Linux users, user groups, and file permissions [command practice]

Linux users, user groups, and file permissions [command practice] linux permission system consists of users, user groups, and permissions. For theoretical aspects, you can refer to another article: linux to view all users and all user groups [theory] http://www.bkjia.com/ OS /201304/205743.html users are one by one login and use linux users. In linux, UID is used. A user group is a user group. In linux, GID is used. Permissions include read, write, and execution permissions. Linux User information is stored in the/etc/passwd file. In addition, the/etc/shadow file stores user password information. /Etc/passwd file format: User name: Password: UID: GID: User information: HOME directory path: User shell where UID is 0 is user root, 1 ~ 499 is a system user, and more than 500 is a common user/etc/shadow. It stores user password information, including the encrypted password, password expiration time, and password expiration reminder days. The user group information is stored in the/etc/group file. the format is as follows: User Group Name: group password: GID: group account (multiple accounts are separated by commas) after a user logs on, the GID in the/etc/passwd file is the user's initial user group. The fact that the user's initial user group is no longer reflected in/etc/group. ------- The following command is run: [root @ local opt] # groupsroot bin daemon sys adm disk wheel, the first user group is the valid user group of the current user (the current user group). to switch the valid user group, run the command [root @ local opt] # newgrp user group name to leave the new valid user group, enter exit and press Enter. New USER command: [root @ local opt] # useradd username-g initial user group-G other user groups (modify/etc/group) -c user description-u indicates that the user needs to set a password after the UID is created: [root @ local opt] # passwd User Name: [root @ local opt] # passwd command to modify user information: [root @ local opt] # usermod parameter username parameter:-c description-g group name initial user group-e expiration date format: YYYY-MM-DD-G group name other user group-l change user name-L lock account (add two exclamation points (!) before the user password string in the/etc/shadow file (!!)) -U command to unlock and delete a user: [root @ local opt] # userdel [-r] user name. The parameter-r is used to delete the user's home directory. In fact, this user file may also exist elsewhere in the system. to completely delete a user and its files, you must first find the file that belongs to it: [root @ local opt] # find/-user name, delete it, and then run userdel to delete the user. View available shell commands: [root @ local opt] # chsh-l modify your shell command: [root @ local opt] # chsh-s to view UID/GID information of yourself or someone: [root @ local opt] # id [user name] in the returned information, groups adds the user group command for a valid user group: [root @ local opt] # groupadd user group name modify user group name command: [root @ local opt] # groupmod-n command for deleting user groups: [root @ local opt] # groupdel user group name setting user group PASSWORD command: [root @ local opt] # gpasswd user group name. If gpasswd is added with parameters, other functions can be used to set the User Group Administrator command: [root @ local opt] # gpasswd-A User Name User Group name Add an account to the group command: [root @ local opt] # Use gpasswd-M User Name User Group name delete an account from the group command: [root @ local opt] # gpasswd-d User Name User Group name passwd related parameter operation: -l lock user-u unlock user-n days password cannot be changed days-x days Password Expiration days-w days warning days File Permission knowledge first look at an instance: [root @ local opt] # The ls-all- al command lists all the files in the directory, including hidden files. The first character of the hidden file name is '. '-rw-r -- 1 root 81 08-02 gtkrc-1.2-gnome2-rw ------- 1 root 189 08-02 ICEauthority-rw ------- 1 root 35 08-05. lesshstdrwx ------ 3 root 4096 08-02. metacitydrwxr-xr-x 3 root 4096 08-02 nautilus list columns are defined as follows: [permission attribute information] [connections] [owner] [owner user group] [size] [last modification time] [file name] The permission attribute list contains 10 characters: the first character represents the file type, and d is the directory-for common files l is the connection B is a storage Interface Device c is the keyboard and mouse input devices 2, 3, 4 characters Owner permission. The characters 5, 6, and 7 indicate the owner's user permissions in the same group, and the characters 8, 9, and 10 indicate other user permissions. The second character indicates the owner's read permission, if you have the permission, it is r. If you do not have the permission, the third character indicates the write permission of the owner. If you have the permission, the third character indicates w. If you do not have the permission, the fourth character indicates the execution permission of the owner, if you have the permission, it is x. If you do not have the permission, it is-the fifth character, indicating that the owner has the same group of users read permission. If you have the permission, it is r, if you do not have the permission, the sixth character indicates that the owner has the write permission for the same group of users. If you have the permission, the sixth character indicates that the owner has the same group of users for execution, if you have the permission, it is x. If you do not have the permission, it is-the eighth character, which indicates other non-same group read permissions. If you have the permission, it