File Permission control in linux and File Permission control in linux

Source: Internet
Author: User

File Permission control in linux and File Permission control in linux

In a linux environment, collaborative development may encounter many situations. We need to set specific permissions for these accounts.

Here we need to use ACL

1. Add an account and set the password

useradd terrypasswd terry


2. acl settings:

2.1

Disable the view of software configuration: access is denied to the mysql, nginx, php, and mongodb2.6 directories in the/usr/local directory.

setfacl -m u:terry:rx /usr/local/{mysql,nginx,php,mongodb2.6}

2.2

Shield other project information view: under the Development Directory, only the system directory that you create is checked, and the others are blocked.

setfacl -m u:terry:- /www/web/develop/{e_commerce,dwz-ria,e_commerce_huang_di,yourls,phpmyadmin,onfancy.com,market.onfancy.com,magento2,magento,YiiSpace-master,yii-market_copy_2014-11-12,yii2-huangdi,yii-market,yii2}

2.3

Some sensitive directories in the system project are forbidden. For php systems, developers do not want to see all the code, which may be taken away from the company's code.

Here, we need to set it to make it unable to view some of the company's code files. Here we can set it through acl


2.4

setfacl -m u:terry:-  /www/web/develop/erp/myapp/code/core/Erp/{Sales,System,Dashboard,Adminlogin}

In this way, you can block some files in your system files from developers.

In this way, for example, three modules developed by developers a, B, and c

You can only view your own modules, but not those of others. This ensures the security of the development environment and prevents system code leakage.

2.5

In addition, the packaging function of php is disabled, so that the system files are downloaded after being packaged.

Alternatively, you can disable the download of files in the development environment.


2.6 In addition, some other sensitive paths, such as/tools,/etc/php. ini files, must be blocked for access and system security should be maintained as much as possible.


Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.