Linux user creation, administration, rights assignment

(1) Su and sudo

SU: Can be switched between users through Su, what is power if superuser root switches to normal or virtual users without a password? That's it! And the normal user to switch to any other users need password authentication;

Sudo:

Sudo's role is destined to be extra cautious in terms of security, or it could lead to illegal users grabbing root privileges. At the same time, it has to take into account the ease of use, so that the system administrator can more efficient and more convenient usage of it.

# 1. Sudo can restrict the specified user from running certain commands on the specified host.
# 2. sudo can provide logs, faithfully record what each user has done with sudo, and can upload logs to a central host or log server.
# 3. sudo provides the system administrator with a configuration file that allows the system administrator to centrally manage user permissions and the hosts used. Its default storage location is/etc/sudoers.
# 4.sudo uses a timestamp file to complete a system similar to "wicket". When the user executes sudo and enters the password, the user obtains a "ticket" with a default survival period of 5 minutes (the default value can be changed at compile time). After the timeout, the user must re-enter the password.

Configuring sudo
To configure sudo, you must edit the/etc/sudoers file, and only the superuser can modify it, and you must also use Visudo editing. There are two reasons for using Visudo, one is that it prevents two users from modifying it at the same time, and the other is that it can perform a limited syntax check. So, even if you are only a superuser, you'd better use Visudo to check the syntax.

(2) Linux normal users get administrator privileges "to be tested"

Original: http://www.cnblogs.com/likwo/p/3435404.html

Test environment: CentOS 5.5

1, add the user, first with the AddUser command to add a normal user, the command is as follows:
#adduser Tommy

Add a user named Tommy
#passwd Tommy//Change Password
Changing password for user Tommy.
New UNIX Password://Enter your password here
Retype new UNIX Password://Enter password again
Passwd:all authentication tokens updated successfully.

2. Give root permission
Method One: Modify the/etc/sudoers file, locate the following line, remove the previous comment (#)
# allows people in group wheel to run all commands
%wheel all= (All) all
Then modify the user to belong to the root group (wheel) with the following command:
#usermod-G root Tommy
You can now log in with your Tommy account and then use the command Su-, you can get root privileges to operate.

Method Two: Modify the/etc/sudoers file, locate the following line, and add a line under root as follows:
# allow ROOT to run any commands anywhere
Root all= (All) all
Tommy All= (All) all
After the modification, you can now log in with your Tommy account, and then use the command Su-to get root privileges to operate.

Method Three: Modify the/etc/passwd file, locate the following line, change the user ID to 0, as follows:
Tommy:x:500:500:tommy:/home/tommy:/bin/bash
Modified as follows
Tommy:x:0:500:tommy:/home/tommy:/bin/bash
Save, with Tommy account login, directly get the root account permissions.
Friendly reminder: Although method three looks simple and convenient, but generally not recommended use, recommended method two.

< turn from End >

#######################################################

But it looks like the red and thicker Su-- I usually use sudo. I don't know if the author is a typo or something, because with Su, I need to know the root password, so sudo will be better.

(3) Linux users, user groups learning notes

• /ETC/PASSWD file Format: User name: Password: uid:gid: User info: Home directory path: User shell;
• /etc/shadow Save the user password information, including the password after encryption, password expiration time, password expiration prompt days, etc.;
• The format of saving user group information in the/etc/group file is as follows: User group name: group Password: GID: Group account (multiple accounts separated by commas); View the user Group command for the current user: [[email protected] opt] #groups

To view the user Group command for the current user: [[email protected] opt] #groups
Root bin daemon sys ADM disk wheel output information, the first user group is a valid user group for the current user (current user group)

Toggle Active User Group command: [[[email protected] opt] #newgrp user group name. To leave the new active user group, enter exit.
New User command: [[email protected] opt] #useradd user name-G initial user group-G Other user groups (modify/etc/group)-C User Description-U specify UID
the user needs to set a password for the user: [[ Email protected] opt] #passwd user name
user to modify their password command: [[email protected] opt] #passwd
Modify user Information command: [[email  protected] opt] #usermod parameter user name
parameter:
-C Description
-G Group name Initial user group
-e Expiration date format: YYYY-MM-DD
-G Group name Other user group
-L Modify User Name
-L Lock account (two exclamation mark in front of user's password password string in/etc/shadow file)
-u unlock
Delete user command: [[[email protected] opt] #userdel [-r] User name
where parameter-R is the home directory to delete the user.
In fact, there may be other places in the system also has the user file, to complete delete a user and its files to find the file belonging to him first:
[[[email protected] opt] #find/-user username
and then delete, Then run Userdel to delete the user.

View available shell commands: [[email protected] opt] #chsh-l
Modify your own shell command: [[email protected] opt] #chsh-s
View yourself or someone uid/gid information: [[email protected] opt] #id [username] return information in groups as a valid user group
New User Group command: [[email protected] opt] #groupadd user group name
Modify user Group Name command: [[email protected] opt] #groupmod-n Name
Delete user group command: [[email protected] opt] #groupdel user group name
Set User group Password command: [[email protected] opt] #gpasswd user group name

If the GPASSWD plus parameter has other functions
Set User Group Administrator command: [[email protected] opt] #gpasswd-a user name user group name
Add an account to group command: [[email protected] opt] #gpasswd-m user name user group name
Remove an account from a group command: [[email protected] opt] #gpasswd-d user name user group name

passwd Related parameter operation:
-L Lock User
-U Unlock User
-N days password cannot be changed days
-X days password expires in days
-W Days Warning days

(4) File permissions　　　　

[[email protected] opt] #ls-al
Ls-al command is to list all files in the directory, including hidden files. The first character of the hidden file's file name is '. '
-rw-r--r--  1 root root    bayi 08-02 14:54 gtkrc-1.2-gnome2
-rw-------  1 root root    189 08-02 14:54 iceauthority
-rw-------  1 root root   /08-05 10:02. Lesshst
drwx---- --  3 root root  4096 08-02 14:54. metacity
drwxr-xr-x  3 root root  4096 08-02 14:54 Nautilus
The columns of the br> list are defined as follows:
[Permissions Property Information] [number of connections] [owner] [owner's user group] [size] [last modified] [filename]

Permission attribute list is 10 characters:
The first character represents the file type, and D is the directory-normal file L for connection B storage Interface device C for keyboard and mouse input device
2, 3, 4 characters for owner permissions, 5, 6, 7 characters for owner-group User Rights, 8, 9, 10 for other user rights
The second character represents the owner Read permission, if the permission is R, No permission is-
The third character represents the owner write permission, if the permission is W, no permission is-
The fourth character represents the owner execution permission, if the permission is x, no permission is-
Fifth character represents the owner of the same group of user Read permission, if the permission is R, No permission is-
The sixth character is the owner of the same group of user write permissions, if the permission is W, no permission is-
The seventh character indicates that the owner is the same as the group user execution permissions, if the permission is x, no permission is-
eighth character for other non-group Read permissions, If the permission is R, no permission is-
The nineth character represents other non-identical write permissions, if the permission is W, no permission is-
The tenth character represents other non-group execution permissions, if the permission is x, no permission is-

(5)Linux terminal with mkdir to create directory prompt permission is not enough

(6) LINUX command line becomes-bash-4.2$

Reference Posts:

(1) Linux user creation, management, Rights Assignment (summary)

(2) Linux users, user groups, file permissions Learning notes

Linux user creation, administration, rights assignment