How to configure permission management on Linux

How to configure permission management on Linux

In the Linux operating system, permission management is a very important component. By configuring permissions correctly, we can protect our files and systems from unauthorized access and ensure that users can only access the resources for which they are authorized. This article will introduce how to configure permission management on Linux to protect the security of files and systems.

1. User and user group management

Before configuring permission management, we need to first understand the concepts of users and user groups in Linux. A user is a specific individual in the system, while a user group is a group of related users. Each user belongs to a primary user group and can also belong to multiple additional user groups.

In order to manage users and user groups, we can use the following command:

• useradd: Create a user
• passwd: Set the user's password
• groupadd: Create a user group
• usermod: Modify the user's attributes
• userdel: Delete a user
• groupmod: Modify the attributes of the user group
• groupdel: Delete a user group
• useradd -G groupname username: Add a user to a user group

For example, the following code demonstrates how to create a new userjohn And set the password:

$ sudo useradd john
$ sudo passwd john

2. Permissions of files and directories

In Linux, each file and directory has three different permissions: read, write and implement. These permissions can be set for the file's owner, group, and other users. Each permission is represented by a letter:

• r: Read permission
• w: Write permission
• x: Executable permissions

We can use the ls -l command to view the permissions of files and directories:

$ ls -l

-rw-rw-r-- 1 john john 0 Aug 1 15:30 myfile.txt
drwxrwxr-x 2 john john 4096 Aug 1 15:30 mydir

In the above example, the permissions of the myfile.txt file are -rw-rw-r--, which means that the file owner and group have read and write permissions, and other users Can only be read. mydirThe permissions of the directory are drwxrwxr-x, which means that the directory owner and the group to which it belongs have read, write and execute permissions, and other users only have read and execute permissions.

We can use the following commands to set the permissions of files and directories:

• chmod: Change the permissions of files and directories
• chown: Change the owner of files and directories
• chgrp: Change the group to which files and directories belong

For example, the following code demonstrates How to set myfile.txt file permissions so that only the owner can write to:

$ chmod 600 myfile.txt

3. SUID, SGID and Sticky Bit

besides the basics In addition to file and directory permissions, Linux also provides some other permission settings. The more important ones are SUID, SGID and Sticky Bit.

• SUID (Set User ID): It allows the user to execute the program with the permissions of the program owner. This can be useful in certain situations, such as setting SUID permissions on the passwd command to enable normal users to change their own passwords.
• SGID (Set Group ID): It allows the user to execute the program with the permissions of the group to which the program belongs. For example, set SGID permissions on /usr/bin/mail so that ordinary users can send emails to a certain user.
• Sticky Bit: It can only be applied to directories, and only the directory owner, file owner, and superuser can delete or rename files within it. This is important for public shared directories to prevent other users from deleting other people's files.

We can use the following command to set SUID, SGID and Sticky Bit permissions:

• chmod u s: Set SUID permissions
• chmod g s: Set SGID permissions
• chmod t: Set Sticky Bit permissions

For example, the following code demonstrates how to /usr/bin/mail The command is set to have SGID permissions:

$ sudo chmod g+s /usr/bin/mail

By correctly configuring permission management, we can effectively protect the security of our files and systems. By properly assigning users and user groups, setting correct file and directory permissions, and using SUID, SGID, and Sticky Bit permissions, we can limit user access to sensitive files and system resources and prevent unauthorized modification and deletion.

Summary

In this article, we introduced how to configure permission management on Linux. We learned the management of users and user groups, the setting of file and directory permissions, and the use of SUID, SGID and Sticky Bit permissions. By configuring permissions correctly, we can protect our files and systems from unauthorized access. I hope this article will help you configure permission management on Linux.

The above is the detailed content of How to configure permission management on Linux. For more information, please follow other related articles on the PHP Chinese website!