Ubuntu user Management and permissions operation example

Ubuntu user Management and permissions operation example

Yesterday in the reprint of this article mentioned that the file and directory permissions to the operation will be independent written to everyone, today specifically to learn the user management and permission operation of the routine, now summarized as follows. These commands are basically I run on my own computer after the implementation of this function, I put them in, I hope to be helpful to everyone, but also hope to communicate with you more ^_^

An instance

Example: Suppose there are two users Bill and Jane, who have a music CD set and want to create a shared directory in which they each store their own music files. At this point, user Bill gets superuser privileges through sudo.

• First, create a user group that is a member of Bill and Jane.

  sudo addgroup musicsudo useradd -g music janesudo useradd -g music bill

• Bill then creates the directory where the music files are stored.

  sudo mkdir /usr/local/share/music

  Because Bill is working on files outside his home directory, he needs superuser privileges, and the newly created directory is as follows:

  ls -ld /usr/local/share/musicdrwxr-xr-x 2 root root 4096 Jun 22 12:10 /usr/local/share/music

• This home directory is root and has a permission value of 755, and for that directory to be shared, Bill needs to change the group to which the directory belongs, and the group has write access.

  sudo chown :music /usr/local/share/musicsudo chmod 775 /usr/local/share/musicls -ld /usr/local/share/musicdrwxrwxr-x 2 root music 4096 Jun 22 12:10 /usr/local/share/music

  So the music group now has read and write access to the music directory, and the music members Bill and Jane have the same permissions, and other users can view the directory without modifying it.

• Modify the default mask: There is still a problem, under current permissions, that each user creates files and directories that have regular permissions for Bill and Jane;

  touch 12；ls -l-rw-r--r-- 1 bill music 0 Jun 22 12:20 12

  Because the default mask in the system is 0022, so that other members of the user group cannot write to the file, you need to modify the default mask value of Bill and Jane to 0002.

  drwxrwxr-x 2 bill music 4096 Jun 22 12:25 billdrwxrwxr-x 2 jane music 4096 Jun 22 12:24 jane

  The files and directories created at this time have the correct permissions, allowing members of the user group to create files and directories in the music directory.

Linux File/directory mode (permissions) and user management

The traditional UNIX operating system differs from the traditional MS-DOS operating system in that it is not only a multi-tasking system, but also a multi-user system. means that multiple users can use the same computer at the same time.

Linux File/directory mode management

• Chomod file Mode (permissions): Only Superuser and file owners can change permissions. Chmod supports both octal and character notation to change the file mode.

  RWX (0|1) (0|1) (0|1) Read and write execution

  Chmod supports a symbolic notation to specify a file pattern, which is divided into three parts: who will be affected by the change, what action to perform, and what permissions to set. The object to be affected can be defined by the combination of U (user, file directory owner), g (Group file user groups), O (others, other user), a (all), and if not specified, all is used by default. The operator + represents the addition of a permission, which means deleting a permission, = means that only the specified permission is available, and the other permissions are removed.
  When specifying multiple permissions, commas are required: U+x,go=rx. The advantage of symbolic notation is that it allows you to set a single property without affecting any of the other properties.

• umask--Set default permissions: The umask command controls the default permissions that are assigned to a file when the file is created, and it uses octal notation to remove a bitmask from the file mode attribute. A total of 4 bits (Gid/uid, owner, group, other user's permissions), but usually with the latter 3, for the newly created directory, the default mode is ~umask& (0777), for the newly created file is ~umask& (0666). For example umask=0002, the default mode for creating a directory is 0775, and the default mode for creating a file is 0664. The corresponding property is canceled for each 1 position in the masked binary value.
  Root Umask is 0022, while the average user is 0002, because the writable permissions are quite serious, so the presets will take away this permission! Also, because root is more important! So for the sake of security, the write attribute of the same group is taken off! This thing for security also has a certain degree of contribution yo!

Linux User management gives ordinary identity special privileges

su-Run as other user and group ID (SHELL:SU [-[l]] [user],-l Display login interface, can be abbreviated as-. You can also use the SU command to execute a single command without having to open a new interactive command interface: Su–c ' command ', note that the command needs to be enclosed in single quotes. (To use this feature in Ubuntu 14.04, you need to first set the root password under root: passwd root Before you can use the SU command).
sudo-executes the command as another user: it is similar to the SU function, but the sudo command does not require the Superuser password to be entered. With the sudo command, the user only needs to enter their own password to authenticate. And only the default permissions can be executed.
The Sudo tool is configured by file/etc/sudoers, which contains a list of all users who can access the Sudo tool and defines their privileges.

