1. Linux is a multi-user, multi-task operating system, including user accounts and group accounts.
Sub-Account (ordinary user account, Super User Account) in addition to the user account, there is also a group account, the so-called group account is the user account
Set. There are two types of centos group: private group and standard group. When creating a new user, if the group to which the user belongs is not specified, centos
Create a private group that is the same as the user. This private group only includes the user. A standard group can accommodate multiple users.
Standard group, you should specify the group to which a new user belongs when creating a new user. On the other hand, the same user can belong to multiple groups,
For example, lik is the technical director of an organization's leadership group and technical group. Therefore, lik belongs to the leadership group and technical group. When a user
When a user logs on to multiple groups, the group to which the user belongs is the primary group, and the other groups are additional groups.
2. in Linux, the account system files are mainly in/etc/passwd,/etc/shadow,/etc/group, and/etc/gshadow.
File. The basic meaning is not much to mention. The root uid is 0, from 1 to 499 is the standard account of the system, and common users are from uid
Starting from 500.
3. Use commands to manage accounts
Useradd option username // Add new user
Usermod option username // modify an existing user
Userdel-r username // indicates that the user's directory is deleted together.
Groupadd rule group name // Add a new group
Groupmod rule group name // modify an existing group
Groupdel group name // delete an existing group.
Example
Useraddzhh888 // Add a user zh888
Groupaddblog // create a blog Group
Useradd-Gblogzh // indicates creating a new user zh and adding it to the additional blog group.
Useradd-d/var/ftp/pub-Mftpadmin // create a new user ftpadmin. The specified directory is/var/ftp/pub.
Home Directory (-M)
Usermod-Gblogzh888 // indicates to add zh888 to the additional group blog.
Userdelftpadmin // indicates deleting the ftpadmin user.
Userdel-rzhh888 // indicates deleting directories in zh888 and/home together.
Groupdelblog // indicates deleting a blog group.
4. Password Management and Validity Period
After creating a user, you need to add a password to the user, and set the command type passwd for the password.
Passwd option user name passwd-l user name account name // Disable User Account Password
Passwd-S user name // indicates viewing the user account password status
Passwd-u user name // indicates restoring the user account
Passwd-d username // indicates deleting the user account password
5. The chage command is used to protect the password's validity period. This prevents others from guessing the password's time.
Chage option User Name
Parameters include-mdays,-Mdays,-ddays,-Idays,-Edate,-Wdays, and-l.
Example: # chage-m2-M30-Wzhh // indicates that the user zhh within two days cannot change the password, and the password is the longest
The current period is 30 days, and the password expires for 5 days to notify zhh
6. user and group status query command
Whoami // displays the current user name.
Groups user name // indicates the group to which the specified user belongs. If no user is specified, the group to which the current user belongs is displayed.
Id // displays the uidgid of the current user and the list of groups to which the user belongs.
Su-user // indicates to convert to another user. If su indicates to switch to its current user.
Newgrp group name // indicates to convert the current group of the user to the specified additional group, and the user must belong to this group.
7. Modify the owner and the same group
Sometimes you also need to change the owner and group of the file. Only the file owner has the right to change other owners and groups.
Transfer your own files to you. Use the chown command to change the file owner
Chown [-R] <user name or group> <file or directory>
Chownzh888files // change the file owner to the zh888 user.
Chownzh888.zh888files // change the owner and group of file files to zh888.
Chown-Rzh888.zh888files // change the master and group of all files or directories under all directories and subdirectories of files to zh888.
8. Set the file directory and directory generation mask
You can use the umask command to set the default file generation mask. The default generated mask tells the system that a file or directory should not be created.
Permissions granted. If you place the umask command in the environment file. bash_profile, you can control all newly created files and objects.
Access permission.
Umask [a1a2a3]
A1 indicates that permissions of the owner are not allowed, a2 indicates that permissions of the same group are not allowed, and a3 indicates that permissions of others are not allowed.
Umask022 // indicates that the write permission is not allowed for users in the same group and other users.
Umask // display the current default generated mask.
9. Special permission settings
SUIDSGID and sticky-bit have special permissions in addition to general permissions. Some special permissions have special permissions.
Open special permissions to avoid security issues.