Linux Users Groups
This post is in reference to the associated Github repo at https://github.com/mortie23/linux-users-groups.
Deploy a security model (users, groups and shared directory structure) for Linix system for enterprise data
This package was designed to run on Ubuntu 20.04.
This package has some dependencies including ACLs and JQ which will be outlined in the setup.sh
.
Description
This code repository will create everything required to implement the security model from start to finish.
The structure of the security model is based on a two level organisation structure. The organisation has agencies which comprise of business units. This is represented by:
- Agency NFL
- Business unit 49ers
- Business unit patriots
- Agency NBA
- Business unit Bulls
- Business unit Warriors
Each agency has a shared directory that each business unit can read and write to for files that are shared between business units. Then each business unit has a directory that only they can read and write from.
Getting Setup
Firstly clone the repository to your Linux machine.
Follow the manual steps in setup.sh
.
The administrator account and group is nixadmin
. If you choose to change this you will need to update the ACL files that use this user and group as well.
The example has the root directory for setting up the shared directory structure in /u01/data
. This is a parameter that can be changed before deployment by editing param-files/global.json
.
{
"dataRoot": "/u01/data"
}
Once you have run the manual steps in setup.sh
you need to make the following scrips executable.
sudo chmod +x users-groups.sh
sudo chmod +x dir-agency.sh
sudo chmod +x dir-businessunit.sh
Firstly run this script to create the users and groups. Modify this to suit your organisation, and also update the corresponding ACL files. If you have users and groups from an identity provider such as Active Directory then you will skip this step.
## Create the users and groups
sudo ./users-groups.sh
Usage
Run order of the scripts there after is following:
## Only run this command once for each agency (example agency NFL)
sudo ./dir-agency.sh -p ./param-files/global.json -l a -a nfl
## Only run this command once for each business unit (example business unit Patriots)
sudo ./dir-businessunit.sh -p ./param-files/global.json -l b -a nfl -b patriots
Success
The directories have been deployed as per the security model:
The example user MichaelJordan in {agency: nba, businessunit: bulls}
can change into directories allowed and write files where allowed.