## Question:
假设现有两个用户:姓名_1,姓名_2(以下我们用 用户1 和 用户2 描述),用户1 属于 部门1,用户2 属于 部门2,他们分别只能访问自己所属部门的目录,但可访问 public 目录。
## Answer:
linux 权限:ACL > SUID/SGID/SBIT > 属主/属组/其他人
### 使用 ACL 进行控制:
root 用户创建文件夹,去除 other 权限,设置 ACL
```
groupadd department1
groupadd department2
useradd -g department1 name_1
useradd -g department2 name_2
mkdir /departs
mkdir /departs/department1
mkdir /departs/department2
mkdir /departs/public
cd /departs
chmod -R 750 ./*
setfacl -m g:department1:r-x department1
setfacl -m d:g:department1:r-x department1
setfacl -m g:department2:r-x department2
setfacl -m d:g:department2:r-x department2
setfacl -m g:department1:r-x public
setfacl -m d:g:department1:r-x public
setfacl -m g:department2:r-x public
setfacl -m d:g:department2:r-x public
```
### 使用 属主/属组/其他人 权限进行控制:
root 创建目录,去除 other 权限,修改目录属组,使同组用户能进行访问
```
groupadd department1
groupadd department2
groupadd public
useradd -g department1 -G public name_1
useradd -g department2 -G public name_2
mkdir /departs
mkdir /departs/department1
mkdir /departs/department2
mkdir /departs/public
cd /departs
chmod -R 750 ./*
chgrp department1 department1
chgrp department2 department2
chgrp public public
```
