DAY5: User groups and Rights Management (2)

August 2, the main contents of the study are:

One, user and group management commands

Ii.. File permissions

Third, special permissions

Iv. ACLs

One , user and Group management commands

• Useradd command: User-created

  Default setting: In the/etc/default/useradd file
  -U UID

  -G GID: Indicates that the user belongs to the basic group, can be a group name, or GID

  -C "COMMENT": User's comment information

  -D Home_dir: Home directory with the specified path (not present)

  -S Shell: Indicates the user's default shell program available list in the/etc/shells file

  -G group1[,group2,...] : To indicate additional groups for the user, the group must be saved beforehand
  In
  -N Do not create private group master group, use the Users group master Group

  -r: Create System user CentOS 6:id<500,centos 7:id<1000

  
  

• Bulk New User

  NewUsers passwd format files are created in batches (only users are created, other files are not yet complete)

  CHPASSWD Bulk modification of user passwords

  /etc/skel/* Home Directory Storage file (need to copy to user home directory)

  
  

• Usermod Command: User Property modification

  -U uid: New UID

  -G GID: New Basic Group

  -G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten, if original, then use the- a option to indicate append

  -S shell: new default shell

  -C ' COMMENT ': New annotation information

  -D Home: The new home directory is not automatically created, files in the home directory will not be moved to the new home directory at the same time, to create a new home directory and move the original home data, while using the- m option-l login_name: new name

  -l:lock specify user, increase in/etc/shadow password bar

  -u:unlock Specify the user, will/etc/shadow the password bar! Take it off.

  -E YYYY-MM-DD: Indicates user account expiration date

  -F INACTIVE: Set inactivity Period

  
  

• Userdel command: Delete user

  -r: Delete User home directory

  
  

• ID Command: View user-related ID information
  ID [OPTION] ... [USER]

  -u:uid

  -g:gid Show Primary Group
  

  -g:groups Show primary and additional groups

  -n:name display user name instead of UID

  
  

• SU command: Switch users or execute commands as other users
  Su [Options ...] [-] [user [args ...]]
  Su UserName: Non-logon switch, that is, does not read the target user's profile, does not change the current working directory
  

  Su-username: Login switch, will read the target user's profile, switch to home directory, completely switch

  Alternate identity Execution command: su [-] username-c ' command ' (not switching users, just taking advantage of permissions)

  
  

• passwd command: Set password

  passwd [OPTIONS] UserName

  Modify the password of the specified user (including the root user), only the root user rights

  -L: Lock the specified user

  -U: Unlock the specified user

  -E: Force user to change password at next logon
  --stdin: Receive user password from standard input; echo "PASSWORD" | passwd--stdin USERNAME

  
  

• Chage command: Modify user Password Policy

  chage [option] .... User name (you can group a variety of times to modify user passwords)
  -D Last_day

  -E,--expiredate expire_date

  -I.,--inactive inactive

  -M,--mindays min_days

  -M,--maxdays max_days

  -W,--warndays Warn_days

  –l, show password Policy
  Chage-m 0–m 42–w 14–i 7 Tom

  CHAGE-E 2016-09-10 Tom

  Next login force reset password chage-d 0 Tom

  
  

• Finger command: The finger displays information about the system users.

  Finger LoginName
  

  CHFN command: Changing finger information for users to specify personal information

  CHSH command: Specify shell

  
  

• Groupadd command: Create a group

  Groupadd [OPTION] ... group_name

  -G GID: Specifies the GID number; [Gid_min, Gid_max]

  -r: Create System Group; CentOS 6:id<500 CentOS 7:id<1000

• Groupmod Command: Modify Group properties
  

  Groupmod [OPTION] ... group (new group name in front, original group name after)

  -N group_name: New name

  -G GID: New Gid;

• Groupdel command: Delete a group

• GPASSWD command: Change the group password (followed by the name directly)

  GPASSWD [OPTION] GROUP
  -A User: Add user to the specified group (users use this group as an additional group)

  -D User: Remove users from the specified group

  -A user1,user2,...: Set up a list of users with administrative rights

• NEWGRP command: Temporarily switch user's basic group, if user does not belong to this group, need group password

• Groupmems: changing and viewing Group members

  groupmems [options] [action]

  Options

  -G,--group groupname view the specified group (only root has permission to use this option)

  Actions:

  -A,--add username specify user Join group

  -D,--delete username remove a user from a group

  -P,--purge clears all members from the group

  -L,--list (with-G group does not have to be followed by other items) displays the list of group members,

