setfacl 的问题

stock99

请问一下, 为什么D 不能disable user \'test1\' from reading /etc/passwd ?  不是也把other 设为---了吗?\r\n\r\nGiven:\r\n# logins -l test1\r\ntest1 1001 other 1\r\n# logins -l root\r\nroot 0 root 0 Super-User\r\n# ls -l /etc/passwd\r\n-rw-r--r-- 1 root sys 726 Jan 25 16:56 /etc/passwd\r\nWhich two commands disable test1 from reading /etc/passwd? (Choose two.)\r\nA. #setfacl -m g::---,o:---,m:r-- /etc/passwd\r\nB. #setfacl -m u:test1:rwx,g::r--,o:r--,m:r-- /etc/passwd\r\nC. #setfacl -m u:test1:rwx,g::---,o:r--,m:r-- /etc/passwd\r\nD. #setfacl -m u:test1:rwx,g::r--,o:---,m:r-- /etc/passwd\r\nE. #setfacl -m u:test1:rwx,g::r--,o:r--,m:--- /etc/passwd\r\nAnswer: AE

waily

仔细看书的话应该可以知道答案

stock99

ok.. i got it...\r\n\r\nBCD still allow user allow test1 to read because m:r--\r\n\r\nTest1 can still read because \"u:test1:rwx\" is specified. \r\n\r\nA is correct because no \"u:test1:rwx\" specified.\r\nE is correct because m:--- supress all permission (except owner which is root).