liming ALL=(ALL) ALLADMINS ALL=(ALL) NOPASSWD: ALL  表示允许ADMINS不用口令执行一切操作

The administrator needs to allow the gem user to execute the reboot and shutdown commands on the host Sun, adding in/etc/sudoers:

gem sun=/usr/sbin/reboot，/usr/sbin/shutdownsudo –l会显示当前用户在sudo模式下可以执行的权限。

chown-Change the file owner and the user group, this command requires Superuser privileges:

chown [ower][:[group]] file…

The command changes whether the file owner or the file user group depends on the first parameter of the command.

chown bob file  把文件所有者从当前所有者更改为用户bobchown bob:users file 把文件所有者更改为bob，所用户组更改为userschown :admins file  把文件所用户组改为adminschown bob: file  把文件所有者更改为用户bob，所用户组改为用户bob登录时的所属的组

Ways to add Users

adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID][--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID][--disabled-password] [--disabled-login] [--encrypt-home] USER添加普通用户（sudo adduser mountzf）

Note that there are many options for adding users directly to the user group

adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID][--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password] [--disabled-login] USER添加系统用户useradd [options] LOGIN，有很多选项，可实现密码、根目录、用户组等

Ways to add a user group

adduser --group [--gid ID] GROUP（sudo adduser --group media）addgroup [--gid ID] GROUP （sudo addgroup document）addgroup --system [--gid ID] GROUP加入—system选项表示添加系统用户组groupadd [options] GROUP（sudo groupadd music）groupmod修改用户组属性

Add user to User group

adduser USER GROUP（sudo adduser mountzf music）添加已存在的用户至已存在的用户组usermod –G/-g GROUP USER（usermod命令用来改变用户账号状态）

If a user belongs to more than one user group at the same time, the user can switch between groups of users so that they have permissions for the other user groups. After logging in, the user can switch to another user group using the command Newgrp, which is the target user group. Example: Newgrp root

Delete User

deluser USER  --remove-home             remove the users home directory and mail spool  --remove-all-files        remove all files owned by user  --backup                  backup files before removing.  --backup-to <DIR>         target directory for the backups. Default is the current directory.  --system                  only remove if system useruserdel [options] LOGIN  -f, --force                   force removal of files, even if not owned by user  -h, --help                    display this help message and exit  -r, --remove                  remove home directory and mail spool  -R, --root CHROOT_DIR         directory to chroot into  -Z, --selinux-user            remove any SELinux user mapping for the userkill -9 [pid]删除进程号为[pid]的进程。

Delete a user group

delgroup GROUPdeluser --group GROUP  --system                  only remove if system group  --only-if-empty           only remove if no members leftgroupdel [options] GROUP

Remove a user from a user group

deluser USER GROUP（sudo deluser mountzf music）但是不能从主用户组中移除

View user groups

cat /etc/group   music:x:1001:mountzf,jane同时可以显示该用户组中的用户成员（不包括以该组为主组的成员）groups 查看当前用户所属的用户组，当前用户组排在最前面groups user 查看用户user所属的用户组

View User

id/whoami查看当前用户w/who查看当前登录的用户cat /etc/passwd查看所有用户列表

Add user account is in the/etc/passwd file to add a record for the new user, while updating other system files such as/etc/shadow,/etc/group and so on.

User Password Management

passwd：超级用户可以为自己和普通用户指定口令，而普通用户只能修改自己口令。passwd修改自己的口令passwd user超级用户修改user的口令　　-l 锁定口令，即禁用账号。　　-u 口令解锁。　　-d 使账号无口令。　　-f 强迫用户下次登录时修改口令。

Files related to user management

There are several ways to accomplish user-managed work, but each approach is actually a modification of the relevant system files, including/etc/passwd,/etc/shadow,/etc/group, and so on.

/etc/passwd

/etc/passwd file is one of the most important files involved in user management, and one row of records in/etc/passwd corresponds to a user, whose format and specific meanings are as follows:

mountzf:x:1000:1000:mountzf,,,:/home/mountzf:/bin/bash用户名:口令:用户标识号:组标识号:注释性描述:主目录:登录Shell

There is a class of users in the system called Pseudo-users (Psuedo users) who also occupy a record in the/etc/passwd file, but cannot log on because their logon shell is empty. Their existence is mainly to facilitate the system management, to meet the corresponding system process of the document owner requirements.

/etc/shadow

The record line in/etc/shadow corresponds to one by one in/etc/passwd, which is automatically generated by the PWCONV command based on the data in the/etc/passwd.

/etc/group

All the information for the user group is stored in the/etc/group file.

That's what I've been learning about in the Ubuntu system for two days. User management and File/directory permissions operations involved.

Shenfeng
June 22, 2016 in Shenzhen

Ubuntu user Management and permissions operation example