答案是不能直接实现,可以简介做到,详情向下看:
This is a configuration that allows members of a group, acltest, to create and modify group files while disallowing the deletion and renaming of files except by their owner and "others," nothing. Using the username, lev and assuming umask of 022:
groupadd acltest
usermod -a -G acltest levLog out of the root account and the lev account. Log in and become root or use sudo: 注销 root 账户和 lev 账户。登录并成为 root 或使用 sudo:
mkdir /tmp/acltest
chown root:acltest /tmp/acltest
chmod 0770 /tmp/acltest
chmod g+s /tmp/acltest
chmod +t /tmp/acltest
setfacl -d -m g:acltest:rwx /tmp/acltest
setfacl -m g:acltest:rwx /tmp/acltestACL cannot set the sticky bit, and the sticky bit is not copied to subdirectories. But, you might use inotify or similar software to detect changes in the file system, such as new directories, and then react accordingly. ACL 无法设置粘滞位,并且粘滞位不会复制到子目录。但是,您可以使用 inotify 或类似软件来检测文件系统中的更改,例如新目录,然后做出相应的反应。
For example, in Debian:
apt-get install inotify-toolsThen make a script for inotify, like /usr/local/sbin/set_sticky.sh.
#!/usr/bin/env bash
inotifywait -m -r -e create /tmp/acltest |
while read path event file; do
case "$event" in
*ISDIR*)
chmod +t $path$file
;;
esac
doneGive it execute permission for root: chmod 0700 /usr/local/sbin/set_sticky.sh. Then run it at boot time from, say, /etc/rc.local or whichever RC file is appropriate:
/usr/local/sbin/set_sticky.sh &Of course, in this example, /tmp/acltest should disappear on reboot. Otherwise, this should work like a charm.