Basic Linux Learning-sixth day record

2016-08-02

Content of the lesson:

User and Group Management commands

Understanding and Setting File permissions

Default Permissions

Special permissions

File ACL

User and Group Management commands

Profiles for users and groups:/etc/default/useradd (equivalent to useradd-d),/etc/skel (creating a user's home directory profile),/etc/login.defs (modifying the user's password policy configuration)

/etc/default/useradd (equivalent to useradd-d)

[Email protected] ~]# ll/etc/default/useradd-rw-r--r--. 1 root root 119 Mar 6 2015/etc/default/useradd[[email protected] ~]# cat!^cat/etc/default/useradd# useradd defaults f Ilegroup=100home=/homeinactive=-1expire=shell=/bin/bashskel=/etc/skelcreate_mail_spool=yes[[email protected] ~]# Useradd-dgroup=100home=/homeinactive=-1expire=shell=/bin/bashskel=/etc/skelcreate_mail_spool=yes

/etc/skel (Create a user's home directory profile)

[Email protected] ~]# ls-a/etc/skel/.  .. . bash_logout. Bash_profile. bashrc. Mozilla[[email protected] ~]# useradd user111[[email protected] ~]# ls-a/home/use  r111/.  .. . bash_logout. Bash_profile. BASHRC. Mozilla

/etc/login.defs (Modify user's password policy configuration)

User management:

①useradd [Options] LOGIN: Add user

-U: Specify UID

-o:no-uniq, "not unique, with-u use, such as the normal user rights to the administrator"

-G: Specify the group (provided the group must exist)

-G: Adding additional groups

-S: Specify Shell

-C: Add comment content

-M: Do not create home directory

-r:system, creating a system user

Example: Add a user hello, its uid specified 3500, belong to group is 3550, append is root, comment "Hello", System user, cannot login system, and do not create home directory

Useradd hello-u 3500-g 3500-g root-c "Nihao"-r-s/sbin/nologin-m

②usermod [OPTION] Login: User attribute change

-U: Change user uid

-G: Change user Group

-ag: Change user Attach group, direct-G original additional group will be overwritten, if original, then use the-a option to indicate append

-S: Modify shell

-C: Modify annotation information

-L: Lock user cannot log in

-U: Unlocking the user

-l:login_name, modify the user's login name

③userdel [OPTION] ... login

-R: Delete home directory

④PASSWD [OPTIONS] UserName: Modify the password of the specified user, only the root user rights

-L: Lock user

-U: Unlocking

-E: Forcing users to change their password the next time they log in

-N mindays: Specifying the shortest period of use

-X maxdays: Maximum lifespan

-W Warndays: How many days in advance to start warning

⑤chage [OPTION] ... LOGIN: Modify the user's password policy (the/etc/login.defs configuration file is actually modified)

[Email protected] ~]# Chage hillchanging The aging information for hillenter the new value, or press ENTER for the Defaul Tminimum Password Age [0]: Maximum Password Age [99999]: Last Password change (YYYY-MM-DD) [2016-08-01]: Password Expirati On Warning [7]: Password Inactive [-1]: Account expiration Date (YYYY-MM-DD) [-1]:

⑥id [OPTION] ... [User]: View user information

-U:

-G:

-N:

⑦finger UserName: Viewing user information

⑧CHFN: Modifying annotation information

⑨CHSH: Modifying the shell

User Group Management:

①groupadd [OPTION] ... group_name: adding groups

-R: System Group

-g:gid

②groupmod [OPTION] ... Group: Groups Property Modification

-G

-N: New group name

③groupdel Group: Groups Delete

④GPASSWD [OPTION] GROUP: Change Password

-A: Adding group users

-a;user1,user2,...: Set up a list of users with administrative rights

-D: Delete Group users

Bulk add users and change passwords

Bulk Add Users:

First create a file, enter the account you need to add, the format is consistent with the passwd format, and then use the NewUsers command to run the account file

[email protected] ~]# cat User.txt user11:x:3000:3000::/testdir/user11:/bin/bashuser12:x:3001:3001::/testdir/ user12:/bin/bashuser13:x:3002:3002::/testdir/user13:/bin/bashuser14:x:3003:3003::/testdir/user14:/bin/ Bashuser15:x:3004:3004::/testdir/user15:/bin/bash[[email protected] ~]# newusers user.txt

Bulk Change Password:

First create a file, enter the need to bulk Change password account, format "account: Password", and then redirect to the CHPASSWD command to run the account file can be

[email protected] ~]# cat pass.txt User11:centosuser12:centosuser13:centosuser14:centosuser15:centos[[email Protected] ~]# cat pass.txt |chpasswd

Exercise: Manually add a user hive,uid=gid=5000, the additional group is bin

1.vipw2.vigr3.vim/etc/shadow4.vim/etc/gshadow5.cp-r/etc/skel/. /home/hive6.chown-r hive:hive/home/hive7.chmod-r go=/home/hive

File Permissions and administration

File permissions

[Email protected] ~]# lltotal 5280-rw-r--r--. 1 root root 14:48 11111-rw-r--r--. 1 root root 14:41 11.shdrwxr-xr-x. 2 root root 6 1 09:04 1.a.nihaoma

where drwxr-xr-x. refers to the type and permissions of the file

Each three-bit group, corresponding to: U (owner), G (group), O (Other)

