Linux User and User Group Management

Linux is a multi-user and multi-task time-sharing operating system. UserYou must first apply for an account from the system administrator and then enter the system as this account. The user's account helps the system administrator UserTracking and controlling their access to system resources. On the other hand, it can also help users organize files and provide users with security protection. Each user account has a unique UserAnd user password. The user entered the correct information during logon. UserAnd password before you can access the system and your home directory.
To manage user accounts, you must do the following:
A. add, delete, and modify user accounts.
B. manage user passwords.
C. manage user groups.
Linux User Account Management

User Account management mainly involves adding, deleting, and modifying user accounts.
To add a user account is to create a new account in the system, and allocate resources such as user numbers, user groups, home directories, and logon shells to the new account. The newly added account is locked and cannot be used.
1. Add new UserThe Account uses the useradd command. The syntax is as follows:
Useradd option Username
The options are described as follows:
-C comment specifies an annotation description.
-D directory specifies the user's main directory. If this directory does not exist, you can use the-M option to create a main directory.
-G User Group UserGroup.
-G user group, which specifies the additional group to which the user belongs.
The-s shell file specifies the user's logon shell.
-U user number: specified user UserIf the-O option is available at the same time, the ID number of other users can be reused.
-P is an encrypted password that requires an MD5 code. Common numbers cannot be used.

User name specifies the login name of the new account.

Ex:
Example 1:
# Useradd-d/usr/sam-m sam
This command creates a user sam. The-d and-m options are used to generate a main directory/usr/sam (/usr is the default UserThe parent directory of the main directory ).
Example 2:
# Useradd-s/bin/sh-g group-G adm, root gem
This command creates a new user gem. the user's logon Shell is/bin/sh, which belongs to the group user group and also to the adm and root user groups. The group user group is the main group.
You may create a new group: groupadd group and groupadd adm.
Adding a user account adds a record to the/etc/passwd file for the new user and updates other system files, such as/etc/shadow and/etc/group.
Linux provides the integrated system management tool userconf, which can be used to manage user accounts in a unified manner.
Note:
The user account is defined in/etc/passwd. The Linux system contains a companion file/etc/passwd called/etc/shadow. Unlike/etc/passwd, this file is readable only for root users and contains encrypted password information. Let's take a look at a sample row of/etc/shadow:
Drobbins1 $1234567890123456789012345678901: 11664: 0:-1:-1:-1:-1:0
Each line defines password information for a special account. Similarly, each field is separated. The first field defines the special user account associated with this shadow entry. The second field contains an encrypted password. Other fields are described in the following table:

Field 3 is from 1/1/1970, and the number of days the password is modified
Field 4 the number of days before the password is allowed to be modified (0 indicates that the password can be modified at all times ")
Field 5 Number of days before the system forces the user to change the password (1 indicates "never change ")
Field 6 before the password expires, the user will be warned of the days of expiration (-1 indicates "no warning ")
Field 7 the number of days after the password expires, the system automatically disables the account (-1 indicates "Never disable ")
Field 8 days when the account is disabled (-1 indicates "this account is enabled") Field 9 is retained for future use
2. delete an account
If a user account is no longer in use, it can be deleted from the system. To delete a user account, you must delete the user record in system files such as/etc/passwd and delete the user's home directory if necessary. Delete an existing UserThe Account uses the userdel command in the following format:
Code:
Userdel option Username
The commonly used option is-r, which is used to delete the user's home directory together.
For example:
# Userdel-r sam
This command deletes the records of the user sam in the system files (mainly/etc/passwd,/etc/shadow,/etc/group) and the user's home directory.
3. Modify an account
Modifying a user account is to change the attributes of a user (for files) according to the actual situation, such as the user number, main directory, user group, and logon Shell.
Use the usermod command to modify the information of an existing user. The format is as follows:
Code:
Usermod option user name [only the ultimate Administrator has the permission to modify the account name. If you use the sudo command to authorize a common account, you can also use it]
Common options include-c,-d,-m,-g,-G,-s,-u, and-o. These options have the same meaning as those in the useradd command, you can specify a new resource value for the user. In addition, some systems can use the following options:
Code:
-L New User Name
This option specifies a new account. UserChange name to new UserName.
