1. Linux is a multi-user, multi-task operating system, including user accounts and group accounts.
Subdivide user accounts (ordinary user accounts, super user accounts) in addition to the user accounts that think there are also group accounts. The so-called group accounts are the collection of user accounts. There are two types of centos groups: private group and standard group, when creating a new user, if the user's group is not specified, centos creates a private group that is the same as the user. This private group only includes the user. A standard group can accommodate multiple users. If you want to use a standard group, you should specify the group to which a new user belongs when creating a new user. On the other hand, A single user can belong to multiple groups. For example, a leader group and a technical group of a certain organization, lik is the technical director of the organization. Therefore, lik is a leader group and a technical group. When a user belongs to multiple groups, the group to which the user logs on is the primary group, and the other groups are the additional groups.
2. in Linux, the account system files are mainly in the/etc/passwd,/etc/shadow,/etc/group, and/etc/gshadow files. The basic meaning is not to mention. The root uid is 0, from 1 to 499 is the standard account of the system, and general users start from uid 500.
3. Use commands to manage accounts
Useradd option username // Add new user
Usermod option username // modify an existing user
Userdel-r username // indicates that the user's directory is deleted together.
Groupadd option group name // Add a new group
Groupmod option group name // modify an existing group
Groupdel group name // delete an existing group.
Example
Useradd zhh888 // Add a user zh888
Groupadd blog // create a blog Group
Useradd-G blog ZH // indicates creating a new user ZH and adding it to the additional blog group.
Useradd-D/var/FTP/pub-M ftpadmin // create a new user ftpadmin, specify the directory as/var/FTP/pub, do not create your own directory (-m)
Usermod-G blog zh888 // Add zh888 to the additional group blog.
Userdel ftpadmin // indicates deleting the ftpadmin user
Userdel-r zhh888 // indicates deleting the directory in zh888 and/home.
Groupdel blog // indicates deleting a blog group.
4. Password Management and Validity Period
After creating a user, you need to add a password to the user, and set the command type passwd for the password.
Passwd option User Name
Passwd-l user name account name // Disable User Account Password
Passwd-s user name // indicates viewing the user account password status
Passwd-u user name // indicates restoring the user account
Passwd-D username // indicates deleting the user account password
5. The chage command is used to protect the password's validity period. This prevents others from guessing the password's time.
Chage option User Name
Parameters include-M days,-M days,-D days,-I days,-e date,-W days,-l
Example: # chage-M 2-M 30-W zhh // indicates that the user cannot change the password within two days, and the maximum password retention period is 30 days, and the password expires for 5 days to notify zhh
6. user and group status query command
Whoami // displays the current user name.
Groups user name // indicates the group to which the specified user belongs. If no user is specified, the group to which the current user belongs is displayed.
Id // displays the UID gid of the current user and the list of groups to which the user belongs.
Su-user // indicates to convert to another user. If Su indicates to switch to its current user.
Newgrp group name // indicates to convert the current group of the user to the specified additional group, and the user must belong to this group.
7. Modify the owner and the same group
Sometimes you also need to change the owner and group of the file. Only the owner of a file has the right to change other owners and groups. Users can transfer their own files to everyone. Use the CHOWN command to change the file owner
Chown [-R] <user name or group> <file or directory>
Chown zh888 files // change the owner of the file files to the zh888 user.
Chown zh888.zh888 files // change the owner and group of file files to zh888.
Chown-r zh888.zh888 files // change the master and group of all files or directories in all directories and subdirectories of files to zh888.
8. Set the file directory and directory generation mask
You can use the umask command to set the default file generation mask. The default generated mask tells the system which permissions should not be granted to create a file or directory. If you place the umask command in the environment file. bash_profile, you can control access to all newly created files and directories.
Umask [a1a2a3]
A1 indicates that permissions of the owner are not allowed, A2 indicates that permissions of the same group are not allowed, and A3 indicates that permissions of others are not allowed.
Umask 022 // indicates that the write permission is not allowed for users in the same group and other users.
Umask // display the current default generated mask.
9. Special permission settings
Suid sgid and sticky-bit
In addition to general permissions, special permissions exist. Some special permissions have special permissions. If you do not need special permissions, do not open special permissions to avoid security issues.