affiliate shirin Bayanan basira
Sakewa Masu bada bayanai Manufar cin zarafi
kai -- burger
Kwamitin sarrafawaControlPanel
Sabar don amsawaAdministrationSSLManajan ISPWindows VPSVPS LinuxVPS don VPN
Bayanan basira Sauƙaƙan umarni don aiki tare da sabis na Riba
Main Bayanan basira Masu amfani da Linux: Gudanarwa da Izini

Masu amfani da Linux: Gudanarwa da Izini

A cikin wannan labarin, za mu bincika mahimmancin masu amfani da Linux da aka tsara yadda ya kamata. Za mu bayyana haƙƙin samun dama, farawa da yadda ake ƙirƙira da daidaita masu amfani da ƙare tare da yadda ake ba da dama ga takamaiman fayiloli da manyan fayiloli. Za mu kuma tattauna wasu mahimman kayan aikin tsaro, irin su sudo da SELinux, waɗanda ke taimakawa kare tsarin daga ayyukan da ba a so.

Table da ke ciki
Rage rage

Muhimmancin Gudanar da Mai amfani da Haƙƙin Samun dama a cikin Linux

A cikin duniyar Linux, sarrafa mai amfani da haƙƙin samun dama suna taka muhimmiyar rawa. Ka yi tunanin Linux a matsayin babban ɗaki inda kowane mai amfani ɗan haya ne kuma kowane fayil ɗaki ne. Gudanar da mai amfani kamar baiwa kowane mai haya maɓalli na musamman, yayin da yancin dama shine abinda zasu iya yi a dakinsu.

Lokacin da aka ƙirƙiri mai amfani, ana sanya su suna da abin ganowa na musamman (UID), kamar maɓalli na sirri zuwa ɗakin. Mai amfani kuma yana da a kungiyar, haɗa su da sauran masu haya. Ƙungiya kamar kulob ne inda membobi ke raba gata daya.

Haƙƙin shiga fayil sun kasu kashi uku: mai (mai amfani), kungiyar, Da kuma wasu. Kowane maɓalli (mai amfani) na iya samun haƙƙinsa na musamman don karantawa, rubutu, da aiwatarwa ga kowane rukuni. Misali, mai fayil yana iya karantawa da rubuta haƙƙoƙin, ƙungiyar - karanta kawai, da sauransu - ba komai.

Kulawa ta musamman ya cancanci manufofin tsaro kamar sudo da kuma SELinux, ana amfani dashi a tsarin Linux. Sudo umarni ne na musamman wanda ke ba masu amfani na yau da kullun damar yin amfani da haƙƙin superuser (tushen) na ɗan lokaci don yin takamaiman ayyuka waɗanda galibi ke samuwa ga masu gudanarwa kawai. Wannan yana taimakawa hana kurakurai na bazata ko rashin amfani da haƙƙin mai amfani. Lokacin amfani sudo, yawanci ana buƙatar mai amfani ya shigar da kalmar sirri don tabbatar da ainihin su. Bayan wannan, za su iya aiwatar da umarni tare da haƙƙin superuser (tushen) daidai da ƙa'idodin da aka saita a cikin zufa fayil.

SELinux ƙarin tsaro ne na tsarin aiki na Linux. Yana lura da waɗanne shirye-shirye da fayiloli za a iya amfani da su a cikin tsarin kuma yana iyakance damar yin amfani da su don hana kutse da hare-hare. Wannan yana sa uwar garken ya fi tsaro ta hanyar hana yunƙurin kutse ko munanan ayyuka.

Ƙirƙirar da Gudanar da Masu amfani

Yadda ake ƙirƙirar mai amfani a cikin Linux

Yawancin masu amfani da Linux ana ƙirƙira su tare da sardawan umarni. Misali, don ƙirƙirar mai amfani mai suna "username", zaku shigar da:

useradd username

Yadda ake saita kalmar wucewa ta Linux

Bayan ƙirƙirar mai amfani, asusunsu ba shi da kariya ta kalmar sirri. Don saita kalmar sirri don sabon mai amfani, yi amfani da passwd umurnin:

passwd username

Inda sunan mai amfani shine sunan mai amfani wanda ake saita kalmar wucewa don shi.

Yadda ake Duba Jerin Masu Amfani a Linux

Don duba jerin masu amfani a cikin Linux tare da umarni ɗaya a cikin tasha, zaku iya amfani da yanke umurnin:

cut -d: -f1 /etc/passwd

Wannan umarni yana karanta abubuwan da ke cikin / sauransu / passwd fayil, wanda ya ƙunshi bayanai game da duk masu amfani.

Don samun bayani game da takamaiman mai amfani, zaku iya amfani da umarnin:

id username

Wannan zai nuna mai amfani UID, GIDON, Da kuma Groups.

Share Mai Amfani da Linux

Don share mai amfani, yi amfani da Mai amfani umurnin:

userdel username

Koyaya, wannan umarnin baya share fayilolin da ke cikin littafin adireshin gida na mai amfani. Don cire su, zaka iya amfani da -r zaɓi:

userdel -r username

Wannan zai share sunan mai amfani tare da kundin adireshin gidansu da duk fayilolin da ke cikinsa.

Gyara Mai Amfani da Linux

Don canza bayani game da mai amfani, yi amfani da manzamana umarni. Kayan aiki yana amfani da syntax:

usermod argument user

Ana nuna cikakken jeri na yuwuwar gardama a cikin taimakon mai amfani:

Taimakon Gudanar da Mai Amfani na Linux

Misali, don canza kundin adireshin gida na mai amfani, zaku yi amfani da umarnin:

usermod -d /new/path/to/directory username

Ƙirƙirar da Gudanar da Ƙungiyoyin Masu amfani a cikin Linux

Ƙungiyoyin masu amfani a cikin Linux suna ƙyale masu gudanarwa su haɗa masu amfani da haƙƙin samun dama iri ɗaya. Wannan yana sauƙaƙe gudanar da haƙƙin samun dama kuma yana haɓaka tsaro na tsarin ta hanyar ba da damar saita haƙƙoƙin a matakin rukuni, maimakon yin haka ga kowane mai amfani daban-daban. A matsayin misali, za mu yi la'akari da rukunin masu haɓakawa tare da mai sarrafa mai amfani.

Yadda ake Ƙirƙirar Ƙungiya mai amfani a cikin Linux

Don ƙirƙirar sabon rukuni, yi amfani da rukuni umarni tare da sunan sabuwar ƙungiya:

sudo groupadd group_name

A cikin misalinmu, umarnin zai yi kama da haka:

sudo groupadd developers

Yadda ake Share Rukunin Masu Amfani a Linux

Don share ƙungiya, yi amfani da rukuni umurnin:

sudo groupdel group_name

Don haka, umarnin:

sudo groupdel developers

Za a share kungiyar mai suna masu ci gaba.

Ƙara Masu amfani zuwa Ƙungiya

Don ƙara mai amfani zuwa takamaiman ƙungiya, yi amfani da manzamana umurnin:

sudo usermod -aG group_name user_name

Misali:

sudo usermod -aG developers admin

Wannan umarnin zai ƙara mai amfani mai suna admin zuwa masu ci gaba kungiyar.

Cire Masu Amfani daga Rukuni

Don cire mai amfani daga rukuni, yi amfani da deluser umurnin:

sudo deluser user_name group_name

Umurnin cire mai amfani admin daga masu ci gaba rukuni:

sudo deluser admin developers

Duba Jerin Rukuni a cikin Linux

Don duba jerin duk ƙungiyoyin da ke cikin tsarin, yi amfani da cat umarni tare da / sauransu / rukuni fayil:

cat /etc/group

Wannan umarnin zai nuna jerin duk ƙungiyoyin da ke cikin tsarin.

