Linux User and permission management, linux user permission management

Linux User and permission management, linux user permission management

[File management, MPs queue, user and group management, user and permission management] \ user and group management

User and group management

Linux is a multi-user multi-task time-sharing operating system. any user who wants to use system resources must first apply for an account from the system administrator and then enter the system as the account. User Accounts can help system administrators track users who use the system and control their access to system resources. They can also help users organize files and provide security protection for users. Each user account has a unique user name and password. After you enter the correct user name and password during logon, you can access the system and your home directory. To manage user accounts, you must do the following:

1. add, delete, and modify user accounts.

2. manage user passwords.

3. manage user groups.

Linux users are divided into two types: Administrator (UID: 0) and normal user (UID: 1-65535). Common users are divided into system users and login users.

　　Note: The content that a program can access depends on the publisher of the program.

Linux groups can be divided into administrator groups (GID: 0) and common user groups (1-60000)

　　Note: The UID and GID of centos6 and centos7 are slightly different.

In addition, user groups can be divided into basic groups (a user creates a basic group with the same name by default) and additional groups (in addition to existing basic groups, you can also add other groups, other groups are added to this user group)

Therefore, the group name is the user name and only one user is called a private group, while the group contains multiple users called a public group.

Configuration files related to Linux users and groups

User and user group information is stored in the/etc/passwd,/etc/shadow,/etc/group, and/etc/gshadow files. The following describes the specific content of these files.

1./etc/passwd

This file stores the user and its attributes. Each piece of information is divided into seven parts by colons from left to right. username: x (password placeholder. The real password cannot be placed here, which is too insecure ): UID (User ID): GID (User Group ID): stores the user's annotation information: user's home directory: the user's default shell.

2./etc/shadow

This file stores the user password and its related property information, each of which is divided into nine parts by a colon from left to right, User name: Password (encrypted, there are "!" in the password Or the "*" user has been disabled.): The last password change date. The number of days since the first year of linux (January 1, January 1, 1970): Minimum Password usage time: Maximum Password usage time: password alert time (an alert is triggered n days before the password expires and the password needs to be changed): no activity time (m days after the warning time is exceeded ): expiration time (this time cannot be used): reserved space is not used for the moment.

3./etc/group

This file stores the user group and its attributes. Each row is split from left to right by a colon into four parts. The group name (a group with the same name is created when a user is created ): group x placeholder passwords (stored in other locations like user passwords): GID: A list of users separated by commas (,). The list of users in this group is an additional group.

4./etc/gshadow

This file stores the group password and its related attributes. Each row is split from left to right by a colon into four parts. The group name (a group with the same name is created when a user is created ): ciphertext password (if it is null, only members of this group can obtain the permission, "!" You can directly add a User Group Administrator (a list of users separated by commas (,) without a password. The user group administrator can modify the password and group members, other members in the group also have the same permissions): members (the user list of users in this group should be the same as the user list in/etc/group)

Common user-group-related management commands

I. User Creation: useradd

Usage: useradd [options] login

Common options:

-U: -- uid UID: Specify UID, defined in/etc/login. defs

-G: -- gid GROUP: specifies the basic user GROUP, which can be the GROUP name or GID.

-G: GROUP1 [, GROUP2,... [, GROUPN]: Specifies the additional group to which the user belongs. The group exists beforehand.

-C: -- comment COMMENT: user comments

-D:/PATH/TO/HOME_DIR: the specified PATH is the user's home directory. Copy/etc/skel and rename the directory. If the specified home directory exists in advance, the environment configuration file is not copied for the user.

-S: -- shell SHELL: Specifies the user's default shell. The available list is stored under/etc/shells.

-R: Create a system user.

　　Note: The default value is set in/etc/default/useradd. Use the useradd-D command to view the default configuration of the created user.

2. Create a group: groupadd

Usage: groupadd [option]... group_name

Common options:

-G GID: indicates the GID.

-R: creates a system group.

3. view User ID information: id

Usage: id [OPTION]... [USER]

Common options:

-U: only valid UID is displayed.

-G: Only displays the user's basic group ID.

-G: only the IDs of all groups to which the user belongs are displayed.

4. Switch the user or execute the command as another user: su

Usage: su [options...] [-] [user [args...]

Switch user mode:

Non-Logon switchover does not read the configuration file of the target user for initialization: su USERNAME

The logon switch reads the configuration file of the target user. Full switch: su-USERNAME or su-l USERNAME

 

Execute the command for identity change:

Su [-] username-c 'commadn'

V. User encryption: passwd

Usage: passwd [options] username: Modify the password of a specified user. Only the root user has the permission.

