由网友(How to stay如何挽留)分享简介：目前，我们正在研究该项目具有涉及自由前端开发。因为我们从来没有使用过他之前，我们都在寻找一种方式来限制他进入我们的服务器和文件，但在同一时间让他修改视图文件，目前这些服务器上。Currently, the project we are working on has a freelance front-end deve...

目前，我们正在研究该项目具有涉及自由前端开发。因为我们从来没有使用过他之前，我们都在寻找一种方式来限制他进入我们的服务器和文件，但在同一时间让他修改视图文件，目前这些服务器上。

Currently, the project we are working on has a freelance front-end developer involved. As we have never used him before we are looking for a way to limit his access to our servers and files but at the same time let him modify the view files currently on these servers.

目前的项目（全部在一台服务器上）被区域化到6个独立微型站点，全部采用MVC结构。

The current project (all on one server) is compartmentalised into 6 separate mini sites, all using an MVC structure.

例如。

迷你网站1 - 楷模 - 浏览 - 控制器

Mini Site 1 -- Models -- Views -- Controllers

迷你网站2 - 楷模 - 浏览 - 控制器

Mini Site 2 -- Models -- Views -- Controllers

等

我们需要限制他的访问每个视图文件夹中的每个项目，但仅此而已。

We need to limit his access to each view folder for each project but nothing else.

我们正在使用亚马逊的EC2和使用安全组以有限的IP范围。我们无法允许他使用FTP，因为打开我们到更多的潜在问题。

We are using Amazon EC2 and are using security groups with a limited IP range. We are unable to allow him to use FTP because that opens us up to more potential issues.

此外，我们已经看过的文件和组权限，但我们有成千上万的文件中独此服务器上。

Also we have looked at file and group permissions but we have thousands of files on this server alone.

在如何能够用尽可能少占用地实现，所以一旦他离开，我们可以消除他的访问和恢复的设置等任何想法？

Any ideas on how this can be achieved with as little footprint as possible, so once he leaves we can remove his access and revert the settings etc.?

推荐答案

您可以使用chmod。我假设你的普通用户可以随意须藤和修改文件？或者，他们以小组为基础？这里有两种方法，你可以选择从。

You could use chmod. I assume that your normal users can sudo and modify files at will? Or are they group based? Here are the two approaches you can pick from.

方法一：

如果你的普通员工/用户可以使用sudo，你可以CHOWN都使他们的所有者是root和新组做CHOWN -R根称为程序员的文件夹：程序员的/ var / WWW / DIR /这将使得DIR一切都在它通过根和组程序员所拥有。然后，你会做CHOWN -R 744 /无功/网络/ DIR /。这样root用户拥有R / W / X上的目录和权限中的所有文件夹（即7），这将使用户在程序员组将只读取权限（4），而所有其他用户会具有只读权限（最后4）。

If your normal employees/users can use sudo, you can chown all the folders so they are owned by root and a new group called programmers by doing chown -R root:programmers /var/www/dir/ This will make dir and everything in it owned by root and the group programmers. Then you would do chown -R 744 /var/www/dir/ . This will make it so that the root user has R/W/X permissions on dir and all folders in it (that is the 7), users in the programmers group would have Read only permissions (the 4), and all other users would have Read only permissions (the last 4).

您会从那里经过的路径，你会希望他能够获得你会做：CHOWN -R 774 /无功/网络/ DIR /前端/视图/这将使根和程序员的所有用户一群充满R / W / X权限。如果你想每个文件做到这一点，你可以做CHOWN 774 /var/www/dir/front-end/views/index.html

From there you would go through and the directories you would want him to have access to you would do: chown -R 774 /var/www/dir/front-end/views/ which would give root and all users in programmers group full R/W/X permissions. If you wanted to do it per file, you could do chown 774 /var/www/dir/front-end/views/index.html

有关，如果他们想修改一个文件中的所有其他用户（让我们说，他们使用的是VIM），他们会需要做的须藤VIM /var/www/dir/front-end/views/index.html。这将让他们pretend是根，并且能够不顾编辑其他权限（这是在三位八进制去年4）。

For all other users if they wanted to modify a file (let us say they are using vim), they'd need to do sudo vim /var/www/dir/front-end/views/index.html . This would let them pretend to be root and be able to edit regardless of the Other permission (which is that last 4 in the three digit octal).

方法2

如果他们是基于组你可以把和根拥有的所有文件的组名员工（假设普通用户都在该组）。那么对于你希望他编辑的文件（让使用者说，他的用户名是frontdev），你可以做CHOWN -R frontdev：员工在/ var / WWW / DIR /前端/视图/再搭配chmod该目录为774。 ..和你可以为单个文件这样做。这样，所有的员工，包括你的员工组将具有完全的权限。根会对所有文件和目录的权限......然后，你可以指定自己的用户作为文件的控制权一次性用户/迪尔斯你需要他能够访问。

If they are group based you could make all files owned by root and the group employees (assuming normal users are in that group). Then for the files that you want him to edit (let use say his username is frontdev), you could do chown -R frontdev:employees /var/www/dir/front-end/views/ and then chmod that directory to 774...and you can do the same for individual files. That way all your employees, including you, in the employees group would have full permissions. Root would have permissions on all files and directories...and then you could assign his user as the one-off user in control of the files/dirs you need him to have access to.

您也可以看看关押用户只有经过授权的目录。 Jailkit是一个大的。这里是一个很好的教程：http://askubuntu.com/questions/93411/simple-easy-way-to-jail-users

You can also look into jailing the user to only authorized directories. Jailkit is a big one. Here is a good tutorial: http://askubuntu.com/questions/93411/simple-easy-way-to-jail-users