Home  >  Article  >  Operation and Maintenance  >  How to use Linux for user rights management and access control

How to use Linux for user rights management and access control

WBOY
WBOYOriginal
2023-08-03 23:00:332731browse

How to use Linux for user rights management and access control

In the Linux system, user rights management and access control are very important, which can ensure the security of the system and the confidentiality of data. This article will introduce how to use Linux for user rights management and access control, and provide relevant code examples.

1. User rights management

  1. Users and user groups

In the Linux system, permissions are managed through users and user groups. A user is an individual with permission to log in to the system, and a user group is an organizational form that groups multiple users together.

  • Create user: Use the useradd command to create a new user, for example: sudo useradd username
  • Set user password: use ## The #passwd command can set a password for a user, for example: sudo passwd username
  • Delete a user: Use the
  • userdel command to delete a user, for example: sudo userdel -r username
  • Create a user group: Use the
  • groupadd command to create a user group, for example: sudo groupadd groupname
  • will Add users to user groups: Use the
  • usermod command to add users to user groups, for example: sudo usermod -aG groupname username
    file Permissions
Linux systems use permissions to control access to files and directories. Rights tags are divided into three groups: owner, owner's group, and other users. Each group has three permissions: read, write, and execute permissions.

    Modify file permissions: Use the
  • chmod command to modify file permissions, for example:
  • sudo chmod 755 filename    // 所有者具有读、写、执行权限,同组用户和其他用户只具有读和执行权限
    sudo chmod +x filename     // 给文件添加执行权限
    sudo chmod u-r filename    // 去除所有者的读权限
    Sudo permissions
Sudo (superuser do) is an important command in the Linux system, which allows ordinary users to execute specific commands as a super user. Sudo permissions can limit the user's operation scope and permissions.

    Configure Sudo permissions: Use the
  • visudo command to edit the sudo configuration file /etc/sudoers to authorize or revoke ordinary users' permission to execute specific commands. For example:
  • username ALL=(ALL) ALL    // 授权用户执行所有命令
    username ALL=(root) /bin/ls    // 授权用户只能执行/bin/ls命令
2. Access control

    SELinux
SELinux (Security Enhanced Linux) is a security-enhanced Linux kernel module , which can provide more fine-grained access control. By setting SELinux security policies, you can restrict a program's access to files, networks, and other system resources.

    View SELinux status: Use the
  • sestatus command to view the status of SELinux, for example: sudo sestatus
  • Modify the SELinux policy: use # The ##setsebool
  • command can modify the security options of SELinux, for example: sudo setsebool -P httpd_can_network_connect on
Firewall
  1. Firewall is an important component in protecting computer network security. It can control network traffic through access control policies.

Turn on the firewall: Use the
    ufw
  • command to manage the firewall of the Ubuntu system, for example:
    sudo ufw enable    // 开启防火墙
    sudo ufw allow ssh    // 允许SSH连接
Manage firewall rules: use
    ufw
  • Commands can manage firewall rules, for example:
    sudo ufw status    // 查看防火墙状态
    sudo ufw allow 80    // 允许HTTP访问
    sudo ufw delete allow 80    // 删除HTTP访问规则
  • Code example:

Create a new user:
  1. sudo useradd username
    sudo passwd username
Modify file permissions:
  1. sudo chmod 755 filename
    sudo chmod +x filename
    sudo chmod u-r filename
Configure Sudo permissions:
  1. sudo visudo
  2. Add the following lines to the open file:
username ALL=(ALL) ALL
username ALL=(root) /bin/ls

Turn on the firewall:
  1. sudo ufw enable
    sudo ufw allow ssh
  2. Summary:

By using the user rights management and access control functions provided by the Linux system, we can effectively manage user rights and restrict users’ access to files , network and system resource access. Properly configuring permissions and access control is an important measure to protect system security, and it is also a skill that every system administrator must be familiar with and master. I hope the introduction and examples in this article can be helpful to readers in Linux system permission management and access control.

The above is the detailed content of How to use Linux for user rights management and access control. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn