CentOS users and permissions

1. user Management 2. user Group 3. permission Assignment 1. View user-related file commands: 1. cat2.more3. head/etc/passwd # view the top 10 lines of the file 4. head-2/etc/passwd # view the first two lines of the file. tail/

1.User Management

2.User Group

3.Permission allocation

 

1. View user-related file commands:

1. cat

2. more

3. head/etc/passwd # view the top 10 lines of the file

4. head-2/etc/passwd # view the first two lines of the file

5. tail/etc/passwd # view the last 10 lines of the file

6. tail-f/etc/passwd # the last 10 rows of files tracked in real time

6. tail-2/etc/passwd # view the last two lines of the file

7. wc-l/etc/passwd # display the number of objects

8. nl/etc/passwd # print the file content directly and display the row number

Root : X :0 :0 :Root :/Root:/bin/bash

 

User name: The user name should not be too long. Niejunzhong-"njz

X: password reserved. The previous password stored in linux

Uid user ID

Gid default group id. The system creates a group with the same name by default.

Description description

Default directory after logon

Shell default bash used by the command interpreter

 

Password file shadow

Etc/passwd Each user has the read permission. The earlier password is placed in the password bit.

Man-5 shadow

Login name: Encrypted password: last Modification time: Minimum Interval: maximum interval: Warning Time: account idle time: Expiration Time: flag.

 

Time: 1969Macon.Thomas developed unixPrototype LinuxBirth 1970 1Month 1Day

Root Superuser By default, you do not have the write permission, so you can modify or delete it.

 

Pwconv Password write-back The password is first written to passwd. Then convert to shadow.Medium

 

PasswdCommand ls-l/usr/bin/passwd

Why can a common user change the password?

 

SetUIDDefinition: When an executable program has a SetUIDPermission. when a user executes this program, it will be executed as the owner of the program.

PasswdThe owner of ISRoot All common users change the passwordRootThe owner to execute this command.

 

Modify user configuration file to add user (principle)

Username/etc/passwd

Password/etc/shadow

1,Vi/etc/passwd User name Uid gid Description Home directory shell

2,Mkdir Create a home directory Chown User Directory

3,Vi/etc/shadow

In this case Yes Command prompt is different

4,Cd/etc/skel All the files are hidden ls-.

5,Cp skelFile Home directory of the new user

 

User configuration file/etc/

Login. defs Configure email Maximum interval Minimum time interval (rootNot Limited) Automatically create directory Umask

Etc/default/useraddDefault directory of the home directory Whether the account is disabled Account expiration time

 

Logon information

Before logon: etc/issue Avoid exposing system version information

After logon:/etc/motd internal information wall broadcast

 

User type:

Linux users are divided into three types:

Super User rootUid = 0

Common UserUid 500-60000

Pseudo User:Uid 1-499

 

UidIs0The user is called a super user, before the command prompt[] # Ls

 

Pseudo-user

1,Pseudo users are related to systems and program services.

Bin, baemon, shutdown, halt, etc. by default, any linux system has these pseudo users

Mail, news, games, apache, ftp, mysql, and sshd are related to processes in linux.

2,Pseudo users generally do not need or cannot log on to the system

3,You can have no home directory

 

II. user management:

1.Create User

Useradd user1

2.Delete a user

Userdel-r user1

3.Change password

1) passwd user1

2) echo 123 | passwd -- stdin user1

4.View Users

Id user1

 

III,Files affected by users

If you useUserdelDelete: you can delete or create a new file by deleting the affected files.

1)/etc/passwd

2)/etc/shadow

3)/etc/group

4)/var/spool/mail

5)/home

 

1)/etc/passwdUser attributes

User1: x: 500: 500:/home/user1:/bin/bash

1-1) User name

1-2) User password file/etc/shadow

1-3) User uid

1-4) the gid of the user group

1-5) user description

1-6) user's home directory

1-7) log on to the shell

User Category

1-1) superuser

1-2) system users

1-3) common users

2./etc/shadow

1)Encryption method:Grub-md5-crypt

2 )!! The user has no password.

3 )! $ The user is locked.

 

3./etc/group

User1: x: 500:

Group name: group password bit:

 

4./home

1) Home directory of user1

/Home/user1

2) delete a user

Userdel-r user1

# If userdel user1 is deleted, the user's home directory and user's email address will be left behind.

 

5.Manage user commands-Usermod

1) lock a user

Usermod-L user1

2) unlock a user

Usermod-U user1

3) after the user is locked,/etc/shadow

! $1 $ Ttyif4Oi $ piuprg8yV9. FGc4MzA4EP0

# One will appear before the password!

 

 

IV. group management:

1.Create Group

Groupadd grp1

2.Delete Group

Groupdel grp1

3.User and group management:

1. add users to the group

1). usermod-g grp1 user1

2). usermod-G grp1 user1

3). gpasswd-a user1 grp1

# Add user1 to the grp1 Group

2. delete a user from a group

1). gpasswd-d user1 grp1

# Delete user1 from the grp1 Group

 

 

Other user commands:

Finger UserThe host logon time, logon time, emails, and scheduled tasks

Su UserSwitch User

Passwd-S UserView the user's password status.

Who and w view current user

Batch add user command loop + echo '000000' | passwd -- stdin user

Gpasswd-a user1 grap1

Gpasswd-d user1 grp1

 

V,Relationship between users and files-Permission:

 

1. chmod

2. chown

3. setuid

4. setgid

5. sudo

6. acl

 

 

1. chmodAuthorization method

1) chmod 755/mnt

2) chmod a + x file

3) umask file permission mask, which determines that the folder permission is 755, and the file permission is 644.

4) view the permissions of a single directory

Ls-ld mnt/

5) switch users on the current terminal

Su-user1

 

2. chownChange owner and group

Chown user4 test

# Change owner to user4

Chown: user4 test

# Change the group to user4

Chown user4: user4 test

# Changing the owner and group at the same time

 

3. SetUID

Operation object: Execution program

-Rwxr-xr-x root file

-Rwsr-xr-x root file

Find the setuid program find/-perm-4000-o-perm-2000

Purpose: Once a command is executed with s-bit, all others execute the command as the owner.

How to add s bit:

1) chmod u + s/bin/touch

2) chmod 4755/bin/touch

4 2 1 setuid setgid t bit

 

4. setgid

Operation object: folder

Purpose: set setgid for the directory. the subfolders under the Directory also inherit the gid permission of the parent folder.

Chmod g + s test

Chmod 2755 test

 

5. tBit Stick bitwise

Operation object: The Directory permission is 777

Purpose: you can only delete your own items in a public folder.

Chmod o + t/tmp

Chmod 1777/tmp

 

6. sudoAuthorization

1) echo $ PATH

# This environment variable determines the path in which you can directly find the execution program

2) set sudo

2-1) replicate do

2-2) vi/etc/sudoers

# Method 2 not recommended

User1 localhost =/usr/sbin/useradd user5,/usr/sbin/userdel-r user5,/sbin/service httpd restart

3 )! Str # execute the last command starting with str in history

 

7. aclAuthorization

1) set permissions

Setfacl-m u: user1: rwx/test

2) view permissions

Getfacl/test

3) delete the permissions of user1 on/test.

Setfacl-x u: user1/test

4) delete all acl permissions on/test

Setfacl-B/test

5) set the default acl permissions

Setfacl-m d: u: user1: rwx test

# Future subdirectories of the current directory will inherit the acl permission of the Directory