One , Status of the problem
The company usually produces hundreds of servers , Even thousands, tens of thousands , There are many operators （ development + Operation and maintenance + framework +DBA). Use it Linux Server time , The level of employees with different functions is different , The familiarity of experienced and novice employees is different , If the authority control is improper （ as root Authority overflow ）, There are great hidden dangers in the security of the server . to this end , The operation and maintenance personnel generally have a set of system user and authority standard specification .
Two , standard specification
The super user password is in the hands of a few or only administrators , You also want multiple system administrators or personnel with relevant permissions , Be able to complete more complex work related to their own functions , It will not lead to system security risks due to ultra vires operation .
* 1, Minimize installation software .
* 2, Minimize directory file permissions .
* 3, Minimize user rights .
* 4, Minimize program permissions
Three , Normative cases
1,root【 System highest authority user 】 Have all rights , User maintenance level .
2,work【 Online business service users 】 Have relevant service control management authority and part of the system authority .
3,user【 Normal user rights 】 Used to log in to the server to view the business log , Configure and run some simple scripts , Right to read , No right to manipulate and manage online business services and system configuration .
4,read readonly account number , Read only after logging on to the server , No write permission .
5,dia【 Dedicated users of log data collection 】 Dedicated users of online business service log data collection , Only have the right to read business service log and run log to grab relevant programs or scripts .