Linux User and file Rights management

Source: Internet
Author: User
Tags chmod file permissions

Linux is a multi-user login operating system, such as "Li Lei" and "Han Meimei" can both log on the same host, they share some of the resources of the host, but they also have their own user space, for storing their own files. But in fact their files are placed on the same physical disk or even the same logical partition or directory, but due to the Linux user management and permissions mechanism, different users can not easily view, modify each other's files.

Let's take a look at the basics of account management under Linux.

1. First check the user's instructions

Who am I/whoami

The first column of the output indicates the user name of the user who opened the current pseudo-terminal (to see the user name of the current logged-in user, to remove the space to use directly whoami ), the second column pts/0 represents a pts pseudo-terminal, the so-called pseudo-device, pseudo- /dev/tty terminal is when you use the graphical user interface c4/> when each opening of a terminal will produce a pseudo terminal, the pts/0 back of that number represents the opening of the pseudo-terminal number, you can try to open a terminal, and then enter in the inside who am i , see whether the second column becomes pts/1 , the third column represents the current pseudo-terminal start time.

2. User's creation:

In a Linux system, the root account has the supremacy of the entire system, such as new/added users.

Root privileges, one of system permissions, and the systems permissions can be understood as a concept, but higher than Administrator permissions, Root is the Linux and UNIX system in the Super Administrator user account, the account has the entire system supremacy of power, all objects he can operate, So many hackers in the intrusion system, you have to elevate permissions to root permissions, using the method of Windows to understand that is to add their own illegal account to the Administrators user group. More like the Android operating system (based on the Linux kernel) to gain root privileges, it means that the phone has been given the highest rights, this time you can do any files on the phone (including system files) to perform all the add, delete, change, check the operation.

we generally log on to the system as a regular account of the login , to create a user needs root permission, sudo This command is used here . However, there are two major prerequisites for using this command, one is to know the password of the current logged -in user, and the second is to have the user sudo group in the previous user. (You'll see how to view and add user groups later.)

su,su-and Sudo

su <user>You can switch to users user, you need to enter the password of the target user, sudo <cmd> you can run the cmd command at the privilege level, you need the current user to be a sudo group, and you need to enter the current user's password. The su - <user> command also switches the user, and the environment variable is then changed to the target user's environment variable.

Now let's create a new user named Lilei:

$ sudo adduser lilei

This command not only adds the user to the system, but also creates the home directory for the new user by default :

ls /home

Now that you have created the good one user, and you can log in using the user you created, use the following command to switch the logged in User:

$ su -l lilei

Exit Current user you can use exit commands or use shortcut keys Ctrl+d as you would exit a terminal.

3. User groups

In Linux each user has a attribution (user group), the user group simply understand is a set of users, they share some resources and permissions, and have private resources, and the form of home, your siblings (different users) belong to the same home (user group), You can have this family together (shared resources), Mom and dad treat you all the same (share permissions), you occasionally write a diary, others without permission can not view (private resources and permissions). Of course, a user can belong to more than one user group, as you belong to the family, but also belong to the school or company.

How do you know which user groups you belong to in Linux?

Method One: Use the groups command
$ groups shiyanlou其中冒号之前表示用户,后面表示该用户所属的用户组。

Method Two: View /etc/groupFile
$ cat /etc/group | sort

This cat command is used to read the contents of the specified file and print it to the terminal output, which will be used in detail later. | sortindicates that the text to be read is sorted by a dictionary and then output,

etc/groupFile Format description

The content of/etc/group includes the user group, user group password, GID, and the user that the user group contains, one record per user group. The format is as follows:

Group_name:password:GID:user_list

You see the password field above as a x not that the password is it, but that the password is not visible.

Add other users to the sudo user group

By default, the newly created user is not rooted or the Sudo user group can be added to the sudo user group to gain root privileges:

$ su -l lilei$ sudo ls

Will prompt Lilei not in the sudoers file, meaning that Lilei is not in the Sudo user group, as for the sudoers file (/etc/sudoers) You better not move it now, careless operation will lead to more troublesome consequences.

Use usermod the command to add a user group to the user, and you must have root permission to use the command, you can either use the root user to add a user group to another user, or use the sudo command to get permissions for other users who are already in the sudo user group to execute the command.

Here I use the Shiyanlou user to execute the sudo command to add Lilei to the sudo user group so that it can also use the sudo command to get root privileges:

$ sudo usermod -G sudo lilei

Then you switch back to the Lilei user and you can now use sudo to get root privileges.

4. Delete a user

Deleting a user is a simple thing: sudo deluser lilei--remove-home

5.liunx Ask Permission

File permissions are the access control permissions for a file, that is, which users and groups can access the file and what actions can be performed.

