Ii.. File permissions
Iv. ACLs
Useradd command: User-created
Default setting: In the/etc/default/useradd file
-U UID
-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID
-C "COMMENT": User's comment information
-D Home_dir: Home directory with the specified path (not present)
-S Shell: Indicates the user's default shell program available list in the/etc/shells file
-G group1[,group2,...] : To indicate additional groups for the user, the group must be saved beforehand
In
-N Do not create private group master group, use the Users group master Group
-r: Create System user CentOS 6:id<500,centos 7:id<1000
Bulk New User
NewUsers passwd format files are created in batches (only users are created, other files are not yet complete)
CHPASSWD Bulk modification of user passwords
/etc/skel/* Home Directory Storage file (need to copy to user home directory)
Usermod Command: User Property modification
-U uid: New UID
-G GID: New Basic Group
-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten, if original, then use the- a option to indicate append
-S shell: new default shell
-C ' COMMENT ': New annotation information
-D Home: The new home directory is not automatically created, files in the home directory will not be moved to the new home directory at the same time, to create a new home directory and move the original home data, while using the- m option-l login_name: new name
-l:lock specify user, increase in/etc/shadow password bar
-u:unlock Specify the user, will/etc/shadow the password bar! Take it off.
-E YYYY-MM-DD: Indicates user account expiration date
-F INACTIVE: Set inactivity Period
Userdel command: Delete user
-r: Delete User home directory
ID Command: View user-related ID information
ID [OPTION] ... [USER]
-u:uid
-g:gid Show Primary Group
-g:groups Show primary and additional groups
-n:name display user name instead of UID
SU command: Switch users or execute commands as other users
Su [Options ...] [-] [user [args ...]]
Su UserName: Non-logon switch, that is, does not read the target user's profile, does not change the current working directory
Su-username: Login switch, will read the target user's profile, switch to home directory, completely switch
Alternate identity Execution command: su [-] username-c ' command ' (not switching users, just taking advantage of permissions)
passwd command: Set password
passwd [OPTIONS] UserName
Modify the password of the specified user (including the root user), only the root user rights
-L: Lock the specified user
-U: Unlock the specified user
-E: Force user to change password at next logon
--stdin: Receive user password from standard input; echo "PASSWORD" | passwd--stdin USERNAME
Chage command: Modify user Password Policy
chage [option] .... User name (you can group a variety of times to modify user passwords)
-D Last_day
-E,--expiredate expire_date
-I.,--inactive inactive
-M,--mindays min_days
-M,--maxdays max_days
-W,--warndays Warn_days
–l, show password Policy
Chage-m 0–m 42–w 14–i 7 Tom
CHAGE-E 2016-09-10 Tom
Next login force reset password chage-d 0 Tom
Finger command: The finger displays information about the system users.
Finger LoginName
CHFN command: Changing finger information for users to specify personal information
CHSH command: Specify shell
Groupadd command: Create a group
Groupadd [OPTION] ... group_name
-G GID: Specifies the GID number; [Gid_min, Gid_max]
-r: Create System Group; CentOS 6:id<500 CentOS 7:id<1000
Groupmod Command: Modify Group properties
Groupmod [OPTION] ... group (new group name in front, original group name after)
-N group_name: New name
-G GID: New Gid;
Groupdel command: Delete a group
GPASSWD command: Change the group password (followed by the name directly)
GPASSWD [OPTION] GROUP
-A User: Add user to the specified group (users use this group as an additional group)
-D User: Remove users from the specified group
-A user1,user2,...: Set up a list of users with administrative rights
NEWGRP command: Temporarily switch user's basic group, if user does not belong to this group, need group password
Groupmems: changing and viewing Group members
groupmems [options] [action]
Options
-G,--group groupname view the specified group (only root has permission to use this option)
Actions:
-A,--add username specify user Join group
-D,--delete username remove a user from a group
-P,--purge clears all members from the group
-L,--list (with-G group does not have to be followed by other items) displays the list of group members,
Groups [OPTION]. [USERNAME] ... View the list of groups to which the user belongs (action-like ID)
Ii.. File permissions
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/85/64/wKiom1eh86nQmq4kAADz7ZrYU5Q592.jpg "title=" 2016-08-03 06.jpg "alt=" Wkiom1eh86nqmq4kaadz7zryu5q592.jpg "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/85/64/wKioL1eh9oCS8aYmAACo-tO8SJc078.jpg "title=" 2016-08-03 02.jpg "alt=" Wkiol1eh9ocs8aymaaco-to8sjc078.jpg "/>
Suid permissions on executable files
When the user runs the program, automatically inherits the permissions of the master (only valid for binary executable programs, not in the directory)
Permission settings: chmod u+s file ... chmod u-s file ...
Sgid permissions on executable files
When started as a process, the owner of its process is the genus of the original program file
Permission settings: chmod g+s file ... chmod g-s file ...
Sgid permissions on the directory
By default, when a user creates a file, its group is the primary group to which this user belongs
Once a directory has been set to Sgid, the user who has write access to this directory is the group of the groups to which the files created in this directory belong. Typically used to create a collaboration directory.
Permission settings: chmod g+s DIR ... chmod g-s DIR ...
The sticky bit on the directory (no meaning on the file)
Directories with Write permissions typically users can delete any file in that directory, regardless of the permissions or ownership of the file
In the directory settings sticky bit, only the file owner or root can delete the file
Permission settings chmod o+t DIR ... chmod o-t DIR ...
Special permission number method
SUID4 SGID2 STICKY1
When the permission is represented by a number, it is at the front such as chmod 4777/tmp/a.txt
s and S s indicate that having X permission s means no X permission (for the owner and the group)
T with T t means x permission t means no X permission (for other)
Setting file-specific properties
Chattr +i cannot be deleted, renamed, changed
Chattr +a can only increase
Lsattr Display Specific Properties
Iv. Access Control List ACLs
This article is from the "Laugh Monkey" blog, please be sure to keep this source http://xiaomonky.blog.51cto.com/11869371/1834134