Getting Started with Linux-users, groups, permissions

Linux is a multi-tasking multi-user system that allows multiple users to log on to the same host at the same time. In order to consider everyone's privacy and work space, this time the owner of the file (owner) is the role of the user becomes particularly important, while for users and users to facilitate cooperation, sharing some public resources, in order to achieve rapid allocation of resources, we put multiple users in a public space, They are given different permissions for operations such as read and write execution, and these users are collectively composed of the so-called user groups (group).

Primary profiles for users and groups

1/ETC/PASSWD: User and its attribute information file format

User name: Password bit: xuid:gid: Description bit: Home directory: Shell:

2/etc/group Group and its attribute information file format

Group name: Group password: Group ID: Additional Group member list

3/etc/shadow user passwords and their associated property file formats

User name: Password (encrypted): Password Last modified: password minimum survival: Password maximum survival: How many days before the password expires reminder User: How many days after password expires account Expires: Account Expires: Reserved bit:

4/etc/gshadow: group password and its associated properties file format

Group name: group password (encryption): Group administrator: Attach group member list

User and Group Management command IDs

ID User name Displays information for the specified user

Useradd

-U UID Specifies UID

-O with-u, does not check UID uniqueness

-G Gid/Group name specifies the user's primary group

-G Gid/Group name specifies the user's additional group

-s/sbin/nologin the default shell for the specified user

Useusermod

-G Gid/Group name Modify the user's primary group (the group must first exist)

-G Gid/Group name set User's additional group

Usermod-g ' Zhangsan Remove all additional groups

-S shell modifies the user's default shell

Userdel

Userdel User name Delete user does not delete home directory (can be viewed under/etc/home)

Userdel-r User name Delete user, together with home directory and mail file deleted

Su

su– user name in the root switch does not require a password, other users need to switch passwords

Groupadd

Groupadd Group Name

Groupmod

Group-n New group name current group name modify group name

Group-g new ID Current group name modify GID

Groupdel

Groupdel Group name Delete Group

gpasswd

GPASSWD-A User Name Group name specifies that the user joins the specified group as an additional group

GPASSWD-D User Name Group name specifies that the user is removed from the specified group

GPASSWD-A User name Group name Settings Group Administrator (Administrator can fix the group password and modify team members)

Gpasswd-m ' Group name Delete all members composed of

Groupmems

GROUPMEMS-G Group-A user name add members to the group

GROUPMEMS-G Group name-D user name remove a member from a group

GROUPMEMS-G Group name-L List Group members (does not contain a primary group)

GROUPMEMS-G Group name-p clears all members of the group

Summary: Add a group of users to an additional group

1.USERMOD-G Group name User name

2.GPASSWD-A User Name Group name

3.GROUPMEMS-G Group name-a user name

to understand each user has and can have only one primary group, but the user can have 0 to multiple additional groups each file can have only one owner, and one owning group

Practice

1 Create group Weiguo,shuguo, create user Liubei for Shuguo Group Administrator, Caocao for Wei group administrator

2 Create user Kongxiuxiu,guanyu whose additional group is Weiguo, create user Zhangfei whose primary group is Shuguo

3 Delete User Kongxiu completely, change Guanyu additional group Weiguo to Shuguo

Understanding and Setting File permissions

We have to keep in mind that when users access files, the order of permissions is owner > group >other

That is, when a user accesses a file, first determine whether the current user is the owner of the file, if it is owner, the permissions of the owner bit is applied, if not owner, then determine whether the user belongs to the group, if there is a group of the same file, if there is, Apply the permissions of the group bit, if none, then apply the other bit permission

With ll you can see a file (if the file does not have ACL set) permission

-: Type of File:-,d,l,b,c,p,s

Rw-:owner

R--:group

R--:other

. Indicates whether the file has SELinux context value

R Read file (list directory file)
W Write permission (can modify create or delete files in the directory requires X permission)
X Excute Execute permissions (directory basic permissions, only execute permissions to have other actions)

Chgrp

CHGRP group name File/directory name (modify user's group) (owner can modify the file belonging to the group, but owner must belong to the target group)

Chgrp-r recursion

Chown

Chown User name File/directory name modify owner of user

Chown-r recursively modifies sub-file subdirectories in the directory at the same time

Chmod

Symbol mode

chmod u/g/o +-= rwx file name

Example: chmod o+w a adds W permission to the other bit of file a

Digital mode

1 for x 2 on behalf of W 4 for R

1:x 2:w 3:wx 4:r 5:rx 6:rw 7:rwx

Example: chmod 777 A set the permissions for file A to rwxrwxrwx

Practice

1 Create directory/app/house, ask owner for Liubei, only Liu shut down the directory has full permissions, others do not have any permissions

Note: I have joined Liu Shuguo in front of the group.

2 respectively use Liu closure three users in house to create their own house directory, called Xxx_room, require their own house can only have full permissions, others do not have any permissions

3 Create a shared directory for/app/house/common, ask Liu to shut down the files created in this directory, can read and write to each other, no one else has any permissions.

Special Permissions Suid

chmod u+s

When a suid is executed for an executable binary, anyone who executes the file temporarily has the permissions of its owner

Sgid

chmod g+s

1. When a sgid is executed for an executable binary, anyone who executes the file temporarily has permission for all of its groups

2. When Sgid permissions are in effect for a directory, the owning group of the files created by anyone in that directory is the same as the owning group for that directory

Sticky

For a directory to function sticky permissions, the files in this directory only the owner and the directory of the owner and root can be deleted.

Acl

How ACLs are turned on

Centos7 default ACL support

CENTOS6 and before, the operating system installation of the file system created by default support ACL, and operation after installation using MKFS formatted file system default ACL is not turned on, you need to manually open the method as follows:

1.tune2fs-o Acl/dev/sda5

2.mount-o Acl/dev/sda5/app

ACL Permissions Judgment Order

owner> ACL user > Group > Other

Set ACL

Setfacl-m u:liubei:rwx TestDir

Set default Permissions

SETFACL-RM u:liubei:rwx testdir/to set current permissions

SETFACL-RM d:u:liubei:rwx testdir/setting permissions for future files

Remove all permissions, empty the ACL structure

Setfacl-b TestDir

ACL Extended Properties The Packaging tool does not support storage

Practice

1, the new files created in the/app/dir automatically belong to the Shuguo group, the group Weiguo members such as: Caocao can have read and write access to these new files, group Wuguo members such as: Sunquan can only have read access to new files, other users can not access this folder

2. Back up all files in/app/dir, delete/testdir/dir, then restore/testdir/dir, and restore all ACL permissions in/testdir/dir.

Getting Started with Linux-users, groups, permissions