For example:
# Usermod-s/bin/ksh-d/home/z-g developer sam
This command changes the logon Shell of user sam to ksh, the main directory to/home/z, and the user group to developer.
# Usermod zte1-g cheng
# This command is used to change zte1 to the cheng Group.
4. View account attributes
Format: id user1 displays the uid and gid of user1. The default value is the id of the current user.
Ex: zte @ SMPS-WEB1:/home> id zte uid = 1011 (zte) gid = 100 (users) groups = 100 (users), 14 (uucp), 16 (dialout ), 17 (audio), 33 (video)

Groups user1 displays the group in which user user1 is located. The default value is the group information of the current user.
Ex: zte @ SMPS-WEB1:/home> groups users uucp dialout audio video (default)
Linux User Password Management

An important part of user management is the management of user passwords. A user account is locked by the system and cannot be used without a password. It must be specified for use, even if it is a blank password.
The shell command used to specify and modify the user password is passwd. The ultimate user can specify a password for himself or herself and other users. Common users can only change their own passwords. Command Format:
Code:
Passwd option User Name
Available options:
-L the password is disabled.
-U password unlock.
-D indicates that the account has no password.
-F forces the user to change the password upon next login.
If the default user name is used, modify the password of the current user.
For example, if the current user is Sam, the following command modifies the user's own password:
$ Passwd
Old password :******
New Password :*******
Re-enter new password :*******
If you are the ultimate user, you can specify the password of any user in the following form:
# Passwd Sam
New Password :*******
Re-enter new password :*******
When a common user modifies his or her own password, the passwd command First asks for the original password. After verification, the user needs to enter the new password twice. If the two passwords are the same, this password is assigned to the user, and the ultimate user does not have to know the original password when specifying a password for the user. For the sake of security, you should select a complicated password. It is best to use a password of no less than 8 digits. The password contains uppercase letters, lowercase letters, and numbers, and should be different from the name and birthday.
When you specify a blank password, run the following commands:
Code:
# Passwd-d sam
This command deletes the password of the user sam, so that the system will not ask for the password during the next logon.
The passwd command can also use the-l (lock) option to lock a user so that the user cannot log on. For example:
Code:
# Passwd-l sam
Linux User Group Management
Each user has a user group. The system can centrally manage all users in a user group. Different Linux systems have different user group rules, such UserBelong to the same name as him UserGroup. This user group is created when you create a user. User Group management involves adding, deleting, and modifying user groups. The addition, deletion, and modification of a group actually update the/etc/group file.
A user group has the same features. UserA collection of users. For example, if we want multiple users to have the same permissions, such as viewing, modifying a file or executing a command, we need a user group, we define all users to the same user group. By modifying the permissions of files or directories, the user group has certain operation permissions. UserYou have the same permissions for this file or directory. This is achieved by defining the group and modifying the file permissions;
Example:
In order for some users to have the permission to view a certain file, such as a schedule, but the person who writes the schedule must have the permission to read and write the file, we want some users to know the content of the schedule, instead of modifying them, we can assign these users to a group (using the chgrp command) and then modify the permissions of this file (using the chmod command, make the user group readable (use the chgrp command to classify the file into this group). In this way, every user in the user group is readable and cannot be accessed by other users.
1. Add a new UserThe group uses the groupadd command. The format is as follows:
Code:
Groupadd option user group [Assign chown and chgrp commands to a group after a user group is added]
Available options include:
-G GID specifies the group ID (GID) of the new user group ).
-O is generally used together with the-g option, indicating that the GID of the new user group can be the same as the GID of the existing user group in the system.
Example 1:
# Groupadd group1
This command adds a new group group1 to the system. The Group ID number of the new group is added with 1 on the basis of the current largest group ID number.
