CENTOS6 User and Rights management

What is a user?
The user is an identity, is the system operator's McCartney
Why do I need users?
Linux is a multi-user multitasking operating system for Linux, which means that many people can operate a system at the same time, which requires identity to identify the operator, and then divide the permissions for each or any user.
What are permissions?
For a computer, permissions are the scope of the user's ability to perform operations
Why do I need permissions?
System security is the first element, the division of permissions can avoid ordinary user error operation on the system, the person who can use the administrator account must have a good understanding of the system, before performing operations to clarify what they are doing, the impact of operations


Process also requires permissions, management system, in fact, we do just start a program for the process to help us manage, process permissions are the START process user rights

Permission model;
readable; r
writable; w
executable; x
Division of System Identities
User;
Group;
The document belongs to;
Master; owner
Genus: Group
Others: Other

The R,w,x permissions model for each class in the 3 class that the file belongs to


User Management commands:
Useradd; add a user
Useradd [OPTIONS] USERNAME
-u: Specify user uid
-G; Specify user gid (the specified group needs to exist beforehand)
-G; Specifies the user's additional group (the specified group needs to exist beforehand)
-S; Specify the default shell
-r; Create System user
-D; Specify user home directory
-C; Set Note information
Groupadd; add a group
Group [OPTIONS] GROUPNAME
-G; Specify GID
usermod; Modification of user information
Usermod [OPTIONS] USERNAME
-U; Modify UID
-G; Modify GID
-G; Modify additional groups (overwrite the original add-on group, plus-A is required)
-D; Modify the home directory (and use the-m option to move the configuration file over together)
-L; Modify the new login name
-S; Modify the default shell
-e; Change the password expiration time
-F; Modify user inactive time period
-L; Lock user
-U; Unlock user

A few terms about the user's password;
Maximum period of use;
Minimum period of use; the shortest time the password is modified again
Password expiration prompt time, this time is the ' Maximum password time ' before the time, beginning to prompt to change the password
User inactive period, refers to the password expires, the login force requires users to change the password time, during this time, as long as the user login system, will be forced to change the password, otherwise not allowed to login

Groupmod; Group modification
Groupmod [OPTIONS] GROUPNAME
-G; Modify GID
-N; Modify the new group name

Userdel; Delete a user
Userdel [OPTIONS] USERNAME
-R; Delete home directory together (default does not delete home directory)

Groupdel; Group Delete
Groupdel GROUPNAME

passwd; Change the password
passwd [OPTIONS] USERNAME
-l; Lock user Password, unable to login
-u; Unlock user password
-E; Directly expire the user's password into a non-active period

gpasswd; Group password setup and management
GPASSWD [OPTIONS] GROUP
-A; Add a user into a group
-D; Remove a user from a group
-R; Delete Group password

NEWGRP; Login to new group (need to get group password)
Newgrp GROUP
Valid only for the current login process, and then restore the original base group after logging out

Chsh; Change the default shell
Chsh [OPTIONS] [USERNAME]
-S; Modify the default shell
-l; List the shell of the current system

CHFN; set up user information
CHFN [-F full-name] [-O Office], RB [-P office-
Phone] [-H Home-phone]-u] [-v] [username]

SU; Switch user
Su [-] username
Add-Indicates that the user profile is loaded

Example
1. Add user Hadoop, specify its home directory as/testhome,uid=1200 additional group is testgroup, default shell is tcsh
2. Modify the user Hadoop, move home directory and user profile together to/home/newhome, change its default shell to bash, add an additional group as NewGroup
3. Login to bash Group
4. Delete User Hadoop, delete home directory together


Rights Management commands;
chown; Modify the file owner (also can modify the genus group)
chown [OPTIONS] owner[:group] FILE ...
chown [OPTIONs]--reference=rfile FILE ...

chgrp; Modify a file group
CHGRP [OPTIONS] GROUP FILE ...
chown [OPTIONS]--reference=rfile FILE ...

chmod; Modify file permissions (three modes of empowerment)
(1) chmod [OPTIONS] mode[,mode] ... FILE ...
Group of the genus U;user
Group of the genus G;group
O;other other users
A;all All
Based on U,g,o,a empowerment, use =,+,-to
=; Specify user-type permissions
+/-; individual permission bits for the user

(2) chmod [OPTIONS] Octal-mode FILE ...
Use the 3-bit 8-digit permission model to assign weights
---0
--x 1
-w-2
-WX 3
r--4
R-x 5
Rw-6
RWX 7


(3) chmod [OPTIONS]--reference=rfile FILE ...
To assign the current file with reference to other file permissions

umask; Permission Mask Code
File mask code; 666
Catalog mask Code; 777
User masking code; # Umask
The user creates the file by default does not allow the execution permission, if the file mask code minus the user mask code, the permission bit appears to execute, the permission is the result +1, is the execution permission invalidation


Example
1. Change the Tmp/testfile and owner group to root
2. Change the/TMP/NEW_PASSWD group permission to RWX, the group to RW, the other user does not have permission
3. Modify the/tmp/passwd file permissions with the octal permission model the master is readable executable, the group is readable writable, other users are readable
4. Modify/TMP/NEW_PASSWD file permissions According to the/tmp/rc.sysinit permissions model

This article is from "Rock blog" blog, please be sure to keep this source http://johnsonxu.blog.51cto.com/11214707/1750622

CENTOS6 User and Rights management