In the previous article, we created a new user and enabled ssh key access to the user. This guide covers how to restrict access using permissions.
Login as root
To log in as root, retrieve the root password from Vultr on the specific instance.
On your terminal, log in as root using.
ssh root@ip_address
To demonstrate how permissions work on Linux, we create a testfolder in the new user's directory while logged in as root, then change permissions for the user in that folder.
Test folder
Navigate to the new user home directory
cd /home/wamaitha
Create the testfolder
mkdir testfolder
Navigate to the testfolder, create a text file hello.txt, and populate the txt file with "Hello from root".
# cd into folder
cd testfolder
# create file and populate with echo
echo "Hello from root!" > hello.txt
# view file content of the hello.txt using cat
cat hello.txt
Check folder permissions as shown below
ls -l
The permissions are sectioned into 4; file type, user permissions, group permissions, and other user permissions. The permissions are a combination of read, write and execute. No permissions are denoted by a dash(-),
[file type][user][group][other users]
Root's permissions on the testfolder are
drwxr-xr-x
- d - directory
- rwx - root has read , write and execute permissions
- r-x - the group associated with root has read and execute permissions only
- r-x - other users on the directory have read and execute permission only.
We want to add the user wamaitha to this directory and give them read and write permissions. By default, a new user is created and added to a group of the same name. Check this using the group's command
groups wamaitha
Permissions
Permissions on Linux are given using the chmod command followed by the permission number.
Permission numbers are:
0 = --- (no permissions at all)
1 = --x (execute permission only)
2 = -w- (write permission only)
3 = -wx (write and execute permission only)
4 = r- (read permission only)
5 = r-x (read and execute only)
6 = rw- (read and write permission only)
7 = rwx (read,write and execute permissions)
With this, we can combine these numbers to change permissions. Chmod accepts three numbers. The first number represents the user's permission. The second represents the group permissions, and the third represents permission for all other users.
chmod 744 testfolder
For succinctness, the command above will yield:
- read, write and execute permissions to the current user logged in (root) on the testfolder.
- read permissions to the group (all groups that are added to the folder).
- read permissions to all other users accessing the testfolder (other users like wamaitha).
Execute the command and check the permissions again.
Switch to the new user. If prompted for a password, use the password you used when creating the new user. The new user only has read permissions on the test folder. Thus any execution commands will be denied due to insufficient permissions.
su wamaitha
Resources