Linux Users, Groups & Permissions
DevOps Level Mastery: Protecting Your Production Infrastructure
Linux Users, Groups & Permissions
DevOps Level Mastery: Protecting Your Production Infrastructure
1. Introduction (ELI5)
In DevOps, we follow the Principle of Least Privilege—yani kisi ko utna hi access do jitna kaam ke liye zaroori ho!
2. Deep Dive Concepts
What is a User?
A user is an account that can own files and run tasks. Linux identifies users by a unique number called UID.
- Root User (UID 0): The “God Mode”. Yeh system mein kuch bhi kar sakta hai.
- Normal User (UID 1000+): Regular users like
sumit_devorjenkins. Unka access limited hota hai.
What are Groups?
Groups are collection of users. DevOps mein hum 50 developers ko individually permission nahi dete, hum unhe ek dev-team group mein daal dete hain aur group ko permission dete hain.
File Ownership & Permissions (r, w, x)
3. Commands Toolbox 🛠️
Add a new User:
# Ye command naya user aur uska home directory banata hai.
Change Password:
# User ka password set karne ke liye.
Change Permissions (chmod):
# Owner=Full(7), Group=Read/Exec(5), Others=Read/Exec(5).
Change Ownership (chown):
# File ka owner sumit aur group dev-team set karta hai.
4. Real-World DevOps Scenarios (10-12 Examples)
Situation: Sensitive config file hai.
chmod 400 config.yamlResult: Only owner can read, baaki sab blocked.
Situation: Aapne backup.sh script likhi hai.
chmod +x backup.shResult: Ab ise ./backup.sh se run kiya ja sakta hai.
Situation: Key file permissions agar 777 hui toh Linux login block kar dega.
chmod 600 my_key.pemResult: Highly secure. Real DevOps me ye har roz use hota hai.
Situation: Log files delete nahi honi chahiye.
chmod 444 app.logResult: Read-only for everyone.
Situation: Tester ko automation suite run karna hai.
chmod g+x automation_test.pyResult: Tester group wale use run kar payenge.
chmod 770 /mnt/shared_dataResult: Sirf Owner aur Group full kaam kar sakte hain, Others blocked.
…and many more scenarios like Deployment user setup (giving specific sudo rights) and Restricting sensitive files in Production.
🚀 Project 1: Secure Web Server Access
Scenario: Web server folder /var/www/html ko secure karna hai taaki sirf web-devs group kaam kare.
sudo usermod -aG web-devs amit_dev
sudo chown -R root:web-devs /var/www/html
sudo chmod -R 775 /var/www/html
Result: Web developers code upload kar payenge, par public sirf website dekh payegi (Read access).
🚀 Project 2: Multi-User Production Server
Scenario: Server par 3 roles: Admin, Developer, aur Tester.
- Admin:
sudo usermod -aG sudo admin_user(Full Power) - Dev:
chmod 750 /apps/code(Read/Exec for code) - Tester:
chmod 550 /apps/tests(Execution only)
Summary (Key Takeaways) 🎯
- Root (UID 0) is the King. Use it wisely.
- 4-2-1 rule: 4=Read, 2=Write, 1=Execute.
- chmod badalta hai *Kya* kar sakte hain (Permissions).
- chown badalta hai *Kaun* kar sakta hai (Ownership).
- DevOps Mantra: Kabhi bhi file ko 777 permission mat do production mein! ⚠️
