Well, I know this is relatively old, but twalberg is correct: there's actually a relatively easy way to accomplish this with POSIX ACL's. They've existed since the late 90's/early 2000's so I don't know why more people don't use them.

好吧，我知道这相对较旧，但 twalberg 是正确的：实际上有一种相对简单的方法可以使用 POSIX ACL 来完成此操作。它们自 90 年代末/ 2000 年代初就存在，所以我不知道为什么更多人不使用它们。

How to do it:Do as you've already done, then simply execute this command:

怎么做：按照你已经做过的，然后简单地执行这个命令：

# setfacl -m g:god:rwx public private

and in one command you get what you're wanting. You'll spend forever trying to figure out how to do it using ONLY traditional unix permissions.

并且在一个命令中你得到你想要的。您将永远试图弄清楚如何仅使用传统的 unix 权限来完成它。

Mikic's advice may still be good (depending on what you're trying to accomplish), and it might be more straight forward to reference as few groups as possible in your permissions (or maybe you want it to be apparent that "chris" isn't a regular user, but an administrative one, again it depends on what you want to construct).

Mikic 的建议可能仍然很好（取决于您要完成的工作），并且在您的权限中引用尽可能少的组可能会更直接（或者您可能希望“克里斯”显然不是） t 是一个普通用户，但是一个管理用户，这同样取决于您想要构建的内容）。

I offered something closer to what you're trying to accomplish, because there may be situations where you're trying to give a secondary user/group access to a directory but you don't want to choose between "chris" not getting access to these two directories and "chris" getting access to all those other files and directories "pub" and "priv" might have access to. With ACL's you don't have to make those choices, which is why they were added and are now a core part of most Unix (and BSD and Linux) platforms.

我提供了一些更接近于你想要完成的东西，因为在某些情况下，你试图给一个二级用户/组访问一个目录，但你不想在“克里斯”无法访问之间做出选择这两个目录和“chris”可以访问“pub”和“priv”可能有权访问的所有其他文件和目录。使用 ACL，您不必做出这些选择，这就是为什么添加它们并且现在它们是大多数 Unix（以及 BSD 和 Linux）平台的核心部分的原因。

There are two problematic things in your approach. The first one is:

你的方法有两个问题。第一个是：

chgrp god public private
chgrp pub public

With second command, you discarded the effect of the first one. Directory publicnow belongs to pubgroup, not to godanymore.

使用第二个命令，您放弃了第一个命令的效果。目录public现在属于pub组，god不再属于组。

The second thing is that you probably didn't give write permissions on directory publicto group that owns it (the fact that the user executing the command touchbelongs to directory's group doesn't matter).

第二件事是您可能没有将目录的写权限授予public拥有它的组（执行命令的用户touch属于目录组的事实无关紧要）。

Try this:

尝试这个：

chmod 770 public

and do similar with other directories. However, what you're initially trying to achieve is impossible because the directory can belong to one group only. Nikos elaborated it well in his answer - place user in more groups.

并与其他目录类似。但是，您最初尝试实现的目标是不可能的，因为目录只能属于一个组。Nikos 在他的回答中很好地阐述了它 - 将用户置于更多组中。

You said that the group "pub" should be the only group to have permissions over "public". But right before that you said that "god" should also have access. So "pub" can't be the only one that has access. Ditto for "priv".

您说“pub”组应该是唯一拥有“public”权限的组。但就在此之前，您说“上帝”也应该有访问权。所以“pub”不能是唯一可以访问的人。“priv”同上。

You also say:

你还说：

I have two groups: "pub", "priv" and "god".

我有两个组：“pub”、“priv”和“god”。

Well, that's three groups. (Reminds me of that famous quote: "There's three kinds of people in this world; those who can count and those who can't." :-P)

嗯，那是三组。（让我想起那句名言：“这个世界上有三种人；会数数的人和不会数数的人。”:-P)

Your base concept seems wrong. The way this works is rather simple. Create two groups, "pub" and "priv". Place all users who need access to the directories accordingly. Users who need access to both directories should belong to both groups.

你的基本概念似乎是错误的。其工作方式相当简单。创建两个组，“pub”和“priv”。相应地放置所有需要访问目录的用户。需要访问这两个目录的用户应该属于这两个组。

In this case, "chris" should be put in both the "pub" as well as the "priv" group. "john" should be put in the "pub" group. "dan" should be put in the "priv" group.

在这种情况下，“chris”应该放在“pub”和“priv”组中。“john”应该放在“pub”组中。“dan”应该放在“priv”组中。

What you were trying to do is having the directories be owned by two groups. That's not possible. It's users who can be part of multiple groups, not files or directories. You simply got it backwards :-)

您试图做的是让目录归两个组所有。那是不可能的。用户可以属于多个组，而不是文件或目录。你只是把它倒退了:-)

You will need to use a file system that supports ACLs. As mentioned in other answers, the puband privgroup ownership is possible with the basic Linux permissions, but to grant access to the godgroup, since files/directories can only have a single group tag, will require an ACL. Most of the current file systems should support this functionality - see the manual pages for getfacland setfacl.

您将需要使用支持 ACL 的文件系统。正如其他答案中提到的，使用基本 Linux 权限可以拥有pub和priv组所有权，但要授予对god组的访问权限，因为文件/目录只能有一个组标签，需要一个 ACL。目前大多数文件系统应支持此功能-请参阅手册页getfacl和setfacl。