7.4facl及while和until循环

时间 2019-11-17

标签 7.4facl facl 循环繁體版

原文原文链接

NAME
sleep - delay for a specified amount of time 延迟指定的秒数docker

SYNOPSIS
sleep NUMBER[SUFFIX]...
sleep OPTIONshell

DESCRIPTION
Pause for NUMBER seconds. SUFFIX may be ‘s’ for seconds (the
default), ‘m’ for minutes, ‘h’ for hours or ‘d’ for days.
crontab任务在关机状态下任务是不执行的，且开机后不在时间点上也是不执行的编程

anacron: crontab的补充机制
检查有没有过去一个有效周期不曾执行的任务，若是有，在开机后的指定时间点执行一次；安全

    总结：
        任务计划：
            一次性：at, batch
            周期性：cronbash

        cron:
            PATH环境变量
            任务时间格式
            app

facl: file acl
acl: access control listless

chown: 普通用户可否改变文件的属主属组？不行
chmod: 普通用户是否有权限使用？有测试

openstack用户，docker（读写）ui

经过facl机制，普通用户能够单独向某用户或某组设定对某文件访问权限；不经过修改属主或属组来实现的。this

    文件系统：
        ext: extended
            ext2, ext3, ext4,
            xfs（单个文件无边界）

NAME
       lsattr - list file attributes on a Linux second extended file system
         列出文件系统扩展的属性主要对 ext的扩展
SYNOPSIS
       lsattr [ -RVadv ] [ files... ]

DESCRIPTION
       lsattr lists the file attributes on a second extended file system.
       See chattr(1) for a description of the attributes and what they
       mean.
[root@root ~]#lsattr test
-------------e- test   有e显示表示支持扩展格式
NAME
       chattr - change file attributes on a Linux file system
         改变Linux文件系统属性
SYNOPSIS
       chattr [ -RVf ] [ -v version ] [ mode ] files...

DESCRIPTION
chattr changes the file attributes on a Linux file system.

       The format of a symbolic mode is +-=[acdeijstuADST].
             这个格式向这种模式
       The operator ‘+’ causes the selected attributes to be added to the
       existing attributes of the files; ‘-’ causes them to be removed;
       and ‘=’ causes them to be the only attributes that the files have.
       a：只能往里面追加内容 c:压缩的格式 d：标记为还没有备份
       e:扩展格式 i：不能变 j:设置数据日志 s:安全删除
       t:不在尾部执行合并 u：不可删除 A：不更新访问时间戳 D：同步目录更新
       S:同步更新，文件更新 T:把目录设置为等级目录结构
       The letters ‘acdeijstuADST’ select the new attributes for the
       files: append only (a), compressed (c), no dump (d), extent format
       (e), immutable (i), data journalling (j), secure deletion (s), no
       tail-merging (t), undeletable (u), no atime updates (A), syn-
       chronous directory updates (D), synchronous updates (S), and top
       of directory hierarchy (T).

       The following attributes are read-only, and may be listed by
       lsattr(1) but not modified by chattr: huge file (h), compression
       error (E), indexed directory (I), compression raw access (X), and
       compressed dirty file (Z).

        lsattr, chattr
            i 不能改变文件内容
            u 不能删除文件
            A 不更新访问时间戳

    facl:
        让普通用户透过文件的扩展属性，为其添加额外的用户访问受权机制而无须改
        变其属主、属组，也不用更改other的权限；

        getfacl
        NAME
       getfacl - get file access control lists
          获得文件的访问控制列表
        [root@root ~]#getfacl test
        # file: test
        # owner: root
        # group: root
        user::rw-
        group::r--
        other::r--

        setfacl {-m|-x} 目标:MODE FILE...
        NAME
       setfacl - set file access control lists
                设置文件访问控制列表
        SYNOPSIS
               setfacl [-bkndRLPvh] [{-m|-x} acl_spec] [{-M|-X} acl_file] file
               ...

               setfacl --restore=file

        DESCRIPTION
               This utility sets Access Control Lists (ACLs) of files and direc-
               tories.   On the command line, a sequence of commands is followed
               by a sequence of files (which in turn can be followed by another
               sequence of commands, ...).
        The -m (--modify) and -M (--modify-file) options modify the ACL of
       a file or directory. ACL entries for this operation must include
       permissions. 修改属性

   The -x (--remove) and -X (--remove-file) options remove ACL
   entries. It is not an error to remove an entry which does not
   exist. Only ACL entries without the perms field are accepted as
   parameters, unless POSIXLY_CORRECT is defined. 移除属性
            -m u:USERNAME:MODE
            -m g:GROUPNAME:MODE

-x u:USERNAME
-x g:GROUPNAME

-R: 递归
[openstack@root ~]$getfacl hello
# file: hello
# owner: openstack
# group: openstack
user::r--
group::rw-
other::rw-

