙatar aiwatar da izini akan wannan kundin adireshi.

Mai amfani gacanepa yakamata yanzu ya iya rubutawa zuwa fayil ɗin. Canja zuwa wancan asusun mai amfani kuma aiwatar da umarni mai zuwa don tabbatarwa:

# echo "My name is Gabriel Cánepa" >> /mnt/test/acl.txt

Don saita tsohuwar ACL zuwa kundin adireshi (wanda abinda ke cikinsa zai gaji sai dai idan an sake rubuta shi ba haka ba), ƙara d: kafin ka'ida kuma saka kundin adireshi maimakon sunan fayil:

# setfacl -m d:o:r /mnt/test
# getfacl /mnt/test/

ACL na sama zai ba masu amfani da ba a cikin rukunin masu mallakar damar karanta damar zuwa abubuwan da ke cikin gaba na /mnt/ directory ɗin gwaji. Lura da bambanci a cikin fitarwa na getfacl /mnt/test kafin da bayan canji:

Don cire takamaiman ACL, maye gurbin -m a cikin umarnin da ke sama tare da -x. Misali,

# setfacl -x d:o /mnt/test

A madadin, zaku iya amfani da zaɓin -b don cire DUK ACLs a mataki ɗaya:

# setfacl -b /mnt/test

Don ƙarin bayani da misalai kan amfani da ACLs, da fatan za a koma zuwa babi na 10, sashe na 2, na Jagoran Tsaro na buɗeSUSE (kuma akwai don saukewa ba tare da tsada ba a tsarin PDF).

Saita Ƙididdigar Disk na Linux akan Masu amfani da Tsarin Fayil

Wurin ajiya wani abu ne wanda dole ne a yi amfani da shi a hankali kuma a kula da shi. Don yin hakan, ana iya saita ƙididdiga akan tsarin fayil, ko dai don masu amfani ɗaya ko na ƙungiyoyi.

Don haka, ana sanya iyaka akan amfani da faifai da aka ba da izini ga mai amfani ko takamaiman rukuni, kuma za ku iya tabbata cewa mai amfani mara sakaci (ko maras kyau) ba zai cika faifan ku ba.

Abu na farko da dole ne ku yi don kunna ƙididdiga akan tsarin fayil shine a ɗaga shi tare da usrquota ko grpquota (don masu amfani da ƙimar rukuni, bi da bi) a /etc/fstab.

Misali, bari mu ba da damar ƙimar tushen mai amfani akan /dev/vg00/vol_backups da ƙimar tushen rukuni akan /dev/vg00/vol_projects.

Lura cewa ana amfani da UUID don gano kowane tsarin fayil.

UUID=f6d1eba2-9aed-40ea-99ac-75f4be05c05a /home/projects ext4 defaults,grpquota 0 0
UUID=e1929239-5087-44b1-9396-53e09db6eb9e /home/backups ext4 defaults,usrquota 0 0

Cire kuma sake kunna tsarin fayil guda biyu:

# umount /home/projects
# umount /home/backups
# mount -o remount /home/projects
# mount -o remount /home/backups 

Sannan duba cewa usrquota da grpquota zažužžukan suna nan a cikin fitarwa na dutsen (duba alama a ƙasa):

# mount | grep vg00

A ƙarshe, gudanar da umarni masu zuwa don farawa da kunna ƙididdiga:

# quotacheck -avugc
# quotaon -vu /home/backups
# quotaon -vg /home/projects

Wannan ya ce, bari yanzu mu sanya ƙididdiga ga sunan mai amfani da ƙungiyar da muka ambata a baya. Kuna iya daga baya musaki ƙididdiga tare da ragi.