Example 2:
# Groupadd-g 101 group2
This command adds a new group group2 to the system and specifies that the Group ID of the new group is 101.
2. to delete an existing UserGroup. Use the groupdel command in the following format:
Code:
Groupdel User Group
For example:
# Groupdel group1
This command deletes group group1.
3. Run The groupmod command to modify the attributes of a user group. The syntax is as follows:
Code:
Groupmod option User Group
Common options include:
-G GID: specify a new group ID for the user group.
The-o and-g options are used at the same time. The new GID of the user group can be the same as the GID of the existing user group in the system.
-N new user group: Change the user group name to a new name.
Example 1:
# Groupmod-g 102 group2
This command changes the group ID of group group2 to 102.
Example 2:
# Groupmod-g 10000-n group3 group2
This command changes the ID of group group2 to 10000 and the group name to group3.
4. If a user belongs to multiple user groups at the same time, the user can switch between user groups to have permissions for other user groups. After logging on, the user can use the newgrp command to convert to another user group. UserGroup.
For example:
$ Newgrp root
This command is used to convert the current user to the root user group, provided that the root user group is indeed the main group or additional group of the user. Similar to user account management, user group management can also be completed through integrated system management tools.
System files related to user accounts
There are many methods to complete user management, but each method is actually to modify the relevant system files. Information related to users and user groups is stored in some system files, including/etc/passwd,/etc/shadow and/etc/group. The following describes the content of these files.
1. the/etc/passwd file is the most important file involved in user management. In Linux, each user has a corresponding record row in the/etc/passwd file, which records some basic attributes of this user. This file is readable to all users. The content is similar to the following example:
# Cat/etc/passwd
Root: x: 0: 0: Superuser :/:
Daemon: x: 1: 1: System daemons:/etc:
Bin: x: 2: 2: Owner of system commands:/bin:
Sys: x: 3: 3: Owner of system files:/usr/sys:
Adm: x: 4: 4: System accounting:/usr/adm:
Uucp: x: 5: 5: UUCP administrator:/usr/lib/uuucp:
Auth: x: 7: 21: Authentication administrator:/tcb/files/auth:
Cron: x: 9: 16: Cron daemon:/usr/spool/cron:
Listen: x: 37: 4: Network daemon:/usr/net/nls:
Lp: x: 71: 18 rinter administrator:/usr/spool/lp:
Sam: x: 200: 50: Sam san:/usr/sam:/bin/sh
From the above example, we can see that a row of records in/etc/passwd corresponds to a user, and each row of records is separated by a colon into seven fields. Its format and meaning are as follows:
Code:
User name: Password: User ID: Group ID: annotation Description: main directory: logon Shell
(1) "User Name" is a string representing the user account. Generally, it cannot exceed 8 characters and may consist of uppercase/lowercase letters and/or numbers. The logon name cannot contain a colon because it is a separator. For the sake of compatibility, the login name should not contain the dot character ".", and do not use the hyphen "-" or the plus sign "+" to start.
(2) "password", which is stored in some systems after Encryption UserPassword. Although this field only stores the encrypted string of the user password, it is not plain text. However, because the/etc/passwd file can be read by all users, this is still a security risk. Therefore, many Linux systems currently use the shadow technology UserThe password is stored in the/etc/shadow file, and only one special character is stored in the password field of the/etc/passwd file, such as "x" or "*".
(3) The "User ID" is an integer that is used internally to identify the user. Generally, it corresponds to the user name one by one. If several user names correspond UserThe identification numbers are the same. The system regards them as the same user, but they can have different passwords, different home directories, and different logon shells. Generally, the user ID number ranges from 0 ~ 65535. 0 is the identification number of the root user ~ 99 is retained by the system and used as the management account. The identification number of a common user starts from 100. In Linux, this limit is 500.
(4) The "group ID number" field records the user's UserGroup. It corresponds to a record in the/etc/group file.
(5) The "annotation description" field records the user's personal information, such as the user's real name, phone number, and address. This field has no practical use. In different Linux systems, the format of this field is not uniform. In many Linux systems, this field stores any comments of the description text and is used as the output of the finger command.
