The common Linux system, so I learned how to study the Linux system. Here I will introduce the Linux system application in detail and hope it will be useful to you. This document describes the concepts of user and group management in Linux systems, and lists commands related to user and group; here, we also describe the single-user multi-task and multi-user multi-task. This article is a basic document;
1. Understand the concept of single-user multi-task and multi-user multi-task in Linux;
Linux is a multi-user, multi-task operating system; we should understand the concept of single-user multi-task and multi-user multi-task;
1. Single User multitasking in Linux;
Multi-task for a single user. For example, when we log on to the system with beinan and enter the system, I want to open gedit to write the document. However, when writing the document, I feel less music, so I opened xmms to make some music again. Of course, I couldn't even listen to some music, and MSN had to open it. I wanted to know what some of my colleagues are doing now. In this way, when I log on with the beinan user, run gedit, xmms, msn, And the fcitx input method. In this case, a beinan user executes several tasks to complete the work. Of course, beinan is a user, others can log on remotely and do other work.
2. Multi-user and multi-task in Linux;
Sometimes many users use the same system at the same time, but not all users must do the same thing, so there are multiple users and multiple tasks. For example, for example, the Linux system Sir. the Org server contains FTP users, system administrators, web users, and common users. At the same time, some may be visiting the forum, and some may be uploading software package management sites, for example, luma or Yuking is managing their home page system and FTP. At the same time, there may be system administrators who are maintaining the system. They use nobody users to browse the home page, the uploaded Software Package uses FTP users. The Administrator's maintenance or viewing of the system may use a common account or super-Permission root account. Different users have different permissions, different users are required to complete different tasks, and different users may have different jobs;
It is worth noting that multi-user multi-task operations are not performed by the keyboard and display of a single machine at the same time. Multiple users may log on remotely, for example, remote control of the server, anyone with user permissions can perform operations or access on the website;
3. User Role differentiation;
Users are divided into roles in the system. In Linux, permissions and tasks are different because of different roles; it is worth noting that the user's role is identified by UID, especially UID. In system management, the system administrator must stick to the unique characteristics of UID;
Root User: The system is unique and real. You can log on to the system, operate any files and commands in the system, and have the highest permissions. Virtual users are also called pseudo users or fake users, different from real users, such users do not have the ability to log on to the system, but are indispensable users for system operation, such as bin, daemon, adm, ftp, mail, etc; these types of users are owned by the system, rather than those subsequently added. Of course, we can also add virtual users. Common real users: These users can log on to the system, however, you can only operate on the contents of your home directory; limited permissions; such users are added by the system administrator;
4. Security of multi-user operating systems;
Multi-user systems are more convenient for system management. From a security perspective, the multi-user management system is more secure. For example, if a file under a beinan user does not want other users to see it, just set the file permissions, only one beinan user can read, write, and edit data. In this way, only one beinan user can operate on its private files. The Linux system performs the best for multiple users, the Linux system can protect the security of every user, but we also have to learn about the Linux system. If there is no security-aware administrator or management technology, such a system is not secure.
From the server point of view, the system security under multiple users is also the most important. For Windows operating systems that we commonly use, the system's capability of permission management can only be said to be general, there is no way to compare with Linux or Unix systems;
2. Concepts of users and user group;
1. user) concept;
Through the understanding of multiple users in the Linux system, we understand that the Linux system is a real multi-user operating system, so we can build several users in the Linux system ). For example, our colleague wants to use my computer, but I don't want him to log on with my username, because my username contains information and information that others don't want to see, that is, private content) in this case, I can create a new user name for him to use the user name I opened, which is in line with the operational rules from the computer security perspective;
Of course, the concept of user) is not just that. in Linux, there are still some users who are used to complete specific tasks, such as nobody and ftp. we access the Linux system Sir. org's webpage program is a nobody user. ftp or nobody is used for anonymous ftp access. If you want to know some Linux accounts, see/etc/passwd;
2. Concepts of User group;
User group) is a collection of users with the same features. For example, we sometimes want to allow multiple users to have the same permissions, such as viewing, modifying a file, or executing a command, in this case, we need a user group. We define all users to the same user group. By modifying the permissions of files or directories, we can grant certain operation permissions to the user group, in this way, users in the user group have the same permissions on the file or directory, which is achieved by defining the group and modifying the file permissions;
For example, in order for some users to have the permission to view a document, such as a timetable, the person who writes the timetable must have the permission to read and write the document, we want some users to know the contents of this Schedule without modifying them. Therefore, we can place these users into a group and modify the permissions of this file to make the user group readable, in this way, each user in the user group is readable;
The ing between users and user groups is one-to-one, multiple-to-one, one-to-many, or multiple-to-many;
One-to-one: a user can be a unique member of a group;
Multiple-to-one: multiple users can be members of a unique group and cannot belong to other user groups. For example, beinan and Linux system sir users only belong to beinan user groups;
One-to-multiple: a user can be a member of multiple user groups. For example, beinan can be a member of the root user group, Linux system sir user group, or adm user group;
Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group. In fact, the many-to-many relationship is the expansion of the first three. I have understood the three above, this article can also be understood;
3. configuration files, commands, or directories related to user and user group;
1. configuration files related to user and user group;
1) user-related configuration files;
/Etc/passwd Note: user) configuration file;
/Etc/shadow Note: user) shadow password file;
2) configuration files related to user group;
/Etc/group Note: User group) configuration file;
/Etc/gshadow note: the shadow file of the user group;
2. Tools or commands for managing user) and user group;
1) Tools or commands used to manage user;
Useradd Note: Add a user
Adduser Note: Add a user
Passwd Note: set a password for the user
Usermod Note: to modify user commands, you can use usermod to modify the logon name and user's home directory;
Pwcov Note: Synchronize users from/etc/passwd to/etc/shadow
Pwck Note: pwck verifies whether the content of the user configuration file/etc/passwd and/etc/shadow is legal or complete;
Pwunconv Note: it is the vertical reverse operation of pwcov. It is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file;
Finger Note: Tools for viewing user information
Id Note: view the UID, GID, and user group of the user.
