Operation and MaintenanceLinux Operation and MaintenancePermissions and access control strategies that you need to pay attention to before building a web server on CentOSPermissions and access control strategies that you need to pay attention to before building a web server on CentOS
Permissions and access control policies that you need to pay attention to before building a web server on CentOS
In the process of building a web server, permissions and access control policies are a very important part. Correctly setting permissions and access control policies can protect the security of the server and prevent unauthorized users from accessing sensitive data or improperly operating the server. This article will introduce the permissions and access control strategies that need to be paid attention to when building a web server under the CentOS system, and provide corresponding code examples.
- User and Group Management
First, we need to create a user specifically used to run the web server and add it to the appropriate group. Create a user named "webuser" in the system by running the following command:
sudo useradd webuser
Next, we can add the webuser user to the www-data group (for Apache server) using the following command:
sudo usermod -a -G www-data webuser
- Settings of file and directory permissions
When building a web server, we need to ensure that the files and directories on the server have appropriate permissions. Normally, web server users only need permission to read files and execute directories, not write permissions.
The following is an example of setting directory permissions. Suppose we want to place the website files in the /var/www/html directory:
sudo chown -R webuser:www-data /var/www/html sudo chmod -R 755 /var/www/html
The above command sets the owner of the /var/www/html directory to the webuser user and the group to the www-data group. At the same time, the permissions of the directory are set to 755, that is, the owner has read, write, and execute permissions, while the group and other users only have read and execute permissions.
- Access control policy
In addition to file and directory permissions, we also need to set access control policies to control access to the web server. There are mainly the following ways to achieve this.
(1) Use configuration files to control access
In the Apache server, access permissions can be controlled through configuration files. For example, you can use the "Require" directive to restrict access to specific IP addresses. Here is an example of allowing only specific IP addresses to access a website:
<Directory /var/www/html>
Order deny,allow
Deny from all
Allow from 192.168.1.100
</Directory>The above configuration will deny all access requests except those with IP address 192.168.1.100.
(2) Use firewall to control access
Another way to control access is to use firewall rules. In CentOS systems, you can use the firewall-cmd command to set firewall rules. Here is an example to only allow HTTP access from a specific IP address:
sudo firewall-cmd --zone=public --add-rich-rule='
rule family="ipv4"
source address="192.168.1.100"
port protocol="tcp" port="80" accept'The above command will allow the host with IP address 192.168.1.100 to access the HTTP service.
Summary:
Before building a web server, we must pay attention to the settings of permissions and access control policies. You can improve server security by properly setting user, group, file and directory permissions, and controlling access using configuration files and firewall rules. In CentOS systems, you can use the code examples provided above to set permissions and access control policies.
The above is the detailed content of Permissions and access control strategies that you need to pay attention to before building a web server on CentOS. For more information, please follow other related articles on the PHP Chinese website!
Understanding Linux: The Core Components DefinedMay 01, 2025 am 12:19 AMThe core components of Linux include kernel, shell, file system, process management and memory management. 1) Kernel management system resources, 2) shell provides user interaction interface, 3) file system supports multiple formats, 4) Process management is implemented through system calls such as fork, and 5) memory management uses virtual memory technology.
The Building Blocks of Linux: Key Components ExplainedApr 30, 2025 am 12:26 AMThe core components of the Linux system include the kernel, file system, and user space. 1. The kernel manages hardware resources and provides basic services. 2. The file system is responsible for data storage and organization. 3. Run user programs and services in the user space.
Using Maintenance Mode: Troubleshooting and Repairing LinuxApr 29, 2025 am 12:28 AMMaintenance mode is a special operating level entered in Linux systems through single-user mode or rescue mode, and is used for system maintenance and repair. 1. Enter maintenance mode and use the command "sudosystemctlisolaterscue.target". 2. In maintenance mode, you can check and repair the file system and use the command "fsck/dev/sda1". 3. Advanced usage includes resetting the root user password, mounting the file system in read and write mode and editing the password file.
Linux Maintenance Mode: Understanding the PurposeApr 28, 2025 am 12:01 AMMaintenance mode is used for system maintenance and repair, allowing administrators to work in a simplified environment. 1. System Repair: Repair corrupt file system and boot loader. 2. Password reset: reset the root user password. 3. Package management: Install, update or delete software packages. By modifying the GRUB configuration or entering maintenance mode with specific keys, you can safely exit after performing maintenance tasks.
Linux Operations: Networking and Network ConfigurationApr 27, 2025 am 12:09 AMLinux network configuration can be completed through the following steps: 1. Configure the network interface, use the ip command to temporarily set or edit the configuration file persistence settings. 2. Set up a static IP, suitable for devices that require a fixed IP. 3. Manage the firewall and use the iptables or firewalld tools to control network traffic.
Maintenance Mode in Linux: A System Administrator's GuideApr 26, 2025 am 12:20 AMMaintenance mode plays a key role in Linux system management, helping to repair, upgrade and configuration changes. 1. Enter maintenance mode. You can select it through the GRUB menu or use the command "sudosystemctlisolaterscue.target". 2. In maintenance mode, you can perform file system repair and system update operations. 3. Advanced usage includes tasks such as resetting the root password. 4. Common errors such as not being able to enter maintenance mode or mount the file system, can be fixed by checking the GRUB configuration and using the fsck command.
Maintenance Mode in Linux: When and Why to Use ItApr 25, 2025 am 12:15 AMThe timing and reasons for using Linux maintenance mode: 1) When the system starts up, 2) When performing major system updates or upgrades, 3) When performing file system maintenance. Maintenance mode provides a safe and controlled environment, ensuring operational safety and efficiency, reducing impact on users, and enhancing system security.
Linux: Essential Commands and OperationsApr 24, 2025 am 12:20 AMIndispensable commands in Linux include: 1.ls: list directory contents; 2.cd: change working directory; 3.mkdir: create a new directory; 4.rm: delete file or directory; 5.cp: copy file or directory; 6.mv: move or rename file or directory. These commands help users manage files and systems efficiently by interacting with the kernel.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