(6) "main directory", that is, the user's initial working directory, which is the directory where the user logs on to the system. In most systems, the main directories of users are organized under the same specific directory, and the user's main directory name is the user's login name. Each user has the read, write, and execute (Search) permissions on his/her home directory. Other users have the permission to access this directory based on the actual situation.
(7) after a user logs on, a process is started to pass user operations to the kernel. This process is a command interpreter or a specific program that the user logs on to the system and runs, that is, Shell. Shell is an interface between a user and a Linux system. LinuxThere are many Shell types, each of which has different characteristics. Common examples include sh (Bourne Shell), csh (C Shell), ksh (Korn Shell), tcsh (TENEX/TOPS-20 type C Shell), and bash (Bourne Again Shell). The system administrator can specify a Shell for the user based on the system conditions and user habits. If no Shell is specified, the system uses sh as the default logon Shell, that is, the value of this field is/bin/sh.
The user's logon Shell can also be specified as a specific program (this program is not a command interpreter ). With this feature, we can restrict users to run only the specified application. After the application is run, the user automatically exits the system. In some Linux systems, only those programs registered in the system can output the current field. One type of users in the system is called psuedo users. These users also have a record in the/etc/passwd file, but cannot log on because their login Shell is empty. They are mainly used to facilitate system management and meet the requirements of the corresponding system processes for file owners. Common pseudo-users are as follows.
Definition of a pseudo-user
Bin has executable UserCommand file
Sys owns system files
Adm has account files
Uucp
Lp or lpd subsystem usage
Nobody NFS usage
In addition to the pseudo applications listed above, many standard pseudo users, such as audit, cron, mail, and usenet, are also required by related processes and files. Since the/etc/passwd file can be read by all users, if the user's password is too simple or regular, a common computer can easily crack it, therefore, for Linux systems with high security requirements, the encrypted passwords are separated and stored in a file, which is a/etc/shadow file. Only the ultimate user has the permission to read the file, which ensures the security of the user password.
2. The record lines in/etc/shadow correspond to the records in/etc/passwd one by one. The pwconv command automatically generates the records based on the data in/etc/passwd. The file format is similar to/etc/passwd and consists of several fields separated. These fields are:
Login Name: encrypted password: last modification time: minimum interval: maximum interval: warning time: inactive time: expiration time: Flag
(1) The "Login Name" is consistent with the login name in the/etc/passwd file. UserAccount
(2) The "password" field is stored after Encryption UserPassword, Which is 13 characters in length. If it is blank, the corresponding user does not have a password and does not need a password for Logon. If it contains characters not in the {./0-9A-Za-z} set, it corresponds UserYou cannot log on.
(3) "last modification time" indicates the number of days from a certain time point to the last password change time of the user. The start time may be different for different systems. For example, in SCO Linux, the start time is January 1, January 1, 1970.
(4) "minimum interval" refers to the minimum number of days required between two password changes.
(5) "maximum interval" indicates the maximum number of days for password to remain valid.
(6) The "warning time" field indicates the number of days from when the system starts to warn the user to when the user password is officially invalid.
(7) "No activity time" indicates the maximum number of days that the user has not logged on to the activity but the account remains valid.
(8) The "expiration time" field shows an absolute number of days. If this field is used, the validity period of the corresponding account is given. After expiration, this account is no longer a valid account and cannot be used for logon.