is r, if you do not have the permission, the ninth character indicates the write permission of other non-same groups. If you have the permission, the ninth character indicates w. If you do not have the permission, the tenth character indicates the execution permission of other non-same groups, if you have the permission, it is x. If you do not have the permission, it is-Modify the Group Command of the file: [root @ local opt] # chgrp [-R] group name file name where-R is the recursive setting to modify the file owner and group command: [Root @ local opt] # chown [-R] user [: User Group] File Name modification File Access command: [root @ local opt] # chmod [-R] 0777 file name ========================== other commands ============================================ === how to view users and user groups in linux: search for and display user information. Method: whois [Account name] Supplementary Note: the whois command will find and display the user information of the specified account, because it is to the Network Solutions WHOIS database to find, therefore, the account name must be registered with the account to be retrieved, and the name is case-insensitive. ----------------------------------------------------------- Whoami Function Description: The user name first appears. Description: whoami [-- help] [-- version]. The name of the user is displayed. This command is equivalent to executing the "id-un" command. Parameter: -- help Online help. -- Version: displays the version information. ------------------------------------------------- Who Function Description: displays the user information currently logged on to the system. Syntax: who [-Himqsw] [-- help] [-- version] [am I] [record file] supplement: execute this command to find out which users are currently logged on to the system, if you run the who command separately, the Logon account, the terminal used, the logon time, and the X-display from which the account is logged in or in use are listed. Parameter:-H or -- heading displays the title information columns of each column. -I or-u or -- idle indicates the idle time. If the user performs any action within the previous minute, it indicates ". ", if the user has not performed any action for more than 24 hours, the" old "string is displayed. -M this parameter has the same effect as the specified "am I" string. -Q or -- count only displays the name and total number of accounts logged on to the system. -S this parameter will be ignored and will not be processed. It is only responsible for solving compatibility issues with other versions of the who command. -W or-T or -- mesg or -- message or -- writable displays the user information status bar. -- Help Online help. -- Version: displays the version information. -------------------------------------------------- W Function Description: displays the user information currently logged on to the system. Syntax: w [-fhlsuV] [user name] Note: When this command is executed, you can find out who are currently logged on to the system and the programs they are executing. If you run the w command separately, all users are displayed. You can also specify the user name to only display information about a user. Parameter:-f enables or disables the system to display where the user logs on to the system. -H: The title information column of each column is not displayed. -L use the detailed format list, which is the default value. -S uses a concise format list, which does not display the User Logon Time, CPU time consumed by terminal jobs and programs. -U ignores the name of the execution program and the CPU time consumed by the program. -V displays the version information. ------------------------------------------------- The fingerfinger command is used to query user information. Generally, the user name, main directory, hold time, Logon Time, and shell of a user in the system are displayed. To query user information on a remote machine, you need to connect the user name to "@ host name" in the format of [user name @ host name]. However, the network host to be queried must run the finger daemon. The common format of this command is finger [Option] [user] [user @ host]. The meaning of each option in the command is as follows: -s displays the user's registration name, actual name, terminal name, write status, stagnation time, Logon Time, and other information. -L in addition to the information displayed with the-s option, it also displays information such as the user's home directory, logon shell, email status, and under the user's home directory. plan ,. project and. the content of the forward file. -P is the same as the-l option except that the. plan and. project files are not displayed. [Example] Run the finger command on the local machine. $ Finger xxqLogin: xxq Name: Directory:/home/xxq Shell:/bin/bashLast login Thu Jan 1 21:43 (CST) on tty1No mail. no Plan. $ fingerLogin Name Tty Idle Login Time Office Phoneroot root * 1 28 Nov 25 ...... The hosts/etc/group file contains all groups/etc/shadow and all usernames in the/etc/passwd system. Modify the usermod method of the current user's group or directly modify the/etc/paaawd file. just ---------------------------------------------------------------- vlock (virtual console lock) function Description: Lock a virtual terminal. Syntax: vlock [-achv] Supplementary Note: the execution of The vlock command can lock the virtual terminal and prevent others from using it. Parameters:-a or -- all locks a terminal-phase job. If you use this parameter in a full-screen terminal, the function of switching the terminal with the keyboard is disabled. -C or -- current locks the current terminal-phase job, which is the default value. -H or -- help Online help. -V or -- version displays version information.