Home > Article > System Tutorial > Authorize users to operate a certain folder in Ubuntu 16.04
Linux gives users permissions to operate a certain folder
Ubuntu16.04 used here
1. Configure website administrator
Linux file or directory permissions are divided into three permissions: read, write, and executable. The user categories for file access are divided into three categories: file creator, users in the same group as the file creator, and other users.
Add user
useradd -d /var/www/html webadmin passwdwebadmin
4Add user to group
例:usermod -G groupA username usermod -G webadmin webadmin
#Change the file owners of the directory /var/www/html and all files and subdirectories under it to webadmin and webadmin groups
chown -R webadmin:webadmin /var/www/html
#Set permissions for the directory /var/www/html
chmod 770 /var/www/html
Currently, only root and webadmin are allowed to access the website directory
2. Add audit administrator to only allow access to /var/log1) Add audit account
The audit account is only used for the audit function, and its permissions can be changed based on the ordinary account
1) Create audit account shenji
[root@localhost ~]# useradd shenji [root@localhost ~]# passwd shenji
2) Change the permissions of the audit account so that it only has the viewing function
Change the /etc/sudoers file and add viewing permissions for the audit user. Add the following content:
vi /etc/sudoers shenji ALL = (root) NOPASSWD: /usr/bin/cat , /usr/bin/less , /usr/bin/more , /usr/bin/tail , /usr/bin/head
3) Restrict the audit administrator to only allow access to /var/log
Specify that /var/log is only accessible to audit administrators
chown -R shenji:shenji /var/log
#Set permissions for the directory /var/log
# 700表示只允许自己访问,不允许其他用户访问 chmod 700 /var/log [shenji@localhost ~]$ sudo tail /var/log/messages
3. Add security administrator 1) Reduce account number
useradd -d /etc anquan passwd anquan
2) Restrict security administrators to only allow access to /etc
Specify that /etc is only allowed to be accessed by audit administrators
chown -R anquan:anquan /etc
#Set permissions for directory /etc
# 700表示只允许自己访问,不允许其他用户访问 chmod 700 /etc
4. Set ordinary users to be able to use su and sudo in Linux 1: Set ordinary users to be able to use su
su: You can switch between different users (usually root) in one login session. This means that you do not need to log out of the current user and switch to a new user.
vi /etc/pam.d/su
第一个框:去除注释以后,信任的wheel组用户su时侯不用密码。
第二个框:去除注释以后,只有wheel的用户能够su。
注意:以上是仅仅wheel组才可以su,假若改为其他组可以su的话linux授权文件夹给用户,这么就把use_uid改为group=manager即可(例如
manager组)linux授权文件夹给用户嵌入式linux培训,这样manager组的用户可以sulinux学习论坛,wheel的用户就不能su了。
!难堪了,webadmin指定/var/www/html后,nginx难以访问网站目录了,
加其他用户可读的权限
chmod 641 /var/www/html
The above is the detailed content of Authorize users to operate a certain folder in Ubuntu 16.04. For more information, please follow other related articles on the PHP Chinese website!