The following is an example of/etc/shadow:
# Cat/etc/shadow
Rootnakfw28zf38w: 8764: 0: 168: 7 :::
Daemon: *: 0: 0 ::::
Bin: *: 0: 0 ::::
Sys: *: 0: 0 ::::
Adm: *: 0: 0 ::::
Uucp: *: 0: 0 ::::
Nuucp: *: 0: 0 ::::
Auth: *: 0: 0 ::::
Cron: *: 0: 0 ::::
Listen: *: 0: 0 ::::
Lp: *: 0: 0 ::::
Sam: EkdiSECLWPdSa: 9740: 0: 0 ::::
3. All user group information is stored in the/etc/group file.
Grouping users is a way to manage users and control access permissions in Linux. Each user belongs to a user group. A group can have multiple users, and a user can belong to different groups. When a user is a member of multiple groups at the same time, the main group to which the user belongs is recorded in the/etc/passwd file, that is, the default group to which the user belongs during logon, other groups are called additional groups. To access files belonging to an additional group, you must first use the newgrp command to make yourself a member of the group to be accessed. All user group information is stored in the/etc/group file. The format of this file is also similar to the/etc/passwd file. Several fields are separated by colons. These fields include:
Group Name: Password: Group ID: group user list
(1) "group name" is the name of the user group, which consists of letters or numbers. It is the same as the login name in/etc/passwd, and the group name should not be repeated.
(2) The "password" field stores the encrypted password of the user group. General Linux systems UserThe Group does not have a password, that is, this field is generally empty, or *.
(3) The "group ID" is similar to the user ID and is also an integer used internally to identify the group.
(4) The "group user list" is a list of all users in this group. Different users are separated by commas. This user group may be the user's primary group or an additional group.
An example of the/etc/group file is as follows:
# Cat/etc/group
Root: 0: root
Bin: 2: root, bin
Sys: 3: root, uucp
Adm: 4: root, adm
Daemon: 5: Root, daemon
LP: 7: Root, lp
Users: 20: Root, Sam
Grant special permissions to common users [Sudo command]
In Linux, there are usually more than one administrator. If each administrator uses the root identity for management, it is impossible to figure out who should do what. Therefore, the best way is to create some common users as administrators and assign some system management work to them.
Due to Su's unrestricted permissions after being converted to the root user of the ultimate permission, Su cannot act as a system managed by multiple administrators. If Su is used to switch to the ultimate user to manage the system, it is not clear which operations are performed by the Administrator. Especially for the management of servers involving multiple participants, the best solution is to assign specific permissions to the technical expertise and management scope of each administrator, and specify the tools it uses to complete the work related to it, then we need to use sudo. Through sudo, We can delegate certain ultimate permissions in a targeted manner without having to know the root password for common users. Therefore, sudo is safer than Su with unrestricted permissions, therefore, sudo can also be referred to as restricted Su. In addition, sudo requires authorization, so it is also called the authorization permission Su; the sudo Command Execution Process is to convert the current user to the root (or another specified conversion User), And then use root (or another specified conversion User) Identity to execute the command, after the execution is complete, directly return to the current user; and the premise is to use the sudo setting file/etc/sudoers for authorization;
We cannot use Su to make them directly root, because these users must know the root password. This method is very insecure and does not meet our division of labor needs. The general practice is to use the permission settings to classify jobs so that special identities can be made. UserBecome the same workgroup and set the workgroup permissions. For example, the user wwwadm is required to manage website data. Generally, the httpd owner of the Apache Web server process is www. You can set wwwadm and WWW as the same working group, by default, Apache sets the working group permissions for storing webpage records/usr/local/httpd/htdocs as readable, writable, and executable, in this way, every user in this Working Group can manage webpages.
However, this is not the best solution. For example, if the administrator wants to grant the shutdown permission to an ordinary user, the above method is not optimal. At this time, you may think that I only want this user to execute the shutdown command as root. It is absolutely true. Unfortunately, this function cannot be implemented in common Linux systems, but there are tools that can implement this function ?? Sudo.
Sudo assigns privileges to different databases that maintain a ing of privileges to user names. UserThese privileges can be identified by different commands listed in the database. To obtain a specific permission UserSimply enter the sudo and command name in the command line and enter the password again as prompted. For example, sudo allows a common user to format a disk, but does not grant other root user privileges.
Note: The original intention of sudo is to allow a common user to execute the root command. When you use sudo for the first time, you are prompted to enter the password.
This password is your own password.
However, in SuSE 9 and 10, you must enter the root user password when using sudo.