Unix/linux system is a typical multi-user system, different users in different positions, the files and directories have different access rights. In order to protect the security of the system, the Unix/linux system, in addition to the user's rights have been strictly defined, but also in the user identity authentication, access control, transmission security, file read and write permissions, etc. have been carefully controlled.

Each file or directory in the Unix/linux contains access rights that determine who can access and how to access these files and directories

We have used the command many times before, ls as you can see, we use it to list and display the files in the current directory, of course, without any parameters, it will do more than that, and now we need to use it to view the file permissions.

To list files in a longer format:

$ ls -l

You may not know the last item except the file name, so what does it mean?

Perhaps you still do not understand, such as the first file type and permissions that a bunch of things exactly what to refer to, what the link is, what is the last modification time, the following one by one ways:

    • File type

About the file type, here's one thing you must always keep in mind that Linux is all files, because this is the device files ( /dev directory has a variety of device files, mostly with specific hardware equipment related) This said. socket: Network sockets, what is the specific, interested users can learn or look forward to the experiment building follow-up related courses. pipepipeline, this thing is very important, we will discuss later, here you first know that there is the existence of it. 软链接文件: The link file is divided into two kinds, the other is of course "hard link" (hard links are not commonly used, the specific content is not the focus of the course discussion, and soft link is equivalent to the shortcut on Windows, you remember this is enough).

    • File permissions

Read permission, which means that you can use cat <file name> such commands to read the contents of a file, write permission, that you can edit and modify a file, execute permissions, usually refers to a binary program file or script file that can be run, like a exe suffix file on Windows, but the Linux The type of file is not distinguished by the file suffix name. One thing you should be aware of is that a directory has both read and Execute permissions to open and view internal files, and a directory with write permission to allow other files to be created, because the catalog file actually holds information such as a list of files in that directory.

Owner permissions, which you should understand, as to the user group permissions, refers to all other users in your user group to the file permissions, for example, you have a pobman, then this user group permissions determine whether your siblings have the authority to use it to destroy it and take possession of it.

    • Number of links

The number of file names linked to the Inode node where the file is located (for the concept of Linux file system related concepts, not in the scope of this course, interested users can understand themselves).

    • File size

With the Inode node size as the size of the file, you can give LS plus -lh parameters to see the size of the file more visually.

Understanding some of the concepts of file permissions, let's add ls some other common uses of commands:

    • Displays . all files except (current directory) and .. (top level directory), including hidden files ( . files that start with Linux are hidden).
$ ls -A

Of course, you can use both -A and -l parameters:

$ ls -Al

To view the full properties of a directory instead of displaying the file attributes in the directory:

$ ls -dl <目录名>
    • Show all file sizes and present them in a way that ordinary humans can understand:
$ ls -AsSh

Where small S is the size of the display file, big S is sorted by file size, and if you need to know how to sort by other means, use the "man" command to query.

6. Change file permissions

If you have a file that you do not want to be read, written, or executed by another user, then you need to modify the permissions of the file, there are two ways:

    • mode 1:2 binary digit representation

Three sets of permissions for each file (owner, owning user group, other user, remember this order is certain ) corresponds to a "rwx", that is, a "7", so if I want to change the file "Iphone6" permission to only I can use it then:

To demonstrate, I'll add some content to the file:

$ echo "echo \"hello shiyanlou\"" > iphone6

Then modify the permissions:

$ chmod 700 iphone6

Now, other users can't read this "iphone6" file anymore:

    • Mode two: Add and subtract assignment operation

To accomplish the same effect as above, you can:

$ chmod go-rw iphone6

goAnd alsouRepresents group, others, and user, respectively,+And-The corresponding permissions are added and removed respectively.

If you have a file that you do not want to be read, written, or executed by another user, then you need to modify the permissions of the file, there are two ways:

    • mode 1:2 binary digit representation

Three sets of permissions for each file (owner, owning user group, other user, remember this order is certain ) corresponds to a "rwx", that is, a "7", so if I want to change the file "Iphone6" permission to only I can use it then:

To demonstrate, I'll add some content to the file:

$ echo "echo \"hello shiyanlou\"" > iphone6

Then modify the permissions:

$ chmod 700 iphone6

Now, other users can't read this "iphone6" file anymore:

    • Mode two: Add and subtract assignment operation

To accomplish the same effect as above, you can:

$ chmod go-rw iphone6

goAnd alsouRepresents group, others, and user, respectively,+And-The corresponding permissions are added and removed respectively.

Linux User and file Rights management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.