Linux User and file Rights management

Source: Internet
Author: User

User and file Rights Management One, Experiment Introduction 1.1 experiment Content
    1. Create, delete users, and user groups in Linux.
    2. The file permission settings in Linux.
1.2 Experimental Knowledge points
    • Linux User Management
    • Linux Rights Management
Second, Linux user management

Through the first lesson, you should already know that Linux is a multi-user login operating system, such as "Li Lei" and "Han Meimei" can both log on the same host, they share some of the resources of the host, but they also have their own user space, for storing their own files. But in fact their files are placed on the same physical disk or even the same logical partition or directory, but due to the Linux user management and permissions mechanism, different users can not easily view, modify each other's files.

Let's take a look at the basics of account management under Linux.

2.1 Viewing users

Please open the terminal and enter the command:

$ who am i或者$ who mom likes

The first column of the output indicates the user name of the user who opened the current pseudo-terminal (to see the user name of the currently logged-in user, remove the space to use directly whoami ), the second column pts/0 represents a pts pseudo-terminal, the so-called pseudo-is relative to the /dev/tty device, remember the last section of the terminal when the seven use c4/>+ [Alt] + [F1]~[F7] to switch the /dev/tty device, this is the "real terminal", pseudo-terminal is when you use in the graphical user interface /dev/tty7 each open a terminal will produce a pseudo terminal, pts/0 the back of that number represents the opening of the pseudo-terminal number, You can try to open a terminal, then enter it inside who am i , see if the second column becomes pts/1 , and the third column indicates the start time of the current pseudo-terminal.

whocommand other common parameters

Parameters Description
-a Print all that you can print
-d Print the Dead process
-m Same am i ,mom likes
-q Print the current number of logged-in users and user names
-u Print current logged in user login information
-r Print Run level
2.2 Creating a user

In a Linux system, the root account has the supremacy of the entire system, such as new/added users.

Root privileges, one of system permissions, and the systems permissions can be understood as a concept, but higher than Administrator permissions, Root is the Linux and UNIX system in the Super Administrator user account, the account has the entire system supremacy of power, all objects he can operate, So many hackers in the intrusion system, you have to elevate permissions to root permissions, using the method of Windows to understand that is to add their own illegal account to the Administrators user group. More like the Android operating system (based on the Linux kernel) to gain root privileges, it means that the phone has been given the highest rights, this time you can do any files on the phone (including system files) to perform all the add, delete, change, check the operation.

We generally log on to the system as a regular account of the login, to create a user needs root permission, this command is used here sudo . However, the use of this command has two large premises, one is that you want to know the current login user's password, and the second is that the current user must be in the sudo user group. Shiyanlou users also belong to the Sudo user group (later on how to view and add user groups).

su,su-and Sudo

su <user>You can switch to users user, you need to enter the password of the target user, sudo <cmd> you can run the cmd command at the privilege level, you need the current user to be a sudo group, and you need to enter the current user's password. The su - <user> command also switches the user, and the environment variable is then changed to the target user's environment variable.

Now let's create a new user named Lilei:

$ sudo adduser lilei

The environment of the experimental building is currently set to Shiyanlou user to execute sudo does not need to enter a password, usually here need to follow the prompts to enter the Shiyanlou password (Linux password input is not to show anything), Shiyanlou user password at the top of the experimental document on the left. Then is to give the Lilei user to set the password, some contents of the following option you can choose direct return to use the default value:

This command not only adds the user to the system, but also creates the home directory for the new user by default:

$ ls /home

Now that you have created the good one user, and you can log in using the user you created, use the following command to switch the logged in User:

-l lilei

Enter the password for the lilei you just set:

Exit Current user You can use exit commands or use shortcut keys as you would exit a terminal Ctrl+d .

2.3 User Groups

In Linux each user has a attribution (user group), the user group simply understand is a set of users, they share some resources and permissions, and have private resources, and the form of home, your siblings (different users) belong to the same home (user group), You can have this family together (shared resources), Mom and dad treat you all the same (share permissions), you occasionally write a diary, others without permission can not view (private resources and permissions). Of course, a user can belong to more than one user group, as you belong to the family, but also belong to the school or company.

How do you know which user groups you belong to in Linux?

Method One: Use the groups command
$ groups shiyanlou

Where the colon is preceded by the user, followed by the user group that the user belongs to. Here you can see that the Shiyanlou user belongs to the Shiyanlou user group, and each time a new user does not specify a user group, the default is to automatically create a user group that is the same as the user name (almost equivalent to the parent's meaning, or mister). By default in the sudo user group, you can use the sudo command to get root privileges. Shiyanlou users can also use the sudo command, why is this not displayed in the sudo user group? To view the /etc/sudoers.d/shiyanlou file below, we /etc/sudoers.d created the file in the directory, giving Sudo permission to the Shiyanlou User:

Method Two: View /etc/groupFile
$ cat /etc/group | sort

This cat command is used to read the contents of the specified file and print it to the terminal output, which will be used in detail later. | sortindicates that the text to be read is sorted in a dictionary and then output, and then you will see the following heap of output, you can see the Shiyanlou user group information at the bottom:

No, it's okay, you can use the command to filter out some of the results you don't want to see:

$ cat /etc/group | grep -E "shiyanlou"

etc/groupFile Format description

The content of/etc/group includes the user group, user group password, GID, and the user that the user group contains, one record per user group. The format is as follows:

Group_name:password:GID:user_list

You see the password field above as a x not that the password is it, but that the password is not visible.

