How to use Linux for user rights management and access control

How to use Linux for user rights management and access control

In the Linux system, user rights management and access control are very important, which can ensure the security of the system and the confidentiality of data. This article will introduce how to use Linux for user rights management and access control, and provide relevant code examples.

1. User rights management

1. Users and user groups

In the Linux system, permissions are managed through users and user groups. A user is an individual with permission to log in to the system, and a user group is an organizational form that groups multiple users together.

• Create user: Use the useradd command to create a new user, for example: sudo useradd username
• Set user password: use ## The #passwd command can set a password for a user, for example: sudo passwd username
Delete a user: Use the
• userdel command to delete a user, for example: sudo userdel -r username
Create a user group: Use the
• groupadd command to create a user group, for example: sudo groupadd groupname
will Add users to user groups: Use the
• usermod command to add users to user groups, for example: sudo usermod -aG groupname username

file Permissions

Linux systems use permissions to control access to files and directories. Rights tags are divided into three groups: owner, owner's group, and other users. Each group has three permissions: read, write, and execute permissions.

Modify file permissions: Use the
• chmod command to modify file permissions, for example:

sudo chmod 755 filename    // 所有者具有读、写、执行权限，同组用户和其他用户只具有读和执行权限
sudo chmod +x filename     // 给文件添加执行权限
sudo chmod u-r filename    // 去除所有者的读权限

Sudo permissions

Sudo (superuser do) is an important command in the Linux system, which allows ordinary users to execute specific commands as a super user. Sudo permissions can limit the user's operation scope and permissions.

Configure Sudo permissions: Use the
• visudo command to edit the sudo configuration file /etc/sudoers to authorize or revoke ordinary users' permission to execute specific commands. For example:

username ALL=(ALL) ALL    // 授权用户执行所有命令
username ALL=(root) /bin/ls    // 授权用户只能执行/bin/ls命令

2. Access control

SELinux

SELinux (Security Enhanced Linux) is a security-enhanced Linux kernel module , which can provide more fine-grained access control. By setting SELinux security policies, you can restrict a program's access to files, networks, and other system resources.

View SELinux status: Use the
• sestatus command to view the status of SELinux, for example: sudo sestatus
Modify the SELinux policy: use # The ##setsebool
• command can modify the security options of SELinux, for example: sudo setsebool -P httpd_can_network_connect on

Firewall

Firewall is an important component in protecting computer network security. It can control network traffic through access control policies.

Turn on the firewall: Use the

ufw
• command to manage the firewall of the Ubuntu system, for example:

  sudo ufw enable    // 开启防火墙
  sudo ufw allow ssh    // 允许SSH连接

Manage firewall rules: use

ufw
• Commands can manage firewall rules, for example:

  sudo ufw status    // 查看防火墙状态
  sudo ufw allow 80    // 允许HTTP访问
  sudo ufw delete allow 80    // 删除HTTP访问规则

Code example:

Create a new user:

1. sudo useradd username
   sudo passwd username

Modify file permissions:

2. sudo chmod 755 filename
   sudo chmod +x filename
   sudo chmod u-r filename

Configure Sudo permissions:

3. sudo visudo

Add the following lines to the open file:

username ALL=(ALL) ALL
username ALL=(root) /bin/ls

Turn on the firewall:

4. sudo ufw enable
   sudo ufw allow ssh

   Summary:

   By using the user rights management and access control functions provided by the Linux system, we can effectively manage user rights and restrict users’ access to files , network and system resource access. Properly configuring permissions and access control is an important measure to protect system security, and it is also a skill that every system administrator must be familiar with and master. I hope the introduction and examples in this article can be helpful to readers in Linux system permission management and access control.

   The above is the detailed content of How to use Linux for user rights management and access control. For more information, please follow other related articles on the PHP Chinese website!