PHASE 06 Intermediate 3 weeks

Users, Permissions, Security, and Remote Access

Objective: Understand how Linux handles users, groups, file permissions, firewalls, SSH, and remote file transfer.

The Mission

In the real world, you don't log in as root. Systems have users. Users have permissions. If you don't understand this, you'll either lock yourself out or leave the door wide open.

Most IT work is done remotely: you won't be sitting in front of the server. You'll be SSH'd in from somewhere else, transferring files, managing configs, and troubleshooting from a terminal connected over a network.

Key concepts

File permissions : Read (r), write (w), execute (x). Octal notation: 755 means owner rwx, group r-x, others r-x.
SSH key pairs : Public key goes on the server, private key stays on your machine. The private key never leaves. Ever.
sshd_config : Server-side SSH config. Disable password auth, restrict which users can connect.
UFW : Beginner-friendly layer over iptables. Manages chains (INPUT, OUTPUT, FORWARD).
SCP : Simple one-off file transfers over SSH
SFTP : Interactive file transfer session over SSH. Like FTP but encrypted.
rsync : Power tool. Synchronizes files between machines. Only transfers what changed. Use for backups.
Principle of least privilege : Every account and process gets the minimum permissions needed. Nothing more.

SSH, firewall, and transfer commands

ssh-keygen -t ed25519 Generate a key pair (ed25519 is the modern standard)

ssh-copy-id user@host Copy your public key to a remote machine

ssh user@host Connect to a remote machine

sudo ufw enable Turn on the firewall

sudo ufw default deny incoming Block all incoming by default

sudo ufw allow 22/tcp Allow SSH

sudo ufw allow from 192.168.1.0/24 to any port 22 Allow SSH from local subnet only

sudo ufw status verbose See all active rules

sudo iptables -L -v -n List all iptables rules

scp file.txt user@host:/path/ Copy a file to remote

rsync -avz ./folder/ user@host:/backup/ Sync folder with compression

The Challenge 9 tasks

1
Create three new users: admin1, dev1, and intern1.
2
Create a group called devteam. Add admin1 and dev1 to it.
3
Create /opt/project so devteam can read and write. intern1 has read-only access. Verify with ls -la.
4
Generate an Ed25519 key pair with a passphrase. Disable password authentication in sshd_config. Connect to your machine via key.
5
Create an SSH config entry for your machine so you can connect with a short alias instead of the full command.
6
Configure UFW: default deny incoming, allow outgoing. Allow SSH from your local subnet only. Allow HTTP (80) from anywhere.
7
Run sudo iptables -L -v -n. Document what you see. Identify which rules UFW created.
8
Use SCP to copy a file to /tmp on localhost. Use rsync to sync course-notes/ to /tmp/course-backup/. Run it twice. Notice the second run transfers almost nothing.
9
Write a brief explanation of what the principle of least privilege means and why it matters. Your own words.

The Log

course-notes/phase-6-security/

users-and-groups.md

Every user/group command, output of ls -la /opt/project and getent group devteam.
ssh-setup.md

Key generation, sshd_config changes, SSH config file entry, and connection test output.
firewall-rules.md

Your UFW rules, ufw status verbose output, iptables output with annotations.
file-transfer-reference.md

SCP, SFTP, rsync commands from your challenges. When to use each.
least-privilege.md

The principle in your own words. Not copied from a website.

Resources

All phases

01 Get a Machine Running 02 Know Your Hardware 03 Learn to Talk to Your Machine 04 Break It, Fix It 05 Networking Fundamentals 06 Users, Permissions, Security, and Remote Access 07 Package Management 08 Services and Self-Hosting 09 Bash Scripting and Automation 10 GitHub and Collaboration 11 Python Programming 12 Professional Communication 13 Capstone Project

Phase 5: Networking Fundamentals

Phase 7: Package Management