Differentiation of user access rights in the operating system is a difficult theme, but indispensable. Depending on the operating system, there are different rules and standards. We will tell you about this on Ubuntu operating system.
Administrator rules
If you want to use privileged commands, the user must have rights as a system administrator at least. By default, the operating system disables the enhanced privilege level of any user. To upgrade this level, we will use this command:
Now user with the name “username1” added to the group sudo and he is an administrator of the operating system. He can use an operating system setting and had an access to the /dev directory with attachments. Most of the privileges of administrators are the same with superuser possibilities, but they are not complete.
How to set a prohibition
In corporate information systems, most of the operating systems are multi-user. So, it is necessary to differentiate access rights for each owner. To do this, use chmod command, for example:
This command means that only the root-user had a right to use ls command. For everyone else, access will be denied.
Now we will look at another situation. We had a user with “username1” as a name. He is needed to be restricted in using ls command. To do this, we will create a user group “usergroup1”. In this group, we will transfer everyone except “username1”.
sudo useradd -G usergroup1 <username2, username3>
Second code line is adding users “username2″,”username3” and etc to group “usergroup1”.Let’s restrict the rights to run the ls command. Only “usergroup1” users could use it.
sudo chmod 754 $(which ls)
Now user who is not in the usergroup1 can’t activate ls.
A little about file /etc/sudoers
Sudoers includes information about users, which can use sudo.To open the file, we will use special utility visudo.
The information which includes inside:
Screenshot №1. Content of sudoers.
Let’s speak more about this line:
Screenshot №2. Set rules.
%sudo means, that the following rule applies to the sudo group. We don’t need % if we set rules only for one individual user.
The first variable ALL explains how to apply the rule to all IP addresses. Second and third ALL is a specified user or group can use commands in the session of any user or group. Fourth ALL means, that this template applies to all commands.
For example, we need to set rules to use utility apt-get for the admin group.
Alias (nicknames)
Aliases are used for easy differentiation of access rights. They combine one or more values into a single argument. For example, let’s set a more convenient name for the cloud storage IP address.
CLOUD – nickname, which specified in the arguments instead of the IP address.
If necessary, aliases are used to combine users into a single group.
, where Name – is a nickname, а user1, user2 – are user names. The Alias utility is also available for commands, so we combine the list of instructions into a single group.
- name – arbitrary name for the list of commands;
- cmd1, cmd2 – list of commands which are separated by commas.