Check and verify that the current sudo settings file contains ults targetpw, indicating that sudo will prompt the input to be specified by the-u option of sudo. User(Root by default) instead of executing sudo UserIf you comment out the password, the entered password is for the current user. The root password is required by default in SuSE.
It can be understood as follows: your server cannot use root to directly SSH to the server or directly use root to log on to the TTY server. Add a user so that he can use SSH but not the su command. In this way, we can use this method to let him engage in one of the root commands.
Sudo formula;
Authorized user host = [(to which users or user groups)] [whether password verification is required] command 1, [(to which users or user groups)] [Whether password verification is required] [command 2], [(to which users or user groups are converted)] [whether password verification is required] [command 3] ......
Note:
The content in [] can be omitted. the commands and commands are separated by commas (,). The examples in this article show which are omitted and where spaces are required; in [(to which users or user groups are converted)], if omitted, the default value is root. If it is ALL, it indicates that ALL users can be converted. UserMust be enclosed by (), such as (ALL), (beinan)

1. The sudo tool is set by the file/etc/sudoers, which contains all the sudo tools that can accessUserList and define their privileges. A typical/etc/sudoers entry is as follows:
ZTE all = (all) All
This entry allows the user ZTE to access all applications as the ultimate user. For example, if the user ZTE needs to run commands as the ultimate user, he simply needs to add the prefix sudo before the command. Therefore, to run the ifconfig command as the root user, ZTE can enter the following command:
SMPS-WEB1:/Home> # sudo/usr/sbin/ifconfig
Note: the absolute path/usr/sbin/ifconfig should be written for the ifconfig command to be executed./usr/sbin is not in the search path of common users by default, or the path: Path = $ path: /usr/sbin; export path. In addition, different system commands have different paths. You can use the command "whereis command name" to find its path. Ex: ZTE @ SMPS-WEB1:/Home> whereis usermod
Usermod:/usr/sbin/usermod/usr/share/man/man8/usermod.8.gz. Here, two paths are searched and the first one is obtained. indicates to view the specific path of The usermod command under ZTE User Logon
The following output result is displayed:
We trust you have got ed the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
If zte correctly enters his password, the command ifconfig will be executed as the root user.
Note: To set the file/etc/sudoers, you must use the Visudo command to edit it.
As long as the correspondingUserThe name, host name, and license command list are added to the file/etc/sudoers in a standard format and saved to take effect. Let's look at another example.
2. Example:
[1] The administrator must allow the gem user to execute the reboot and shutdown commands on the host sun and add the following to/etc/sudoers:
Gem sun =/usr/sbin/reboot,/usr/sbin/shutdown
Note: the absolute path must be used for commands to prevent commands of the same name in other directories from being executed, resulting in security risks.
Save and exit. When you want to execute the reboot command, you only need to run the following command at the prompt:
$ Sudo/usr/sbin/reboot
Enter the correct password to restart the server.
[2] beinan ALL = (root)/bin/chown,/bin/chmod
It indicates that beinan can be converted to the root host and run the/bin/CHOWN command. It can be converted to the/bin/chmod command executed by all users, use Sudo-L to view the commands that beinan allows and disables on this host;
[3] beinan all = (Root) nopasswd:/bin/chown,/bin/chmod
It indicates that beinan can be converted to the root host to run/bin/chown on all hosts that may contain host names without entering the beinan user password; in addition, it can be converted to all users to execute the/bin/chmod command, but beinan needs to enter its own password to execute chmod; use Sudo-L to view the commands that beinan allows and disables on this host;
Regarding whether a command action requires a password, we can see that the system currently requires a user password by default, except for non-Additional instructions that you do not need to enter your own password, therefore, add the nopasswd: Parameter before executing the action;
[4] to cancel the execution of a program, you must add it before the command action! In this example, the wildcard * usage is also displayed;
Beinan all =/usr/sbin/*,/sbin /*,! /Usr/sbin/fdisk Note: add this rule to/etc/sudoers. However, you must have the beinan user group and beinan is in this group; this rule indicates that the beinan user runs all programs under/usr/sbin and/sbin on all hosts with all possible host names, except for the fdisk program;
[Beinan @ localhost ~] $ Sudo-l
Password: Note: enter the password of the beinan user;
User beinan may run the following commands on this host:
(Root)/usr/sbin /*
(Root)/sbin /*
(Root )! /Sbin/fdisk
[Beinan @ localhost ~] $ Sudo/sbin/fdisk-l
Sorry, user beinan is not allowed to execute '/sbin/fdisk-L' as root on localhost.
