Authorize users to operate a certain folder in Ubuntu 16.04

Linux gives users permissions to operate a certain folder

Ubuntu16.04 used here

1. Configure website administrator

Linux file or directory permissions are divided into three permissions: read, write, and executable. The user categories for file access are divided into three categories: file creator, users in the same group as the file creator, and other users.

Add user

useradd -d /var/www/html webadmin
passwdwebadmin

4Add user to group

例：usermod -G groupA username
usermod -G webadmin webadmin

#Change the file owners of the directory /var/www/html and all files and subdirectories under it to webadmin and webadmin groups

chown -R webadmin:webadmin /var/www/html

#Set permissions for the directory /var/www/html

chmod 770 /var/www/html

Currently, only root and webadmin are allowed to access the website directory

2. Add audit administrator to only allow access to /var/log1) Add audit account

The audit account is only used for the audit function, and its permissions can be changed based on the ordinary account

1) Create audit account shenji

[root@localhost ~]# useradd shenji
[root@localhost ~]# passwd shenji

2) Change the permissions of the audit account so that it only has the viewing function

Change the /etc/sudoers file and add viewing permissions for the audit user. Add the following content:

vi /etc/sudoers
shenji ALL = (root) NOPASSWD: /usr/bin/cat , /usr/bin/less , /usr/bin/more , /usr/bin/tail , /usr/bin/head

3) Restrict the audit administrator to only allow access to /var/log

Specify that /var/log is only accessible to audit administrators

chown -R shenji:shenji /var/log

#Set permissions for the directory /var/log

# 700表示只允许自己访问，不允许其他用户访问
chmod 700 /var/log
[shenji@localhost ~]$ sudo tail /var/log/messages

3. Add security administrator 1) Reduce account number

useradd -d /etc anquan
passwd anquan

2) Restrict security administrators to only allow access to /etc

Specify that /etc is only allowed to be accessed by audit administrators

chown -R anquan:anquan /etc

#Set permissions for directory /etc

# 700表示只允许自己访问，不允许其他用户访问
chmod 700 /etc

4. Set ordinary users to be able to use su and sudo in Linux 1: Set ordinary users to be able to use su

su: You can switch between different users (usually root) in one login session. This means that you do not need to log out of the current user and switch to a new user.

vi /etc/pam.d/su

第一个框：去除注释以后，信任的wheel组用户su时侯不用密码。

第二个框：去除注释以后，只有wheel的用户能够su。

注意：以上是仅仅wheel组才可以su，假若改为其他组可以su的话linux授权文件夹给用户，这么就把use_uid改为group=manager即可（例如

manager组）linux授权文件夹给用户嵌入式linux培训，这样manager组的用户可以sulinux学习论坛，wheel的用户就不能su了。

！难堪了，webadmin指定/var/www/html后，nginx难以访问网站目录了，

加其他用户可读的权限

chmod 641 /var/www/html

The above is the detailed content of Authorize users to operate a certain folder in Ubuntu 16.04. For more information, please follow other related articles on the PHP Chinese website!