Add other users to the sudo user group

By default, the newly created user is not rooted or the Sudo user group can be added to the sudo user group to gain root privileges:

$ su -l lilei$ sudo ls

Will prompt Lilei not in the sudoers file, meaning that Lilei is not in the Sudo user group, as for the sudoers file (/etc/sudoers) You better not move it now, careless operation will lead to more troublesome consequences.

Use usermod the command to add a user group to the user, and you must have root permission to use the command, you can either use the root user to add a user group to another user, or use the sudo command to get permissions for other users who are already in the sudo user group to execute the command.

Here I use the Shiyanlou user to execute the sudo command to add Lilei to the sudo user group so that it can also use the sudo command to get root privileges:

# 此处需要输入shiyanlou用户密码,可以点击右侧工具栏中的“SSH直连”查看$ groups lilei$ sudo usermod -G sudo lilei$ groups lilei

Then you switch back to the Lilei user and you can now use sudo to get root privileges.

2.4 Deleting a user

Deleting a user is a simple matter:

$ sudo deluser lilei --remove-home

Third, Linux file permissions 3.1 view file permissions

We have used the command many times before, ls as you can see, we use it to list and display the files in the current directory, of course, without any parameters, it will do more than that, and now we need to use it to view the file permissions.

To list files in a longer format:

-l

You may not know the last item except the file name, so what does it mean?

Perhaps you still do not understand, such as the first file type and permissions that a bunch of things exactly what to refer to, what the link is, what is the last modification time, the following one by one ways:

    • File type

About the file type, here's one thing you must always keep in mind that Linux is all files, because this is the device files ( /dev directory has a variety of device files, mostly with specific hardware equipment related) This said. socket: Network sockets, what is the specific, interested users can learn or look forward to the experiment building follow-up related courses. pipepipeline, this thing is very important, we will discuss later, here you first know that there is the existence of it. 软链接文件: The link file is divided into two kinds, the other is of course "hard link" (hard links are not commonly used, the specific content is not the focus of the course discussion, and soft link is equivalent to the shortcut on Windows, you remember this is enough).

    • File permissions

Read permission, indicating that you can use cat <file name> such commands to read the contents of a file, write permission, that you can edit and modify a file;

Execute permissions, usually referred to as binaries or script files that can be run, as files that are suffixes on Windows exe , but Linux does not differentiate file types by file suffix names. One thing you should be aware of is that a directory has both read and Execute permissions to open and view internal files, and a directory with write permission to allow other files to be created, because the catalog file actually holds information such as a list of files in that directory.

Owner permissions, which you should understand, as to the user group permissions, refers to all other users in your user group to the file permissions, for example, you have a pobman, then this user group permissions determine whether your siblings have the authority to use it to destroy it and take possession of it.

    • Number of links

The number of file names linked to the Inode node where the file is located (for the concept of Linux file system related concepts, not in the scope of this course, interested users can understand themselves).

    • File size

With the Inode node size as the size of the file, you can give LS plus -lh parameters to see the size of the file more visually.

Understanding some of the concepts of file permissions, let's add ls some other common uses of commands:

    • Displays . all files except (current directory) and .. (top level directory), including hidden files ( . files that start with Linux are hidden).
$ ls -A

Of course, you can use both -A and -l parameters:

$ ls -Al

To view the full properties of a directory instead of displaying the file attributes in the directory:

<目录名>
    • Show all file sizes and present them in a way that ordinary humans can understand:
$ ls -AsSh

Where small S is the size of the display file, big S is sorted by file size, and if you need to know how to sort by other means, use the "man" command to query.

3.2 Change file Owner

Assuming that the Lilei user is currently logged in, create a new file named "Iphone6":

$ touch iphone6

The visible file owner is Lilei:

Now, to change back to the Shiyanlou user identity, change the file owner to Shiyanlou using the following command:

$ cd /home/lilei$ ls iphone6$ sudo chown shiyanlou iphone6

Now check to see that the file owner was successfully modified to Shiyanlou:

3.3 Modifying file permissions

If you have a file that you do not want to be read, written, or executed by another user, then you need to modify the permissions of the file, there are two ways:

    • mode 1:2 binary digit representation

Three sets of permissions for each file (owner, owning user group, other user, remember this order is certain) corresponds to a "rwx", that is, a "7", so if I want to change the file "Iphone6" permission to only I can use it then:

To demonstrate, I'll add some content to the file:

echo "echo \"hello shiyanlou\"" > iphone6

Then modify the permissions:

chmod 700 iphone6

Now, other users can't read this "iphone6" file anymore:

    • Mode two: Add and subtract assignment operation

To accomplish the same effect as above, you can:

chmod go-rw iphone6

g, as o well as u the group, others, and user respectively, + and respectively, to - add and remove the corresponding permissions.

Four, more adduserAnd useraddWhat is the difference?

A: Useradd only create users, created by using passwd Lilei to set the new user's password. AddUser will create a user, create a directory, create a password (prompting you to set up), do this series of operations. In fact, Useradd, userdel such operations more like a command, after the execution of the return. And adduser more like a program, you need to enter, determine a series of operations.

Linux also has some content about hidden permissions and special permissions, and users who want to fully understand the content of Linux Rights Management can learn in other ways.

V. Homework

Add a user loutest , use sudo Create file /opt/forloutest , set to user loutest can read and write. And the operation process is written into the experimental report.

Tip: How do I create a file? You can consider the touch command, which can create an empty file. If you don't know what touch is, we've talked about it in the last lesson.

Linux User and file Rights management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.