Personal computing discussed

Moderators: SecretSquirrel, notfred

 
Kurotetsu
Gerbil Elite
Topic Author
Posts: 546
Joined: Sun Dec 09, 2007 12:13 pm

Unix Permissions and Security Tutorial

Thu Oct 04, 2012 10:46 am

I'm currently teaching myself web server administration using a local Linux Mint-based server. I know one very important step I've kind of been glossing over is managing Unix permissions (including creating and managing users and user groups) and security in general. I was hoping some of you here might know of a good resource for learning the intricacies of it, tailored for someone who knows jack and crap about it and only seriously started learning Linux a month or so ago.
Under Construction Forever~~~
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 11:46 am

I would read them in the order they are below for Linux permissions.

How Linux file permissions work
http://www.cyberciti.biz/faq/how-linux- ... ions-work/

Linux permissions help
http://www.zzee.com/solutions/linux-permissions.shtml

Learn Linux, 101: Manage file permissions and ownership
http://www.ibm.com/developerworks/linux ... index.html

The Learn Linux, 101 series on IBM Developer Works is a good series on Linux in general.

Other stuff with interesting tidbits:
ArchWiki File Permissions
https://wiki.archlinux.org/index.php/File_Permissions
 
cheesyking
Minister of Gerbil Affairs
Posts: 2546
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 12:25 pm

In addition to the traditional ownership and permissions there's also the option of ACLs:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html

Those redhat docs look pretty good.
Fernando!
Your mother ate my dog!
 
Kurotetsu
Gerbil Elite
Topic Author
Posts: 546
Joined: Sun Dec 09, 2007 12:13 pm

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 1:18 pm

Thanks much. I actually think I can use some of this at work too...
Under Construction Forever~~~
 
Kurotetsu
Gerbil Elite
Topic Author
Posts: 546
Joined: Sun Dec 09, 2007 12:13 pm

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 1:45 pm

cheesyking wrote:
In addition to the traditional ownership and permissions there's also the option of ACLs:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html

Those redhat docs look pretty good.


Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

Also, what are the practical differences between using the standard permissions mechanism and ACLs?
Under Construction Forever~~~
 
just brew it!
Gold subscriber
Administrator
Posts: 44625
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 2:39 pm

Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

Yes.

Kurotetsu wrote:
Also, what are the practical differences between using the standard permissions mechanism and ACLs?

The standard permissions mechanism is simpler and coarser-grained.
The years just pass like trains. I wave, but they don't slow down.
-- Steven Wilson
 
PenGun
Gerbil Elite
Posts: 893
Joined: Fri Jun 18, 2004 1:48 pm
Location: BC Canada
Contact:

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 5:14 pm

Learn to use Midnight Commander in a terminal. Makes a lot of that kind of thing very easy to change. You do need to learn the basics though.
Fuji X-E1 Leica Elmar 135 4 XF60mm 2.4 Macro | Zeiss FE 35mm 2.8
http://carnagepro.com
"Everything ... they eat everything, and fear is their bacon bits."
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Unix Permissions and Security Tutorial

Thu Oct 04, 2012 5:33 pm

Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?


The acl mount option will need to be enabled in fstab for Posix ACL permissions to work, and most of the time you're not going to run into them.

The switch is acl for ext filesystems per the mount manpage.

fstab entry without acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults 1 2
fstab entry with acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults,acl 1 2
 
Kurotetsu
Gerbil Elite
Topic Author
Posts: 546
Joined: Sun Dec 09, 2007 12:13 pm

Re: Unix Permissions and Security Tutorial

Fri Oct 05, 2012 3:18 pm

Flatland_Spider wrote:
Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?


The acl mount option will need to be enabled in fstab for Posix ACL permissions to work, and most of the time you're not going to run into them.

The switch is acl for ext filesystems per the mount manpage.

fstab entry without acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults 1 2
fstab entry with acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults,acl 1 2


The Red Hat tutorial that was linked mentioned this step. I think you also need the ACL library installed, but most distros will already have that by default?

It seems ACLs are better and in ways easier to learn than the chmod approach, so I'll likely just use that for my server (though I'll still learn chmod for the sake of it).

EDIT:

I noticed in your example entry w/ ACL that you have a comma separating defaults and the acl switch, whereas the Red Hat tutorial example omits that. Is that a typo?
Under Construction Forever~~~
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Unix Permissions and Security Tutorial

Fri Oct 05, 2012 6:52 pm

Is the command below what you're talking about?
LABEL=/work      /work       ext3    acl        1 2


The comma was intentional. That's the correct syntax for multiple options in fstab. The example from RedHat leaves off the defaults option. I haven't tried an entry like that in fstab, but the de facto convention is to use defaults unless you want to restrict some functions.

Defaults specifies rw, suid, dev, exec, auto, nouser, and async. Check the mount manpage or http://linux.die.net/man/8/mount for an explanation of what each ones does.

Kurotetsu wrote:
It seems ACLs are better and in ways easier to learn than the chmod approach, so I'll likely just use that for my server (though I'll still learn chmod for the sake of it).


Using ACLs to control permissions is an odd way to setup a webhost. Most webhosts are setup one of two ways. The first way is where the Apache group is set as the group on the folders/files, and the second way is to add the Apache user to group of the website owner.
 
just brew it!
Gold subscriber
Administrator
Posts: 44625
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Unix Permissions and Security Tutorial

Sat Oct 06, 2012 9:46 am

Flatland_Spider wrote:
Using ACLs to control permissions is an odd way to setup a webhost. Most webhosts are setup one of two ways. The first way is where the Apache group is set as the group on the folders/files, and the second way is to add the Apache user to group of the website owner.

Yup, I agree... there's typically no need for ACLs on a web server. It's massive overkill and just over-complicates things. The "classic" *NIX permissions scheme has enough flexibility to handle most use cases without the need to resort to ACLs.

If you're setting up a dynamic (database driven) web CMS with finer grained controls (e.g. normal users, mods, admins, etc.), then that is handled internally by the web app, not at the file system permissions level.
The years just pass like trains. I wave, but they don't slow down.
-- Steven Wilson

Who is online

Users browsing this forum: No registered users and 1 guest