TR Forums

Posted: **Thu Oct 04, 2012 10:46 am**

I'm currently teaching myself web server administration using a local Linux Mint-based server. I know one very important step I've kind of been glossing over is managing Unix permissions (including creating and managing users and user groups) and security in general. I was hoping some of you here might know of a good resource for learning the intricacies of it, tailored for someone who knows jack and crap about it and only seriously started learning Linux a month or so ago.

Posted: **Thu Oct 04, 2012 11:46 am**

I would read them in the order they are below for Linux permissions.

How Linux file permissions work
http://www.cyberciti.biz/faq/how-linux- ... ions-work/

Linux permissions help
http://www.zzee.com/solutions/linux-permissions.shtml

Learn Linux, 101: Manage file permissions and ownership
http://www.ibm.com/developerworks/linux ... index.html

The Learn Linux, 101 series on IBM Developer Works is a good series on Linux in general.

Other stuff with interesting tidbits:
ArchWiki File Permissions
https://wiki.archlinux.org/index.php/File_Permissions

Posted: **Thu Oct 04, 2012 12:25 pm**

In addition to the traditional ownership and permissions there's also the option of ACLs:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html

Those redhat docs look pretty good.

Posted: **Thu Oct 04, 2012 1:18 pm**

Thanks much. I actually think I can use some of this at work too...

Posted: **Thu Oct 04, 2012 1:45 pm**

cheesyking wrote:
In addition to the traditional ownership and permissions there's also the option of ACLs:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html

Those redhat docs look pretty good.

Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

Also, what are the practical differences between using the standard permissions mechanism and ACLs?

Posted: **Thu Oct 04, 2012 2:39 pm**

Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

Yes.

Kurotetsu wrote:
Also, what are the practical differences between using the standard permissions mechanism and ACLs?

The standard permissions mechanism is simpler and coarser-grained.

Posted: **Thu Oct 04, 2012 5:14 pm**

Learn to use Midnight Commander in a terminal. Makes a lot of that kind of thing very easy to change. You do need to learn the basics though.

Posted: **Thu Oct 04, 2012 5:33 pm**

Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

The acl mount option will need to be enabled in fstab for Posix ACL permissions to work, and most of the time you're not going to run into them.

The switch is acl for ext filesystems per the mount manpage.

fstab entry without acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults 1 2
fstab entry with acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults,acl 1 2

Posted: **Fri Oct 05, 2012 3:18 pm**

Flatland_Spider wrote:
Kurotetsu wrote:
Probably a silly question, but I imagine ACLs can be used on any distro and not just Red Hat/CentOS correct?

The acl mount option will need to be enabled in fstab for Posix ACL permissions to work, and most of the time you're not going to run into them.

The switch is acl for ext filesystems per the mount manpage.

fstab entry without acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults 1 2
fstab entry with acl: UUID=466a050a-8bd5-4175-afab-082b3c0ff1ff /storage/storage5 ext4 defaults,acl 1 2

The Red Hat tutorial that was linked mentioned this step. I think you also need the ACL library installed, but most distros will already have that by default?

It seems ACLs are better and in ways easier to learn than the chmod approach, so I'll likely just use that for my server (though I'll still learn chmod for the sake of it).

EDIT:

I noticed in your example entry w/ ACL that you have a comma separating defaults and the acl switch, whereas the Red Hat tutorial example omits that. Is that a typo?

Posted: **Fri Oct 05, 2012 6:52 pm**

Is the command below what you're talking about?

LABEL=/work      /work       ext3    acl        1 2

The comma was intentional. That's the correct syntax for multiple options in fstab. The example from RedHat leaves off the defaults option. I haven't tried an entry like that in fstab, but the de facto convention is to use defaults unless you want to restrict some functions.

Defaults specifies rw, suid, dev, exec, auto, nouser, and async. Check the mount manpage or http://linux.die.net/man/8/mount for an explanation of what each ones does.

Kurotetsu wrote:
It seems ACLs are better and in ways easier to learn than the chmod approach, so I'll likely just use that for my server (though I'll still learn chmod for the sake of it).

Using ACLs to control permissions is an odd way to setup a webhost. Most webhosts are setup one of two ways. The first way is where the Apache group is set as the group on the folders/files, and the second way is to add the Apache user to group of the website owner.

Posted: **Sat Oct 06, 2012 9:46 am**

Flatland_Spider wrote:
Using ACLs to control permissions is an odd way to setup a webhost. Most webhosts are setup one of two ways. The first way is where the Apache group is set as the group on the folders/files, and the second way is to add the Apache user to group of the website owner.

Yup, I agree... there's typically no need for ACLs on a web server. It's massive overkill and just over-complicates things. The "classic" *NIX permissions scheme has enough flexibility to handle most use cases without the need to resort to ACLs.

If you're setting up a dynamic (database driven) web CMS with finer grained controls (e.g. normal users, mods, admins, etc.), then that is handled internally by the web app, not at the file system permissions level.

TR Forums

Unix Permissions and Security Tutorial

Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial

Re: Unix Permissions and Security Tutorial