[openstack@root ~]$ls -l
total 0
-r--rw-rw-. 1 openstack openstack 0 Dec 29 20:34 hello
[openstack@root ~]$chmod o= hello
[openstack@root ~]$ls hello -l
-r--rw----. 1 openstack openstack 0 Dec 29 20:34 hello
[openstack@root ~]$setfacl -m u:freebsd:rw hello
[openstack@root ~]$getfacl hello
# file: hello
# owner: openstack
# group: openstack
user::r--
user:freebsd:rw-
group::rw-
mask::rw-
other::---
[openstack@root ~]$ls -l
total 4
-r--rw----+ 1 openstack openstack 0 Dec 29 20:34 hello . -> +号了
[openstack@root ~]$setfacl -x u:freebsd hello
[openstack@root ~]$getfacl hello
# file: hello
# owner: openstack
# group: openstack
user::r--
group::rw-
mask::rw-
other::---
访问文件的过程：先检查进程运行者用户是否是文件的属主，若是是，属主权限生效，不然，则检查
有没有跟此用户相关的用户访问控制列表，若是有，用户访问控制列表生效，不然，则检查进程的属组
所属的组其中之一是否是和文件属组有一个相同，若是有应用属组权限，不然，检查访问控制列表中的
属组，若是有，应用访问控制列表，不然其余用户来访问
属主的访问权限是高于基于用户的访问控制列表，属组的访问权限也是高于基于属组的访问控制列表

        启用facl以后权限应用模型：
            属主：匹配则应用
            用户级别的facl: 匹配则应用
            属组：匹配则应用
            组级别的facl:
            其它

bash编程之循环：
    顺序
    选择：if
    循环：for

另外一种循环：while 和 until
for i in {1..100}; do

done

while适用于循环次数未知，或不便用for直接生成较大的列表时；

        while 测试条件; do
            循环体
        done

如测试结果为“真”，则进入循环；退出条件为，测试条件为假；

            declare -i count=1
            while $count <= 1000; do
                循环体
                let count++
            done

        until 测试条件; do
            循环体
        done

若是测试结果为“假”，则进入循环；退出条件为，测试条件为真；

练习：求100之内全部正整数之和

            #!/bin/bash
            #
            declare -i count=1
            declare -i sum=0

            until [ $count -gt 100 ]; do
                let sum+=$count
                let count++
            done

echo $sum

            #!/bin/bash
            #
            declare -i count=1
            declare -i sum=0

            while [ $count -le 100 ]; do
                let sum+=$count
                let count++
            done

echo $sum

练习：求100之内全部偶数之和；要求使用取模方法；

            #!/bin/bash
            #
            declare -i counter=1
            declare -i sum=0

            while [ $counter -le 100 ]; do
                if [ $[$counter%2] -eq 0 ]; then
                    let sum+=$counter
                fi
                let counter++
            done

echo $sum

            #!/bin/bash
            #
            declare -i counter=1
            declare -i sum=0

            while [ $counter -le 100 ]; do
                [ $[$counter%2] -eq 0 ] && let sum+=$counter
                let counter++
            done

echo $sum

            请用until实现上述过程；
            [root@root scripts]#./evensum.sh
            The sum is 2550.
            The sum1 is 2500.
            The sum add sum1 is 5050.
            [root@root scripts]#cat evensum.sh
            #!/bin/bash
            #
            declare -i num=1
            declare -i sum=0
            declare -i sum1=0

            until [ $num -gt 100 ]
            do
            #     sum=$[$sum+$num]
            #     let num++
                [ $[$num%2] -eq 0 ] && sum=$[$sum+$num] || sum1=$[$sum1+$num]
                let num++
            done

            echo "The sum is $sum."
            echo "The sum1 is $sum1."
            echo "The sum add sum1 is $[$sum+$sum1]."

练习：提示用户输入一个用户名，若是用户存在，就显示用户的ID号和shell；不然显示用户不存在；
显示完成以后不退出，再次重复前面的操做，直到用户输入q或quit为止；

read -p "Plz enter a username: " userName

              while [ "$userName" != 'q' -a "$userName" != 'quit' ]; do
                    if id $userName &> /dev/null; then
                        grep "^$userName\>" /etc/passwd | cut -d: -f3,7
                    else
                          echo "No such user."
                    fi

read -p "Plz enter a username again: " userName
done

请用until实现上述过程；

read -p "Plz input user name:" username

until [ "$username" == "q" -o "$username" == "quit" ];do if ! id "$username" &> /dev/null;then echo "$username not exists." else grep "$username" /etc/passwd |cut -d: -f1,7 fi read -p "Plz input user name:" username done