Kafa Linux Disk Quots

Bari mu fara da saita ACL akan/gida/majiya don mai amfani gacanepa, wanda zai ba shi karantawa, rubuta, da aiwatar da izini akan wannan jagorar:

# setfacl -m u:gacanepa:rwx /home/backups/

Sannan tare da,

# edquota -u gacanepa

Za mu yi iyaka mai laushi = 900 da iyaka mai wuya = 1000 tubalan (1024 bytes/block * 1000 blocks = 1024000 bytes = 1 MB) na amfani da sararin samaniya.

Hakanan zamu iya sanya iyaka na 20 da 25 azaman iyakoki masu taushi da wahala akan adadin fayilolin da wannan mai amfani zai iya ƙirƙirar.

Umurnin da ke sama zai ƙaddamar da editan rubutu ($EDITOR) tare da fayil na wucin gadi inda za mu iya saita iyakokin da aka ambata a baya:

Waɗannan saitunan zasu sa a nuna gargaɗi ga gacanepa mai amfani lokacin da ko dai ya kai iyakacin 900-block ko 20-inode don tsayayyen lokacin alheri na kwanaki 7.

Idan ba a kawar da halin da ake ciki fiye da kima ba a lokacin (misali, ta hanyar cire fayiloli), iyaka mai laushi zai zama iyaka mai wuya kuma wannan mai amfani za a hana shi yin amfani da ƙarin sararin ajiya ko ƙirƙirar ƙarin fayiloli.

Don gwadawa, bari mu sa mai amfani gacanepa yayi ƙoƙarin ƙirƙirar fayil ɗin fanko na 2 MB mai suna test1 a ciki/gida/majigi:

# dd if=/dev/zero of=/home/backups/test1 bs=2M count=1
# ls -lh /home/backups/test1

Kamar yadda kake gani, fayil ɗin aikin rubutawa ya gaza saboda ƙimar faifai da aka wuce. Tun da kawai 1000 KB na farko da aka rubuta zuwa faifai, sakamakon a cikin wannan yanayin zai fi yiwuwa ya zama fayil mara kyau.

Hakazalika, zaku iya ƙirƙirar ACL don ƙungiyoyin masu haɓakawa don baiwa membobin waccan rukunin rwx damar zuwa/gida/ayyuka:

# setfacl -m g:developers:rwx /home/projects/

Kuma saita iyakoki da:

# edquota -g developers

Kamar yadda muka yi da mai amfani gacanepa a baya.

Za a iya ƙayyade lokacin alheri na kowane adadin daƙiƙa, mintuna, sa'o'i, kwanaki, makonni, ko watanni ta aiwatarwa.

# edquota -t

da sabunta ƙima a ƙarƙashin lokacin alherin Block da lokacin alherin Inode.

Sabanin toshewa ko rashin amfani (wanda aka saita akan mai amfani ko rukuni-rukuni), an saita lokacin alheri a faɗin tsarin.

Don ba da rahoton ƙididdiga, za ku iya amfani da keɓaɓɓun -u [mai amfani] ko quota -g [group] don jerin sauri ko repquota -v [/path/to /filesystem]don ƙarin cikakkun bayanai (verbose) da ingantaccen rahoton da aka tsara.

Tabbas, kuna son maye gurbin [mai amfani] , [group] , da [/path/to/filesystem] tare da takamaiman mai amfani/sunayen rukuni da tsarin fayil da kake son dubawa.

Takaitawa

A cikin wannan labarin mun yi bayanin yadda ake saita Lissafin Kula da Mahimmanci da ƙimar faifai don masu amfani da ƙungiyoyi. Amfani da duka biyun, zaku sami damar sarrafa izini da amfani da faifai yadda ya kamata.

Idan kuna son ƙarin koyo game da ƙididdiga, kuna iya komawa zuwa Quota Mini-HowTo a cikin Ayyukan Takardun Takardun Linux.

Ba lallai ba ne a faɗi, kuna iya dogaro da mu don amsa tambayoyi. Kawai ƙaddamar da su ta amfani da fom ɗin sharhi da ke ƙasa kuma za mu yi farin ciki da kallon kallo.