• Groups [OPTION]. [USERNAME] ... View the list of groups to which the user belongs (action-like ID)

Ii.. File permissions

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/85/64/wKiom1eh86nQmq4kAADz7ZrYU5Q592.jpg "title=" 2016-08-03 06.jpg "alt=" Wkiom1eh86nqmq4kaadz7zryu5q592.jpg "/>

• Chown command: Modify the owner and owner group of the file

  Chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

  chown  root:admins  testfile
  

  Usage:

  OWNER

  Owner:group

  : GROUP

  The colon in the command is available. Replace;

  -R: Recursive

  Chown [OPTION] ...--reference=rfile FILE ...

•  chgrp: Modify the genus Group of files

   

The permissions for the

• file are defined primarily for three types of objects: Owner: Master, u group: Genus, G other: Others, O

  Each file has three permissions defined for each type of visitor: r:readable w:writable X:exc Utable

• For files:

      r: Use the File View class tool to get its contents

      w: Can modify its contents

      x: This file can be drawn to the kernel to boot into a process

  for directories:

      r: You can use LS to view a list of files in this directory

       W: Files can be created in this directory, or files in this directory can be deleted

      x: You can use Ls-l to view a list of files in this directory, and you can enter this directory by CD

      

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/85/64/wKioL1eh9oCS8aYmAACo-tO8SJc078.jpg "title=" 2016-08-03 02.jpg "alt=" Wkiol1eh9ocs8aymaaco-to8sjc078.jpg "/>

Example: 640:rw-r----

Rwxr-xr-x: 755

• chmod command: Modify file permissions

  Modify all permissions for a class of users: u= g= o= ug= a= u=,g=

  Modify a class of users a bit or some bit permissions u+ u-g+ g-o+ o-a+ A +
  -R: Recursive Modify permissions
  

  chmod [OPTION] ...--reference=rfile FILE ... Refer to the permissions of the Rfile file to change file to the same rfile

  chmod u+wx,g-r,o=rx File

  Chmod-r G+rwx/testdir

  chmod file

  
  

• Default permissions for new files and directories
  The Umask value can be used to keep the Create file permission, non-privileged user umask is 002,root umask is 022

  New file Permission: 666-umask If the resulting result has an execute (odd) permission on one of the bits, it will have this permission +1

  New DIR Permission: 777-umask

  
  

Third, special permissions on the Linux file system

• Suid permissions on executable files

  When the user runs the program, automatically inherits the permissions of the master (only valid for binary executable programs, not in the directory)

  Permission settings: chmod u+s file ... chmod u-s file ...

• Sgid permissions on executable files

  When started as a process, the owner of its process is the genus of the original program file
  Permission settings: chmod g+s file ... chmod g-s file ...

• Sgid permissions on the directory

  By default, when a user creates a file, its group is the primary group to which this user belongs

  Once a directory has been set to Sgid, the user who has write access to this directory is the group of the groups to which the files created in this directory belong. Typically used to create a collaboration directory.

  Permission settings: chmod g+s DIR ... chmod g-s DIR ...

• The sticky bit on the directory (no meaning on the file)

  Directories with Write permissions typically users can delete any file in that directory, regardless of the permissions or ownership of the file

  In the directory settings sticky bit, only the file owner or root can delete the file

  Permission settings chmod o+t DIR ... chmod o-t DIR ...

• Special permission number method

  SUID4 SGID2 STICKY1

  When the permission is represented by a number, it is at the front such as chmod 4777/tmp/a.txt

• s and S s indicate that having X permission s means no X permission (for the owner and the group)

  T with T t means x permission t means no X permission (for other)

• Setting file-specific properties

  Chattr +i cannot be deleted, renamed, changed

  Chattr +a can only increase

  Lsattr Display Specific Properties

  
  

Iv. Access Control List ACLs

• Enables flexible rights management to set permissions on all users for the specified file and directory.

  Getfacl file |directory

  Setfacl-m u:wang:rwx File|directory

  SETFACL-RM g:sales:rwx Directory

  Setfacl-m File.acl File|directory

  Setfacl-m G:SALESGROUP:RW file| Directory

  Setfacl-m D:u:wang:rx Directory

  Setfacl-x U:wang File |directory

  Setfacl-x File.acl Directory
  

This article is from the "Laugh Monkey" blog, please be sure to keep this source http://xiaomonky.blog.51cto.com/11869371/1834134

DAY5: User groups and Rights Management (2)