## Question:
假設現有兩個用戶:姓名_1,姓名_2(以下我們用 用戶1 和 用戶2 描述),用戶1 屬于 部門1,用戶2 屬于 部門2,他們分別只能訪問自己所屬部門的目錄,但可訪問 public 目錄。
## Answer:
linux 權限:ACL > SUID/SGID/SBIT > 屬主/屬組/其他人
### 使用 ACL 進行控制:
root 用戶創建文件夾,去除 other 權限,設置 ACL
```
groupadd department1
groupadd department2
useradd -g department1 name_1
useradd -g department2 name_2
mkdir /departs
mkdir /departs/department1
mkdir /departs/department2
mkdir /departs/public
cd /departs
chmod -R 750 ./*
setfacl -m g:department1:r-x department1
setfacl -m d:g:department1:r-x department1
setfacl -m g:department2:r-x department2
setfacl -m d:g:department2:r-x department2
setfacl -m g:department1:r-x public
setfacl -m d:g:department1:r-x public
setfacl -m g:department2:r-x public
setfacl -m d:g:department2:r-x public
```
### 使用 屬主/屬組/其他人 權限進行控制:
root 創建目錄,去除 other 權限,修改目錄屬組,使同組用戶能進行訪問
```
groupadd department1
groupadd department2
groupadd public
useradd -g department1 -G public name_1
useradd -g department2 -G public name_2
mkdir /departs
mkdir /departs/department1
mkdir /departs/department2
mkdir /departs/public
cd /departs
chmod -R 750 ./*
chgrp department1 department1
chgrp department2 department2
chgrp public public
```
