File Permission control in linux and File Permission control in linux

File Permission control in linux and File Permission control in linux

In a linux environment, collaborative development may encounter many situations. We need to set specific permissions for these accounts.

Here we need to use ACL

1. Add an account and set the password

useradd terrypasswd terry

2. acl settings:

2.1

Disable the view of software configuration: access is denied to the mysql, nginx, php, and mongodb2.6 directories in the/usr/local directory.

setfacl -m u:terry:rx /usr/local/{mysql,nginx,php,mongodb2.6}

2.2

Shield other project information view: under the Development Directory, only the system directory that you create is checked, and the others are blocked.

setfacl -m u:terry:- /www/web/develop/{e_commerce,dwz-ria,e_commerce_huang_di,yourls,phpmyadmin,onfancy.com,market.onfancy.com,magento2,magento,YiiSpace-master,yii-market_copy_2014-11-12,yii2-huangdi,yii-market,yii2}

2.3

Some sensitive directories in the system project are forbidden. For php systems, developers do not want to see all the code, which may be taken away from the company's code.

Here, we need to set it to make it unable to view some of the company's code files. Here we can set it through acl

2.4

setfacl -m u:terry:-  /www/web/develop/erp/myapp/code/core/Erp/{Sales,System,Dashboard,Adminlogin}

In this way, you can block some files in your system files from developers.

In this way, for example, three modules developed by developers a, B, and c

You can only view your own modules, but not those of others. This ensures the security of the development environment and prevents system code leakage.

2.5

In addition, the packaging function of php is disabled, so that the system files are downloaded after being packaged.

Alternatively, you can disable the download of files in the development environment.

2.6 In addition, some other sensitive paths, such as/tools,/etc/php. ini files, must be blocked for access and system security should be maintained as much as possible.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.