Torna alla DocumentazioneUser Management
Create a New User
# Create user with home directory
adduser username
# Non-interactive version
useradd -m -s /bin/bash username
passwd username
Delete a User
# Delete user but keep home
userdel username
# Delete user and their home directory
userdel -r username
List System Users
cat /etc/passwd | grep -v nologin | grep -v false
Sudo Privileges
Add User to Sudo Group
# Debian/Ubuntu
usermod -aG sudo username
# CentOS/AlmaLinux
usermod -aG wheel username
Verify User Can Use Sudo
su - username
sudo whoami
# should respond: root
Sudo Without Password (For Automated Scripts)
nano /etc/sudoers.d/username
Add:
username ALL=(ALL) NOPASSWD:ALL
Passwordless sudo is convenient but increases risk if the account is compromised. Use it only for dedicated system users running automated tasks, not for real users.
File Permissions
Linux uses a permission system based on three subjects: owner (u), group (g), and others (o).
View Permissions
ls -la /path/file
Example output:
-rw-r--r-- 1 www-data www-data 1234 Mar 28 10:00 index.html
drwxr-xr-x 2 root root 4096 Mar 28 09:00 config/
The first field (e.g., -rw-r--r--) indicates:
Change Permissions
# Numeric (most common)
chmod 755 file # rwxr-xr-x: public directory
chmod 644 file # rw-r--r--: text file
chmod 600 file # rw-------: private file (SSH keys)
chmod 777 file # rwxrwxrwx: all permissions (avoid!)
# Symbolic
chmod u+x script.sh # Add execute to owner
chmod g-w file.txt # Remove write from group
chmod o-r file.txt # Remove read from others
# Recursive (entire folder)
chmod -R 755 /var/www/html/
Change Owner
# Change owner and group
chown www-data:www-data file.html
# Recursive
chown -R www-data:www-data /var/www/html/
- Position 1: type (- = file, d = directory, l = symlink)
- Positions 2-4: owner permissions (rw- = read+write)
- Positions 5-7: group permissions (r-- = read only)
- Positions 8-10: others permissions (r-- = read only)
Recommended Permissions for Websites
| Type | Permission | Command |
|---|---|---|
| Site directory | 755 | chmod -R 755 /var/www/html/ |
| PHP/HTML files | 644 | chmod -R 644 /var/www/html/*.php |
| Config files | 600 | chmod 600 .env |
| Executable scripts | 755 | chmod 755 script.sh |
| Upload directory | 775 | chmod 775 uploads/ |
# Typical configuration for a website with Nginx/Apache
chown -R www-data:www-data /var/www/mysite/
find /var/www/mysite/ -type d -exec chmod 755 {} \;
find /var/www/mysite/ -type f -exec chmod 644 {} \;
Groups
# Create a group
groupadd groupname
# Add user to a group
usermod -aG groupname user
# See user's groups
groups username
# See all groups
cat /etc/group
Articoli correlati
Base Server Hardening
Checklist of fundamental security operations to secure a new VPS before putting it into production
Fail2ban: Brute Force Protection
How to install and configure Fail2ban to protect your server from SSH and web brute force attacks
Change SSH Port
How to change SSH port to reduce automatic brute force attempts from bots and scanners on the internet
DeluxHost, fondata nel 2023, offre soluzioni di hosting di alta qualità per diverse esigenze digitali. Forniamo hosting condiviso, VPS e server dedicati con sicurezza avanzata e datacenter globali.
