Correct operations of applications, services and especially the security of server mainly depend on the assignment of permissions and allocation of ownership. Server based operating systems like Linux, Windows or FreeBSD’s proper functionality mainly depends on above factors.
Wrong permissions may exploit your server to the execution of malicious code. while inappropriate ownership of files and folders may allow hackers to upload their script to your server. Using the resources listed below, you can solve almost 90% of the problems that are caused due to the inappropriate settings of access rights.
Changing the ownership of all folders and files.
Correct assignment of ownership is your first defense in server security. You are going to restrict or block other users and group from access and execution to the server data. Especially, in the shared server this is very compulsory to restrict users to their own home, directories, and files to maintain the secrecy of other users.
Each file or folder has basically three user based groups,
- All Users
Linux uses the
chown command and it has a number of parameters:
- To change ownership of a folder its files and all of its subfolders, you need to apply the command recursively, i.e. with the switch
- You can assign ownership in two ways. By defining owner and group and by solely defining owner only. i.e owner:group or owner.
- Paths to the folders / files to which you want to apply the command. For example,
Thus, the command to change the owner (and owner group) for directories and all sub folders and files will look like this:
sudo chown -R user: group /home/user/dir/
Linux systems use the chmod command to modify the permission of files or folders. It is worth noting that Unix has its own features in this command and the rights associated with. For example, in addition to the owner of a file or folder, you can configure who can perform or execute the tasks and operations. Normally it has the following possibilities, full rights to the owner, rights for owner Group, and rights for other users. You also have the following rights separation:
- The right to run the file.
- Right to modify a file.
- The right to read the file.
For ease of use and storage, the following encoding is used:
Adding these permissions, we get a set of rights granted to the owner/group / another. Let’s analyze this information with an example:
Only the owner has the right to change the file, the owner can read the file, the rest can not do anything, so the permission should be set as:
chmod 640 /media/fileshare/file.txt
All files can be created in the folder, but only the owner sees them:
chmod 622 /media/fileshare/messages/
That everyone could run a program, but the only owner could edit it:
chmod 711 /media/share/exec
To change the rights to all attached files and folders (ie recursively), the “-R” key is used again.
Performing these operations, it is worth understanding – only administrators and the owner of these folders and files can change the rights to files and directories.
Changing the rights to files only or only to folders is the find command. Thus files are designated as a file (f), and directories, accordingly – d. For example:
chmod -R 775 $ (find. -type d)