Note: The fdisk program cannot be converted to the root user;
[5] If you want to define a group of users, you can add % before the group name to set it, such:
% Cuug ALL = (ALL) ALL
All the Members in the cuug group can execute specific tasks through sudo.
3. You can also use aliases to simplify File Settings. Aliases are similar to group concepts, including user aliases, host aliases, and command aliases. Multiple users can define them with an alias first, and then use the alias when specifying the command they can execute. This setting takes effect for all users. The same is true for host aliases and command aliases. Note that before use, define the User_Alias, Host_Alias, and Cmnd_Alias items in/etc/sudoers. Add the corresponding names after the items and separate them by commas. For example:
Host_Alias SERVER = no1
User_Alias ADMINS = liming, gem
Cmnd_Alias
SHUTDOWN =/usr/sbin/halt,/usr/sbin/shutdown,/usr/sbin/reboot
Admins server = SHUTDOWN
4. The sudo command can also add some parameters to complete some auxiliary functions, such:
$ Sudo-l
The following information is displayed:
User liming may run the following commands on this host:
(Root)/usr/sbin/reboot
Root allows liming to execute the/usr/sbin/reboot command. This parameter allows you to view which commands can be executed in sudo.
5. Enter the sudo command at the command prompt to list all parameters. Other parameters are as follows:
-V displays the version number.
-H: displays the parameters used by The sudo command.
-V will ask for the password because sudo is not executed during the first execution or within N minutes (N is set to 5 by default. This parameter is re-confirmed. If it is more than N minutes, you will also ask the password.
-K will force the user to ask for the password (whether or not it has been more than N minutes) during the next sudo execution ).
-B: Execute the command in the background.
-P prompt indicates a prompt to change the password. % u is replaced with the user's account name, and % h displays the host name.
-U username/# this parameter is not added to the uid, which indicates that the command is to be executed as root, but this parameter is added, the command can be executed as username (# uid of the username is UID ).
-S executes the SHELL specified by the Shell in the environment variable, or the Shell specified in/etc/passwd.
-H: Specify the HOME directory in the environment variable as the HOME Directory of the user who wants to change the identity. (If the-u parameter is not added, the system administrator root is used .)
Command to be executed as a system administrator (or changed to another person as a-u.

**************************************** **************************************** **************************************** *****
User and user group Application Instances
Drwxr-XR-x 7 zte_a users 4096 2007-11-22 zte_a
Drwxr-XR-x 7 zte_ B users 4096 zte_ B
Drwxr-XR-x 7 zte_c users 4096 zte_c
Zte_a, zte_ B, and zte_c all belong to the users group.
Create Time directory
Drwxr-XR-x 2 root Root 4096 time
Create a time file under the time directory
-RW-r -- 1 Root 27 time.txt
Requirement: allows the rootuser to wrx time.txt under time.txt, and only belongs to users user groupUserRead the time.txt File
Steps:
Chmod o-r-x time To Set Directory Permissions
Drwxr-x --- 2 root Root 4096 time
Chmod o-r time.txt sets File Permissions
-RW-r ----- 1 Root 27 time.txt
Chgrp user time sets the directory group
Drwxr-x --- 2 root users 4096 time
Set the group to which the chgrp user time.txt file belongs.
-RW-r ----- 1 root users 27 time.txt
Note:To add new users to the user group in the future, you only need to add useradd-m new, and then usermod-G user new to assign new users to the user group.