Permissions are R (read), W (write), X (Execute)

File:

R: Use the File View class tool to get its contents

W: can modify its contents

X: You can bring this file to the kernel to boot into a process (typically a binary program or a script)

Directory:

R: You can use LS to view the list of files in this directory

W: You can create files in this directory or delete files in this directory "focus on understanding"

X: You can use Ls-l to view a list of files in this directory, and you can enter this directory by CD

x: Give directory x permission only, do not give file X permission

1, chmod who OPT file: Document Permissions Repair

Who:u,g,o,a

opt:+,-, =

Modify a file's owner and owner group

2. chown [OPTION] ... [OWNER] [: [GROUP]] FILE ... : Modify the owner of the file

-R: Recursive

Chown username:groupnamde FILE ... : The owner of the file and the group ""

3. chgrp [OPTION] ... GROUP FILE ... : Modify the genus Group of a file

-R: Recursive

Chown: only Root has permission

CHGRP: Only Root and owner have permission

Default permissions and masks for new files and directories umask

Umask: block the appropriate permission bits from the maximum permissions to derive the default permissions

[Email protected] ~]# umask0022

Default permissions for new files and directories

New file Permission: 666-umask

If the resulting result has an execute (odd) permission on a bit, its permissions +1 "that is, the system does not give the file execute permissions by default"

[[email protected] ~]# umask 113[[email protected] ~]# touch F22222[[email protected] ~]# ll f22222-rw-rw-r--. 1 root root 0 2 20:27 f22222

A bit of file f22222 has execute (odd) permission, then its permissions +1

New DIR Permission: 777-umask

Special privileges: SUID SGID STICKY (SST)

Suid: "Only works in binary executable file", after adding s permission, the running program can run with the command's master identity permission

"When the file itself is the primary u has execute permission x, plus the S permission will show the X-permission position in lowercase s, if there is no X Execute permission, it will become uppercase S"

chmod u+s FILENAME

chmod u-s FILENAME

-rwxr-xr-x. 1 root root 117616 Nov 2015/usr/bin/ls[[email protected] ~]# ll f22222-rw-rw-r--. 1 root root 0 2 20:27 f22222[[email protected] ~]# chmod u+s f22222 [[email protected] ~]# ll f22222-rwsrw-r--. 1 root root 0 2 20:27 f22222

Sgid: Acting on an executable file or directory

chmod g+s filename/documents

chmod g-s filename/documents

When the function is in the file, and the S permission is added, the running program can run with the command's primary identity permission.

When acting on a directory:

By default, when a user creates a file, his or her group is the primary group to which the user belongs, and once a directory is set to Sgid,

"Then a user who has write permission to this directory has a file that is created in this directory that belongs to the group of this directory"

"When the file itself belongs to Group G with execute permission X, and the S permission will display lowercase s in the location of x permission, and if there is no X Execute permission, it will be capitalized S"

Sticky: "A directory with Write permissions typically users can delete any file in that directory, regardless of the permissions or ownership of the file

In the directory settings sticky bit, only the file owner or root can delete the file "

"Only works on the directory."

"When the file itself other user o has Execute permission x, plus the S permission will display the lowercase t in the position of x permission, if there is no X Execute permission, it will become uppercase T"

chmod o+t DIR ...

chmod o-t DIR ...

[Email protected] ~]# ll-d tttt/drwxr-xr-x. 2 root root 2 14:48 tttt/[[email protected] ~]# chmod o+t tttt/[[email protected] ~]# ll-d tttt/drwxr-xr-t. 2 root root 2 14:48 tttt/

Special permission number method:

SUID SGID STICKY

000 0

001 1

010 2

011 3

100 4

101 5

110 6

111 7

Chmod4777/tmp/a.txt

Chattr: Modifying file properties

Only super-privileged users have permission to use this command, which can change file or directory properties on file systems stored on ext2, ext3, Ext4, XFS, Ubifs, ReiserFS, JFS, and so on.

+i: That is immutable, the system does not allow any modifications to this file. If the directory has this attribute, then any process can only modify files under the directory, not allow the creation and deletion of files.

+a:append-only, the system only allows appending data after this file, and does not allow any process to overwrite or truncate the file. If the directory has this attribute, the system will only allow the file to be created and modified in this directory, and no files are allowed to be deleted.

Files access Control list (file ACL)

[Email protected] ~]# ll-d tttt/drwxrwxr-x+ 2 root root 2 14:48 tttt/ll user.txt-rw-rw-r--+ 1 root root 2 09:46 User.txt

The directory or file where the file access control list has been added has the most one displayed as +

Getfacl file |directory: Viewing the current facl situation for files or directories

Setfacl-m u:user:rwx file/document: Add a user's access control list

Setfacl-m G:GROUP:RW file| Directory: Add an Access control list for a group

Setfacl-x u:user file |directory: Delete a user's access control list

Setfacl-x g:group file |directory: Delete the access control list for a group

Setfacl-b file clears all ACL permissions

Basic Linux Learning-sixth day record