Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/bash/18.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Linux 现有会话不遵守对组成员身份的更改_Linux_Bash_Ubuntu_Permissions - Fatal编程技术网
Fatal编程技术网
  • linux/
  • Linux 现有会话不遵守对组成员身份的更改

Linux 现有会话不遵守对组成员身份的更改

linux bash ubuntu permissions

Linux 现有会话不遵守对组成员身份的更改,linux,bash,ubuntu,permissions,Linux,Bash,Ubuntu,Permissions,我在Linux权限和组成员资格方面遇到了一个奇怪的行为,这让我抓狂。情况如下: 我有两个用户:爱丽丝和鲍勃 alice@KAL:~$ id alice uid=3000(alice) gid=3000(alice) groups=3000(alice) alice@KAL:~$ id bob uid=3001(bob) gid=3001(bob) groups=3001(bob) 在alice的主目录中,有一个子目录,我想授予bob写权限 (as alice) alice@KAL:~$ mk

我在Linux权限和组成员资格方面遇到了一个奇怪的行为,这让我抓狂。情况如下:

  • 我有两个用户:爱丽丝和鲍勃

    alice@KAL:~$ id alice
uid=3000(alice) gid=3000(alice) groups=3000(alice)
alice@KAL:~$ id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob)
  • 在alice的主目录中,有一个子目录,我想授予bob写权限

    (as alice)
alice@KAL:~$ mkdir shared
alice@KAL:~$ chmod g+w shared
alice@KAL:~$ ls -l
total 4
drwxrwxr-x 2 alice alice 4096 2012-05-15 23:56 shared
  • 我将组alice(gid=3000)添加为bob的第二组之一

    (as root)
root@KAL:~# id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob)
root@KAL:~# usermod -G 3000 bob
root@KAL:~# id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob),3000(alice)
  • 我打开一个新的终端,以bob的身份运行,并在alice的主目录中测试我的权限

    (initially as kp, su'ing as bob)
kp@KAL:~$ sudo su bob
bob@KAL:/home/kp$ cd /home/alice
bob@KAL:/home/alice$ ls -l
total 4
drwxrwxr-x 2 alice alice 4096 2012-05-15 23:56 shared
bob@KAL:/home/alice$ touch test
touch: cannot touch `test': Permission denied    <-- fails as expected
bob@KAL:/home/alice$ cd shared
bob@KAL:/home/alice/shared$ touch test     <-- succeeds as expected
bob@KAL:/home/alice/shared$ ls -l
total 0
-rw-r--r-- 1 bob bob 0 2012-05-16 00:02 test
  • 现在,回到我被称为bob的终端,很明显,会员资格撤销是被认可的,但没有得到尊重

    (as bob)
bob@KAL:/home/alice/shared$ id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob)   <-- group 3000 no longer secondary group
bob@KAL:/home/alice/shared$ touch test2        <-- should fail
bob@KAL:/home/alice/shared$ ls -l
total 0
-rw-r--r-- 1 bob bob 0 2012-05-16 00:02 test
-rw-r--r-- 1 bob bob 0 2012-05-16 00:20 test2
bob@KAL:/home/alice/shared$ rm test            <-- this should also fail
bob@KAL:/home/alice/shared$ ls -l
total 0
-rw-r--r-- 1 bob bob 0 2012-05-16 00:20 test2

    (as bob)
bob@KAL:/home/alice/shared$ exit
exit
kp@KAL:~$ sudo su bob
bob@KAL:/home/kp$ cd /home/alice/shared
bob@KAL:/home/alice/shared$ ls -l
total 0
-rw-r--r-- 1 bob bob 0 2012-05-16 00:20 test2
bob@KAL:/home/alice/shared$ touch test3
touch: cannot touch `test3': Permission denied   <-- now fails as expected
bob@KAL:/home/alice/shared$ id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob)
bob@KAL:/home/alice/shared$ 

    (作为bob)
bob@KAL:/home/alice/shared$id bob

    uid=3001(bob)gid=3001(bob)groups=3001(bob)组成员身份在会话期间持续存在,因为它们应用于进程,即您当前的shell。
    是的,它们在(登录)shell开始时确定。因此,您(或Bob或Alice)要么退出并再次登录,要么在当前shell上生成一个登录shell:
    su-Bob
    

    (as bob)
bob@KAL:/home/alice/shared$ exit
exit
kp@KAL:~$ sudo su bob
bob@KAL:/home/kp$ cd /home/alice/shared
bob@KAL:/home/alice/shared$ ls -l
total 0
-rw-r--r-- 1 bob bob 0 2012-05-16 00:20 test2
bob@KAL:/home/alice/shared$ touch test3
touch: cannot touch `test3': Permission denied   <-- now fails as expected
bob@KAL:/home/alice/shared$ id bob
uid=3001(bob) gid=3001(bob) groups=3001(bob)
bob@KAL:/home/alice/shared$