Duba Membobin Rukunin Mai Amfani

Bayan aiwatar da ayyuka, zaku iya bincika ƙungiyoyin masu amfani da su ta amfani da umarnin ƙungiyoyi:

groups user_name

Don haka, mun bincika tushen tushen sarrafa ƙungiyoyi masu amfani a cikin Linux. Yanzu, bari mu matsa zuwa mataki na gaba - nazarin aikin haƙƙin samun dama ga fayiloli da kundayen adireshi. Wannan tsari yana ba da damar ƙayyade abubuwan da masu amfani ko ƙungiyoyi za su iya yi game da takamaiman fayiloli da kundayen adireshi, tabbatar da ingantaccen sarrafa tsaro da samun dama ga albarkatun tsarin.

Bayar da Haƙƙin Samun dama ga Fayiloli da kundayen adireshi

Alamar wakilcin Haƙƙin Samun Dama

Kamar yadda muka riga muka gano, akwai nau'ikan masu amfani guda uku a cikin Linux: mai shi (mai amfani), kungiyar, Da kuma wasu. Kowannen su yana iya mallakar wasu ƙungiyoyin samun dama ga fayiloli ko kundayen adireshi:

  1. Karanta (Karanta - r): Yana ba da damar duba abubuwan da ke cikin fayil ko kundin adireshi.
  2. Rubuta (Rubuta - w): Yana ba da ikon gyara fayil ko ƙirƙirar sabon fayil a cikin kundin adireshi. Don kundin adireshi, wannan kuma yana ba da damar share fayiloli daga gare ta.
  3. Execute (Execute - x): Yana ba da izinin aiwatar da fayil ɗin (idan fayil ne mai aiwatarwa) ko shigar da directory (idan directory ne).

A cikin tsarin iyali na Linux, haƙƙoƙin samun dama ana wakilta ta hanyar jeri na haruffa 10. Halin farko yana nuna nau'in fayil ɗin (fayil na yau da kullun, directory, da sauransu), sauran tara kuma rukuni uku ne na haruffa uku ga kowane rukunin masu amfani. Don fahimta, bari mu ɗauki misali.

Haƙƙin shiga -rwxr-xr-- ma'ana:

  1. Halin farko (-) yana nuna nau'in fayil ɗin (a cikin wannan yanayin, fayil na yau da kullun).
  2. Haruffa uku na mai shi (rwx) suna nuna cewa mai shi ya karanta, ya rubuta, da aiwatar da haƙƙoƙin.
  3. Haruffa uku na ƙungiyar (rx) suna nuna cewa membobin ƙungiyar sun karanta kuma sun aiwatar da haƙƙoƙi kawai.
  4. Haruffa uku don wasu (r--) suna nufin cewa sauran masu amfani za su iya karanta fayil ɗin kawai.

An saita haƙƙin shiga ta amfani da chmod umarni, kuma ma'anar kalma tana kama da haka:

chmod [options] mode file(s)

inda:

  1. [zaɓuɓɓuka] - ƙarin sigogi, kamar -R don sake maimaita haƙƙoƙin samun dama a cikin kundin adireshi da ƙananan bayanan sa.
  2. yanayin - kirtani na musamman wanda ke ƙayyadad da waɗanne haƙƙoƙin samun dama aka canza kuma ga wane. Ana iya ƙayyade yanayin ta alamomi (r, w, x) da rago (0 ko 1). Hakanan za'a iya amfani da ƙididdiga masu ƙima (zamu yi magana game da su daga baya)
  3. fayil (s) - fayiloli ko kundayen adireshi waɗanda ake amfani da canje-canje.

Wannan mai amfani kayan aiki ne mai ƙarfi sosai, don haka za mu kalli ƴan ainihin umarni ne kawai a matsayin misali.

