Permissions and access control strategies that you need to pay attention to before building a web server on CentOS

Permissions and access control policies that you need to pay attention to before building a web server on CentOS

In the process of building a web server, permissions and access control policies are a very important part. Correctly setting permissions and access control policies can protect the security of the server and prevent unauthorized users from accessing sensitive data or improperly operating the server. This article will introduce the permissions and access control strategies that need to be paid attention to when building a web server under the CentOS system, and provide corresponding code examples.

1. User and Group Management

First, we need to create a user specifically used to run the web server and add it to the appropriate group. Create a user named "webuser" in the system by running the following command:

sudo useradd webuser

Next, we can add the webuser user to the www-data group (for Apache server) using the following command:

sudo usermod -a -G www-data webuser

2. Settings of file and directory permissions

When building a web server, we need to ensure that the files and directories on the server have appropriate permissions. Normally, web server users only need permission to read files and execute directories, not write permissions.

The following is an example of setting directory permissions. Suppose we want to place the website files in the /var/www/html directory:

sudo chown -R webuser:www-data /var/www/html
sudo chmod -R 755 /var/www/html

The above command sets the owner of the /var/www/html directory to the webuser user and the group to the www-data group. At the same time, the permissions of the directory are set to 755, that is, the owner has read, write, and execute permissions, while the group and other users only have read and execute permissions.

3. Access control policy

In addition to file and directory permissions, we also need to set access control policies to control access to the web server. There are mainly the following ways to achieve this.

(1) Use configuration files to control access

In the Apache server, access permissions can be controlled through configuration files. For example, you can use the "Require" directive to restrict access to specific IP addresses. Here is an example of allowing only specific IP addresses to access a website:

<Directory /var/www/html>
    Order deny,allow
    Deny from all
    Allow from 192.168.1.100
</Directory>

The above configuration will deny all access requests except those with IP address 192.168.1.100.

(2) Use firewall to control access

Another way to control access is to use firewall rules. In CentOS systems, you can use the firewall-cmd command to set firewall rules. Here is an example to only allow HTTP access from a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='
    rule family="ipv4"
    source address="192.168.1.100"
    port protocol="tcp" port="80" accept'

The above command will allow the host with IP address 192.168.1.100 to access the HTTP service.

Summary:

Before building a web server, we must pay attention to the settings of permissions and access control policies. You can improve server security by properly setting user, group, file and directory permissions, and controlling access using configuration files and firewall rules. In CentOS systems, you can use the code examples provided above to set permissions and access control policies.

The above is the detailed content of Permissions and access control strategies that you need to pay attention to before building a web server on CentOS. For more information, please follow other related articles on the PHP Chinese website!