Common options:

-L: Lock the specified user

-U: unlock a specified user

-N: mindays: Specifies the shortest term.

-X: maxdays: maximum service life

-W: warndays: alert period

-I: inactivedays: inactive period

Receive user password from standard input: echo "password" | passwd -- stdin username

6. Modify user attributes: usermod

Usage: usermod [options] LOGIN

Common options:

-U, UID: Change the user ID to the new UID;-g, -- gid GROUP: Modify the user to the new base GROUP;-G, GROUP1 [, GROUP2 ,... [, GROUPN]: modifies the additional group to which the user belongs. The original one will be overwritten. If the original one is retained, the-a option (append)-s will be used at the same time, new default shell-c, COMMENT: New Annotation information;-d, HOME_DIR: new user's home directory; user's original files will not be transferred to the new home directory; to move the image, use the-m option. -L, login name: New User name;-L, lock: lock the user password; that is, add "! ";-U, -- unlock: unlock the user's password; 7. Delete the user: userdel

Usage: userdel [options] LOGIN

Common option-r: Delete the home directory when deleting a user. This option is not deleted by default.

8. Modify group attributes: groupmod

Usage: groupmod [options] GROUP

Common options:

-G GID: New GID

-N group_name: new group name

9. delete a group: groupdel

Usage: groupdel GROUP

10. group password: gpasswd

Usage: gpasswd [option] group

Common options:

-A USER: Add a user to a specified group.

-D USER: delete an additional group named after the current group.

-A USER1, USER2,...: sets A list of users with administrative permissions.

11. Modify user attributes: chage

Usage: chage [options] LOGIN

Common options:

-D: The last time the password was modified.

-E: Modify the user expiration time

-I: When the password expires

-W: modify the number of alert days

-M: minimum number of days to change the password

-M: Maximum number of days to change the password

File Permissions

Objects for file permissions are:

Owner: owner, u

Group: group, g

Other: others, o

For files:

File readable (r): You can view its content.

File writable (w): The file content can be modified.

File executable (x): You can submit the file to the kernel to start a process.

For the directory:

Directory readable (r): You can use ls to view the file list in the directory.

Directory Writable (w): You can create or delete files in this directory.

Directory executable (x): You can use ls-l to view the files in the directory and add cd to the directory.

Permission management commands

1. Modify the File Permission (chmod)

Usage:

1. chmod [OPTION]... MODE [, MODE]... FILE...

Rwx can be directly assigned to the corresponding user type: u is the owner, g is the group, o is other users, and a is all users (same as ugo = ---)

Or you can directly operate on a permission bit (u + x, o-r) of a class of users)

2. chmod [OPTION]... OCTAL-mode file... directly use octal to modify r = 4, w = 2, x = 1. here,-R can recursively Modify permissions. 3. chmod [OPTION]... -- reference = rfile file... refer to permissions for other files.

View File Permissions [root @ localhost/] # ll-lh/djtotal 16K-rw-r -- r -- 1 root 51 Jun 14 hello_world.py-rw-r -- r -- 1 root 92 Jun 15 name_daxiaoxie.py-rw-r -- r -- 1 root 84 Jun 15 09:44 name. py-rw-r -- 1 root 359 Jul 23 test. py modify permission [root @ localhost/] # chmod 775/dj/hello_world.py [root @ localhost/] # ll-lh/djtotal 16K-rwxrwxr-x 1 root 51 Jun 14 hello_world.py-rw-r -- r -- 1 root 92 Jun 15 name_daxiaoxie.py-rw-r -- r -- 1 root 84 Jun 15 name. py-rw-r -- 1 root 359 Jul 23 test. py uses the third method [root @ localhost/] # chmod -- reference =/dj/hello_world.py/dj/test. py [root @ localhost/] # ll-lh/djtotal 16K-rwxrwxr-x 1 root 51 Jun 14 hello_world.py-rw-r -- r -- 1 root 92 Jun 15 name_daxiaoxie.py-rw-r -- r -- 1 root 84 jun 15:44 name. py-rwxrwxr-x 1 root 359 Jul 23 02: 48 test. py [root @ localhost/] #

2. Modify the owner of the file group (only the root user is used)

1. Modify the owner (chown)

Usage: chown [OPTION]... [OWNER] [: [GROUP] FILE... or -- referrence

Chown owner | owner: group |: group file (where: can be replaced by. And can be replaced by-R recursion)

2. Modify the group (chgrp)

Chgrp [option]... group file or -- referrence Mode

3. The mask code for creating a file or directory: umask

File: 666-umask)

Dir: 777-umask

Umask: view the current value

Umask #: Set Value