Canja haƙƙin samun dama ga fayil domin mai shi ya karanta da rubuta haƙƙoƙin, ƙungiyar ta karanta haƙƙoƙin kawai, kuma sauran masu amfani ba su da haƙƙi:

chmod u=rw,g=r,o= filename

Saita haƙƙin samun dama ga duk masu amfani don karantawa da rubutawa zuwa fayil:

chmod a+rw filename

Canza haƙƙin samun dama akai-akai ga duk fayiloli da kundin adireshi a cikin kundin adireshi:

chmod -R u+rwx directory

Wakilin Lambobi na Haƙƙin Samun Dama

A cikin wakilcin lambobi, kowane nau'in mai amfani (mai shi, rukuni, wasu) yana da lambar sa, kuma haɗin waɗannan lambobi yana saita haƙƙoƙin samun damar ƙarshe. Kama da alama, kowane ɗayan haƙƙoƙin uku yana da ƙimarsa, amma a lamba:

  1. Karanta (karanta) - darajar 4
  2. Rubuta (rubuta) - darajar 2
  3. Kisa (aiki) - darajar 1

Hakanan ana amfani da ƙididdiga masu yawa don tantance nau'in mai amfani:

  1. Mai fayil (mai amfani) - lambar farko
  2. Ƙungiyar mai (ƙungiyar) - lambobi na biyu
  3. Sauran masu amfani (wasu) - lamba ta uku

Don haka, cikakken wakilcin lambobi na haƙƙin samun damar fayil ya ƙunshi lambobi uku, kowanne yana wakiltar jimlar ƙimar haƙƙoƙin ga wani nau'in mai amfani. Wannan ya ɗan fi dacewa fiye da amfani da haruffa 10 a cikin alamar alama. Gudanarwa a cikin wannan yanayin zai yi kama da haka:

chmod XYZ file

inda X, Y, Da kuma Z lambobi ne da ke wakiltar haƙƙin samun dama ga mai shi, ƙungiya, da sauran masu amfani bi da bi.

Misali, don baiwa mai shi cikakken damar shiga (karanta, rubuta, da aiwatarwa), kuma ƙungiyar da sauran masu amfani kawai karantawa da aiwatarwa, kuna iya amfani da umarnin:

chmod 755 file

Bari mu yi la’akari da wasu misalan:

chmod 700 file

Mai shi kaɗai ke da haƙƙin karantawa, rubuta, da aiwatarwa, yayin da ƙungiyar da sauran masu amfani ba su da haƙƙin shiga.

chmod 644 file

Mai shi yana da haƙƙin karantawa da rubutu, yayin da ƙungiyar da sauran masu amfani ke da haƙƙin karantawa kawai.

chmod 751 file

Mai shi yana da cikakkun haƙƙoƙi, ƙungiyar ta karanta da aiwatar da haƙƙoƙin, kuma sauran masu amfani suna aiwatar da haƙƙoƙin kawai.

Kamar yadda muka ambata a baya, kayan aiki yana da ayyuka masu yawa. A wasu lokuta, zaɓuɓɓukan da ke cikin sashin "taimako" ba su wadatar ba:

Kayan aiki don sarrafa haƙƙin shiga cikin Linux

Kula da layi na ƙarshe. Amfani da wannan umarni yana buɗe ƙarin cikakkun bayanai akan kayan aiki. Hakanan zaka iya ziyartar utilities Wikipedia na hukuma shafi, inda zaku sami cikakkun bayanai game da Chmod.

Kammalawa

Masu amfani da Linux da sarrafa su suna da mahimmanci ga tsaro da kwanciyar hankali na OS. A cikin wannan labarin, mun bayyana mahimmancin ingantaccen mai amfani da gudanar da haƙƙin haƙƙin mallaka a cikin Linux, yana rufe ƙirƙira da sarrafa masu amfani, aiki tare da ƙungiyoyin masu amfani, da sanya haƙƙin samun dama ga fayiloli da kundayen adireshi.

❮ Labari na baya Masu gyara rubutu na Linux
Labari na gaba ❯ Ana saita Firewall akan Linux

Tambaye mu game da VPS

A ko da yaushe a shirye muke mu amsa tambayoyinku a kowane lokaci dare ko rana.
ProfitServer
@profitserver
Shiga channel