-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add content src/site/notes/OperatingSystem/Linux/FileSystem/为普通用户增加指定…
…文件夹的RW权限.md
- Loading branch information
1 parent
3cfda21
commit 3e235d5
Showing
1 changed file
with
202 additions
and
0 deletions.
There are no files selected for viewing
202 changes: 202 additions & 0 deletions
202
src/site/notes/OperatingSystem/Linux/FileSystem/为普通用户增加指定文件夹的RW权限.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,202 @@ | ||
| --- | ||
| {"dg-publish":true,"permalink":"/OperatingSystem/Linux/FileSystem/为普通用户增加指定文件夹的RW权限/","noteIcon":"3"} | ||
| --- | ||
|
|
||
| #acl | ||
| 不一定需要将 /etc/apt 文件夹的所有者更改为 HwHiAiUser,可以通过其他方式增加权限,具体方法取决于你的需求和安全策略。以下是几种常见方式: | ||
|
|
||
|
|
||
|
|
||
| **方法 1:赋予组权限** | ||
|
|
||
|
|
||
|
|
||
| 将 HwHiAiUser 添加到一个组,并为该组赋予 /etc/apt 文件夹的读写权限。 | ||
|
|
||
|
|
||
|
|
||
| **Dockerfile 示例** | ||
|
|
||
|
|
||
|
|
||
| # 切换到 root 用户 | ||
|
|
||
| USER root | ||
|
|
||
|
|
||
|
|
||
| # 添加 HwHiAiUser 到 apt 管理组(例如,aptadmin) | ||
|
|
||
| RUN groupadd aptadmin && usermod -aG aptadmin HwHiAiUser | ||
|
|
||
|
|
||
|
|
||
| # 设置 /etc/apt 的组为 aptadmin,并为组赋予读写权限 | ||
|
|
||
| RUN chgrp -R aptadmin /etc/apt && chmod -R g+rw /etc/apt | ||
|
|
||
|
|
||
|
|
||
| # 切换到 HwHiAiUser | ||
|
|
||
| USER HwHiAiUser | ||
|
|
||
|
|
||
|
|
||
| **解释** | ||
|
|
||
|
|
||
|
|
||
| • groupadd aptadmin:创建新组 aptadmin。 | ||
|
|
||
| • usermod -aG aptadmin HwHiAiUser:将 HwHiAiUser 添加到组 aptadmin。 | ||
|
|
||
| • chgrp -R aptadmin /etc/apt:将 /etc/apt 的组更改为 aptadmin。 | ||
|
|
||
| • chmod -R g+rw /etc/apt:为组赋予读写权限。 | ||
|
|
||
|
|
||
|
|
||
| 这样,HwHiAiUser 作为组成员可以访问 /etc/apt,但文件所有者仍为 root。 | ||
|
|
||
|
|
||
|
|
||
| **方法 2:仅增加 ACL 权限** | ||
|
|
||
|
|
||
|
|
||
| 如果系统支持 ACL(Access Control Lists),可以为 HwHiAiUser 单独增加访问权限,而无需更改所有者或组。 | ||
|
|
||
|
|
||
|
|
||
| **Dockerfile 示例** | ||
|
|
||
|
|
||
|
|
||
| # 切换到 root 用户 | ||
|
|
||
| USER root | ||
|
|
||
|
|
||
|
|
||
| # 为 HwHiAiUser 增加 ACL 权限 | ||
|
|
||
| RUN apt-get update && apt-get install -y acl && \ | ||
|
|
||
| setfacl -R -m u:HwHiAiUser:rw /etc/apt | ||
|
|
||
|
|
||
|
|
||
| # 切换到 HwHiAiUser | ||
|
|
||
| USER HwHiAiUser | ||
|
|
||
|
|
||
|
|
||
| **解释** | ||
|
|
||
|
|
||
|
|
||
| • setfacl -R -m u:HwHiAiUser:rw /etc/apt:递归赋予 HwHiAiUser 用户对 /etc/apt 的读写权限。 | ||
|
|
||
| • ACL 方式不会更改文件的所有者或组,仅扩展权限。 | ||
|
|
||
|
|
||
|
|
||
| **方法 3:赋予其他用户临时访问权限** | ||
|
|
||
|
|
||
|
|
||
| 如果不需要持久性更改,可以使用 sudo(需要确保容器内支持 sudo)。 | ||
|
|
||
|
|
||
|
|
||
| **Dockerfile 示例** | ||
|
|
||
|
|
||
|
|
||
| 无需更改文件夹权限,用户可以在需要时通过 sudo 执行操作: | ||
|
|
||
|
|
||
|
|
||
| # 切换到 root 用户 | ||
|
|
||
| USER root | ||
|
|
||
|
|
||
|
|
||
| # 安装 sudo 并为 HwHiAiUser 配置权限 | ||
|
|
||
| RUN apt-get update && apt-get install -y sudo && \ | ||
|
|
||
| echo "HwHiAiUser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers | ||
|
|
||
|
|
||
|
|
||
| # 切换到 HwHiAiUser | ||
|
|
||
| USER HwHiAiUser | ||
|
|
||
|
|
||
|
|
||
| **运行时示例** | ||
|
|
||
|
|
||
|
|
||
| 进入容器后,执行需要的命令: | ||
|
|
||
|
|
||
|
|
||
| sudo nano /etc/apt/sources.list | ||
|
|
||
|
|
||
|
|
||
| **方法 4:直接设置权限** | ||
|
|
||
|
|
||
|
|
||
| 在不更改所有者或组的情况下,可以直接赋予其他用户访问权限: | ||
|
|
||
|
|
||
|
|
||
| # 切换到 root 用户 | ||
|
|
||
| USER root | ||
|
|
||
|
|
||
|
|
||
| # 增加 /etc/apt 的其他用户访问权限 | ||
|
|
||
| RUN chmod -R o+rw /etc/apt | ||
|
|
||
|
|
||
|
|
||
| # 切换到 HwHiAiUser | ||
|
|
||
| USER HwHiAiUser | ||
|
|
||
|
|
||
|
|
||
| **注意** | ||
|
|
||
|
|
||
|
|
||
| • chmod -R o+rw 赋予其他用户读写权限,这种方式最简单但最不安全,不建议在生产环境中使用。 | ||
|
|
||
|
|
||
|
|
||
| **总结** | ||
|
|
||
|
|
||
|
|
||
| • **更改所有者 (**chown**)**:适合确保用户完全控制文件。 | ||
|
|
||
| • **赋予组权限 (**chgrp **和** chmod**)**:推荐方式,安全性较高,灵活。 | ||
|
|
||
| • **使用 ACL (**setfacl**)**:适合精细化权限管理。 | ||
|
|
||
| • **使用 sudo**:适合临时权限需求,无需修改文件夹权限。 | ||
|
|
||
|
|
||
|
|
||
| 根据实际需求选择合适的方案,确保功能和安全性的平衡。 |