Linux Management __linux

1. Linux prevents users from logging in one way

Usermod-ldduyoung # #Lock Account Dduyoung

Usermod-udduyoung # #Unlock Account Dduyoung

2. command: Ls–l output Detailed:

such as an output:

-rwxr-xr-x 1 root wheel 430540 Dec 18:27/bin/bash

File permissions Link Number file Owner group file Size file modification time file name

First field:-rwxr-xr-x a symbolic representation of the permissions that contain the special file. The first character (-) in the field specifies the type of the file, which in this case is a regular file. Other possible first characters are:

"D" Directory

"L" symbolic link

"C" character special device file

"B" block specialized equipment files

"P" Advanced first Out

"S" Socket three ternary group

The remainder of the first field consists of three ternary characters. The first ternary character group represents the permissions of the file owner, the second represents the permissions for the file's group, and the third represents the permissions of all other users:

Owner's permission: "Rwx"

Permissions for groups: "R-x"

Other user's permissions: "R-x"

Above, r indicates permission to read (view the data in the file), W indicates permission to write (modify file and delete), and X indicates allow "Execute" (Run program).

3. Some directives:

To view currently used users: WhoAmI

View the group to which the current user belongs: Groups

To view the groups that other users belong to: Groups user

Create an account in a directory: Useradd–d path name

Create a new account to join a group inside: useradd–g Groupsname, multiple groups: USERADD–GGROUPS1,GROUPS2 ... name

Create a group: Groupadd [G Group] Name

Add a user to another group: GPASSWD-A user Group

4. change user and group ownership

With Chown or CHGRP, you can change the owner or group of files or other file system objects, and you cannot use chown unless you are superuser, but anyone can use CHGRP to change the group ownership of files to the group they belong to. Usage:

chown [OPTION] ... [OWNER] [: [GROUP]] FILE

Such as:

# chown ROOT/ETC/PASSWD

# CHGRP WHEEL/ETC/PASSWD

You can also set both owners and groups in another form of the Chown command:

# chown ROOT.WHEEL/ETC/PASSWD

Change a group and owner: Chown user:groups Path

5. usermod: Change the user's data rights:

Usermod [-lu][-c< notes >][-d < Login directory >][-e < expiration >][-f < buffer days >][-g < group >][-g < group >][-l < Account name >][-s][-u [user account]

6. chmod:

Chown and CHGRP can be used to change the owners and groups of file system objects, while another program-called chmod--is used to change the RWX permissions that we see in the Ls-l list.

For example: chmod +x scriptfile.sh

The + in is to add one permission, and-is to reduce one permission, but for all groups.

chmod [who] +x filename, increase who (U: Owner user g: Group Groups;o: Other users other;a: So user all), plus permissions (-to reduce permissions).

Instance:

$ chmod u+xfile Add execution permissions to owner of file

$ chmod 751file assigns read, Write, execute (7) permissions to the owner of file, assigns read, execute (5) permissions to the group where the file is located, and assigns permissions to other users for execution (1)

$ chmodu=rwx,g=rx,o=x Another form of the example in file

$ chmod =rfile Assign Read permissions to all users

$ chmod 444file Previous example

$ chmoda-wx,a+r file in the previous example

$ chmod-ru+r Directory recursively assigns read permissions to the owner of all files and subdirectories under the directory directory

$ chmod 4755 Sets the read, write, and execute permissions assigned to the owner by ID, assigning read and Execute permissions to groups and other users.

7. Numbers and Permissions

R:4 W:2 x:1

8. detailed analysis of SUID and Sgid

Since Suid and sgid work when executing a program (where the program's executable bit is set), and the executable bit makes sense only for normal files and directory files, it makes little sense to set the suid and sgid bits of other kinds of files.

First of all, the suid of ordinary documents and the role of Sgid. Example:

If the normal file myfile belongs to the Foo user, is executable, now does not set the SUID bit, the LS command appears as follows:

-rwxr-xr-x 1foo staff 7734 APR 17:07 myfile

Any user can execute this program. The kernel of UNIX is based on what determines the access of a process to resources. is the (valid) ID of the running user for this process, including the user ID and the group ID. The user can use the ID command to find the user ID and group ID of their own or other users.

In addition to the general User ID and group ID, there are two IDs called effective, which are valid IDs, and the four IDs above are represented as: Uid,gid,euid,egid. The kernel is primarily based on Euid and Egid to determine the process access to resources.

If a process has no suid or sgid bit, then Euid=uid Egid=gid, respectively, is the UID and GID of the user running the program. For example, Kevin User's UID and GID are respectively 204 and 202,foo users of the UID and GID for 200,201,kevin running myfile program formation process euid=uid=204,egid=gid= 202, the kernel based on these values to determine the process of resource access restrictions, in fact, Kevin User access to resources, and Foo does not matter.

If a program is set to Suid, then Euid and Egid become the UID and GID of the owner of the program being run, for example, Kevin User runs myfile,euid=200,egid=201,uid=204,gid= 202, this process has the resource access rights of its owner Foo. The role of SUID is this: to allow users who do not have the appropriate permissions to run the program, you can access the resources he does not have access to. PASSWD is a very clear example. The SUID priority is higher than sgid, and when an executable program sets the suid, Sgid automatically becomes the corresponding egid.