Chfn Note: Change User information tool
Su Note: User Switching Tool
Sudo Note: sudo uses another user to execute the command execute a command as another user), su is used to switch users, and then the user to complete the corresponding task through the switch, however, sudo can directly execute the following commands. For example, sudo can execute root authorization without the root password. Only root can execute the corresponding commands; however, you must edit/etc/sudoers through mongodo;
Except do note: visodo is the command for editing/etc/sudoers. You can also use vi to edit/etc/sudoers;
Sudoedit Note: similar to the sudo function;
2) tools or commands used to manage user group;
Groupadd Note: Add a user group;
Groupdel Note: delete a user group;
Groupmod Note: Modify user group information
Groups Note: displays the user group to which the user belongs.
Grpck
Note: Use the/etc/group and/etc/gshadow file content to synchronize or create/etc/gshadow. If/etc/gshadow does not exist, create it;
Grpunconv Note: Use the/etc/group and/etc/gshadow file content to synchronize or create/etc/group, and then delete the gshadow file;
3./etc/skel directory;
The/etc/skel directory is generally the directory for storing User Startup files, which is controlled by the root permission. When we add users, files in this directory are automatically copied to the Home Directory of the newly added user. Files in the/etc/skel directory are hidden files, which are similar. file Format. You can modify, add, or delete files in the/etc/skel directory to provide users with a unified, standard, and default user environment;
[Root @ localhost beinan] # ls-la/etc/skel/
Total usage 92
Drwxr-xr-x 3 root 4096 August 11 23:32.
Drwxr-xr-x 115 root 12288 October 14 13:44 ..
-Rw-r -- 1 root 24 00:15. bash_logout May 11
-Rw-r -- 1 root 191 May 11 00:15. bash_profile
-Rw-r -- 1 root 124 May 11 00:15. bashrc
-Rw-r -- 1 root 5619. canna
-Rw-r -- 1 root 438 May 18 15:23. emacs
-Rw-r -- 1 root 120 May 23 05:18. gtkrc
Drwxr-xr-x 3 root 4096 August 11 23:16. kde
-Rw-r -- 1 root 658 2005-01-17. zshrc
Files in the/etc/skel directory are generally stored in the home directory where the user is automatically copied when the useradd and adduser commands are used to add the user; if we add a user by modifying/etc/passwd, we can create the user's home directory and copy the files under/etc/skel to the user's home directory, then, chown is used to change the owner of the new user's home directory;
4./etc/login. defs configuration file;
/Etc/login. the defs file is a plan for creating a user, such as whether to use the home directory, the UID and GID range, and the user's validity period when creating a user, this file can be defined by root;
For example, the/etc/logins. defs file content of Fedora;
# * REQUIRED *
# Directory where mailboxes reside, _ or _ name of file, relative to
# Home directory. If you _ do _ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
# QMAIL_DIR Maildir
MAIL_DIR/var/spool/mail Note: when creating a user, you must create a user mail file in the/var/spool/mail directory;
# MAIL_FILE. mail
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999 note: the maximum number of days for a user's password to expire;
PASS_MIN_DAYS 0 note: the minimum number of days between password changes;
PASS_MIN_LEN 5 Note: Minimum Password Length;
PASS_WARN_AGE 7 Note:
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500 note: The minimum UID is 500, that is, when a user is added, the UID starts from 500;
UID_MAX 60000 Note: The maximum UID is 60000;
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500 note: GID starts from 500;
GID_MAX 60000
#
# If defined, this command is run when removing a user.
# It shoshould remove any at/cron/print jobs etc. owned
# The user to be removed (passed as the first argument ).
#
# USERDEL_CMD/usr/sbin/userdel_local
#
# If useradd shoshould create home directories for users by default
# On RH systems, we do. This option is ORed with the-m flag on
# Useradd command line.
#
CREATE_HOME yes Note: whether to create the user's home directory requires creation;
5./etc/default/useradd file;
The rule file when adding a user through useradd;
# Useradd defaults file
GROUP = 100
HOME =/home Note: Create the home Directory of the user in/HOME;
INACTIVE =-1 Note: whether to enable account expiration and suspension,-1 indicates not to enable;
EXPIRE = Note: the end date of the account. If this parameter is not set, the account is not enabled;
SHELL =/bin/bash Note: SHELL type used;
SKEL =/etc/skel Note: by default, the default file storage location of the user's directory is added. That is to say, when adduser is used to add users, the files in the user's home directory are, all of them are copied from this directory;
Postscript:
There are so many management contents about user and user group. You only need to understand and master the content mentioned above, and manage user and user group; because user) and user group) are associated with file and directory permissions, the operations on file and directory permissions are also documented in an independent document;
This article only helps novice students understand the principles of user and user group. Therefore, when I write this article, I mostly explain the content. I mean to explain and index some commands, it is important for novice brothers to understand the theory. Technical Operations are nothing more than command usage;
The content of this article will be constantly updated and changed. Some commands need to be elaborated in an independent document and I will finish it in the last few days;
- Brief Introduction to Linux System Software
- Linux is more secure than Microsoft Windows.
- One of the most popular alternatives for Linux systems
- A better "zero-day attacks" defense tool in Linux
- Better patch management tools for Linux systems