Differentiation of user access rights

Restricting customer rights in the os is a facility however essential subject. Depending on the operating system family, there are various regulations and criteria. Allow’s take a closer take a look at exactly how this happens in OS.

Administrator rights

To run privileged commands, the user has to have at the very least system administrator civil liberties. By default, the operating system disables raised privileges for any type of individual. To increase , utilize the adhering to command.
usermod -a -G sudo username1

Now a customer called username1 has been included in the sudo group and also is an administrator for the os. It has to OS setups, along with accessibility to the/ directory with accessories. The majority of administrator opportunities resemble superuser benefits, yet they are incomplete.

How to set a ban

In corporate information systems, most operating systems are multi-user. Accordingly, it is necessary for each owner to differentiate access rights. To do this, use the internal chmod command, :
sudo chmod o-x $(which ls)>

The above line means that only root is allowed to run the ls command. All others will be denied access.

Let’s consider another situation. There is a user named username1. He needs to restrict access to the ls command. To do this, create a user group usergroup1, to which we will transfer everyone except username1.
sudo groupadd usergroup1
sudo useradd -G usergroup1

The second line adds users username2, username3, etc. to the usergroup1 group. Let’s restrict the rights to run the ls command. Only members of usergroup1 can activate it.
sudo chown :group2 $(which ls)
sudo chmod 754 $(which ls)

Now a non-member of usergroup1 will not be able to activate ls.

A little about the /etc/sudoers file

Sudoers contains information about users who can use the sudo utility. To open the file, we use the special visudo utility.
visudo /etc/sudoers

Inside contains the following information:

Screenshot #1. The contents of sudoers.

Let’s talk more about the line:

Screenshot #2. Set rules.

%sudo means that the following rule applies to the sudo group. If we set rules for a specific user, then % is not needed.

The first variable ALL stands for how to apply the rule to all IP addresses. Second and third ALL – the specified user or group has the right to execute commands in the session of any user or group. The fourth variable means that this pattern applies to all commands.

For example, you need to set the rights to run the apt get utility for the admin group.
%admin ALL=(ALL)NOPASSWD:/usr/bin/apt-get

Alias ​​(aliases)

Aliases are used for the convenience of differentiating access rights. They combine one or more values ​​into one parameter. For example, let’s assign a more convenient name to the IP address.

Host_Alias CLOUD =

CLOUD is an alias that is specified in the parameters instead of an IP address.

If necessary, aliases are used to group users into one group.

User_Alias Name = user1,user2,...
, where Name is an alias, and user1, user2 are usernames. The Alias ​​utility is also available for commands, i.e., we combine the catalog list into a single group.

Cmnd_Alias Name = cmd1,cmd2

  • name – arbitrary name for the list of commands;
  • cmd1, cmd2 – listing commands separated by commas.

For example, let’s combine package updates into an alias:

cmnd_Alias APT = /usr/bin/apt-get update,/usr/bin/apt-get upgrade


Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!