linux role based access control

Tags: lnmp anti-theft chain access control reverse proxy1 Nginx configuration anti-theft chainThe principle of anti-theft chain we have already introduced in lamp, here no longer repeat, directly look at the configuration process.The core statement is valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; }Of course we have to put it in the location, combine

#: Displays information about recent # timesLASTB:/var/log/btmp file that displays user error login attempts-N #: Displays information about recent # timesLastlog:Displays the last successful login information for each user;-U USERNAME: Displays recent login information for a specific userbasename:Gets the base name of the path$: Script path and name when executing script (reference script name)Example:basename/etc/passwd Mail:MailEnter a number to view a messageQ: ExitExample: (Send mail)Cat/e

Experimental Purpose: To understand the Linux file format with permission settings Experiment steps: 1. Log in as root into Linux 2. Create a new account using the following command Anyuser/usr/sbin/useradd Anyuser 3. Set password for Anyuser account: /usr/sbin/passwd Changing password for user anyuser New UN IX Password Retype UNIX Password 4. Log off and login with Anyuser account 5. View the co

/test1.sh Set User Donggen have read and write permissions for/test/test1.sh files[Email protected] ~]# getfacl/test/test1.shGetfacl:removing leading '/' from absolute path names# file:test/test1.sh# Owner:root# Group:rootUser::rwxGroup::r-xOther::r-x[Email protected] ~]# setfacl-m u:donggen:rw/test/test1.sh[Email protected] ~]# GetfaclUsage:getfacl [-ACEESRLPTPNDVH] File ...Try ' Getfacl--help ' for more information.[Email protected] ~]# getfacl/test/test1.shGetfacl:removing leading '/' from ab

server, you can copy it using a USB stick, or you can upload it using FTP, sharing, and so on. Here we use the SCP command we just spoke to upload the public key file.3. Import the public key text in the SSH serverIn the server, the public key database for the target user (the user to log on remotely) is located in the ~/.ssh/directory, and the default file name is Authorized_keys. As follows: Import the test's public key file into the user's public key database.4, at this time in the client ca

Access Control (1)In section 6.3.3, the main focus is on the control of the use of shared resource permissions by certain users, whose administrative principal is the user. If you need to control the host, the method is also more, you can use Iptables (see Chapter 17th), you can also use the Samba service itself

then make the following edits:User host name = command file pathExample: Zhangsan rhel6=/sbin/ifconfig gives the user Zhangsan permission to perform/sbin/ifconfig Second, the key pair verification1. Turn on the key pair verification function on the server vim/etc/ssh/sshd_config edit the SSH configuration file as shown in2. On the client switch to normal user Zhangsan, create the key pair ssh-keygen-t RSA, as shown in Ssh-copy-id-i id_rsa.pub [email protected] switch to the folder

:/tmp/php-fcgi.sock;Fastcgi_index index.php;Fastcgi_param Script_filename/data/wwwroot/test.com$fastcgi_script_name;}Fastcgi_pass used to specify the address or socket of the PHP-FPM listener[Email protected] ~]# vi/data/wwwroot/test.com/3,phpFour, nginx agentCd/usr/local/nginx/conf/vhostVim proxy.conf//Add the following:Server{Listen 80;server_name ask.apelearn.com;Location/{Proxy_pass http://121.201.9.155/;Proxy_set_header Host $host;Proxy_set_header X-real-ip $remote _addr;Proxy_set_header x-

attack is encountered.2> Key pair verification: a matching key information is required to be validated. Typically, you create a pair of key files in the client computer and then place the public key file at the specified location on the server. When remote login, the system will use the public key, the private key for encryption/decryption association authentication, greatly enhance the security.When password authentication and key pair validation are enabled, the server takes precedence over k

command:/bin/chmod o-r/etc/nbsp; chmod is an order to make a fortune in a file or directory under Linux, for detailed We will introduce it in the operating system Security section. nbsp; 8Re-log on again with the Anyuser account, trying to list everything under/etc/nbsp; 9. The command should fail nbsp; 10 as the system no longer allows everyone to access. As a non-root user, you can use the following comm

::rwxUser:student:r-x #effective: r--# # #因为mask为r, so here the maximum permission is Rgroup::r--mask::r--Other::rwxCan be corrupted when you change file normal permissions with chmodRepairSetfacl-m m:rwx file name********acl default Permissions ************When we need a directory for student writable, and the new subdirectory in the directory to student can also be writtenThe default default permissions must be setNote: The default permissions are only valid for newly created files or director

There are three types of permissions for filesOther permissions that belong to the Master permission group permissionNow there is a scenario where user A wants to share the file with user B not in the same group, but does not want to modify other permissions, and Facl is working.Facl can add an extended permission to the file, only need to add user B to the file extension permission list and give permission.Facl usage:Get File FaclGetfacl file namefile : Facl.txt # owner:eko# GROUP:EKOUSER::R