Original: http://www.cnblogs.com/licheng/p/6103992.html
One, the understanding of Linux single-user multi-tasking, multi-user multi-tasking concept;
Linux is a multi-user, multi-tasking operating system, we should understand the single-user multi-tasking and multi-user multi-tasking concept;
1, Linux Single-user multi-tasking;
Single user multitasking; For example, when we log into the system with Beinan, I want to open gedit to write the document, but in the process of writing the document, I feel less music, so open the Xmms to some music, of course, listen to some music, MSN still have to open, want to know what a few brothers are doing now, Like this, I am using Beinan user login, executed gedit, XMMS and MSN, and of course, the input method fcitx; This is a bit simpler, a Beinan user, in order to complete the work, carried out a few tasks; Of course Beinan this user, Others can also do other things by logging in remotely.
2, Linux Multi-user, multi-tasking;
Sometimes it may be a lot of users at the same time with the same system, but not all users must do the same thing, so this has a multi-user multi-tasking said;
For example, such as the linuxsir.org server, which has FTP users, system administrators, Web users, regular users, and so on, at the same time, may have some brothers are visiting the forum, some may be uploading package management sub-station, such as Luma or yuking Brother in the management of their home system and FTP; At the same time, there may be a system administrator to maintain the system, browse the homepage is used by the nobody users, everyone with the same, and upload the package with the FTP user, the administrator of the system maintenance or review, May use a normal account or Superuser root account, different users have different permissions, to complete different tasks need different users , can also say that different users, may be completed work is not the same ;
Noteworthy is: Multi-user multi-tasking is not everyone at the same time squeezed to a machine in the keyboard and display to operate the machine, multi-user may be through remote login, such as remote control of the server, as long as there is user rights can be up to anyone to operate or access;
3, the role of users to distinguish;
Users in the system are sub-roles, in the Linux system, due to different roles, permissions and the tasks completed are different; it is noteworthy that the user's role is through UID and identification, especially UID; in system management, the system administrator must adhere to the unique characteristics of UID;
Root User: The system is unique, is real, can log on the system, the operating system can be any file and command, with the highest authority;
Virtual User: This kind of user is also called pseudo-user or false user, distinguish from real user, this kind of user does not have the ability to log in system, but it is the user that the system runs indispensable, such as bin, daemon, ADM, ftp, mail, etc., this kind of user is owned by the system itself, not later added, Of course we can also add virtual users;
Ordinary real users: such users can log into the system, but only the contents of their own home directory, limited access, such users are the system administrator to add their own;
4, the security of multi-user operating system;
Multi-user system is more convenient for system management from the fact. From the security point of view, multi-user management of the system more secure, such as Beinan users under a file do not want to let other users see, just set up the file permissions, only Beinan a user readable writable editable on the line, so that only Beinan a user can operate their private files , Linux in multi-user performance is the best, Linux can well protect the security of each user, but we also have to learn that Linux is a safe system, if there is no security-conscious administrator or management technology, such a system is not secure.
From the server point of view, multi-user system security is also the most important, we commonly used Windows operating system, it can only be said that the ability to manage the rights management, there is no way to the Linux or Unix-like system compared;
(user) and user groups (group) concept;
1, the user's concept;
With the understanding of Linux multiuser before, we understand that Linux is the real multi-user operating system, so we can build a number of users in the Linux system. For example, our colleagues want to use my computer, but I do not want him to use my username login, because my user name has not wanted to let others see the information and information (that is, privacy content) then I can give him a new user name, let him use the user name I opened to toss, This is consistent with the operational rules from the point of view of computer security;
Of course the user's concept of understanding is not only this, in the Linux system there are also some users are used to accomplish specific tasks, such as nobody and FTP, we visit linuxsir.org Web program, is nobody users; when we visit FTP anonymously, User FTP or Nobody will be used, if you want to know some of the Linux system account, please check/etc/passwd;
2. The concept of user groups (group);
User groups (group) is a collection of users with the same characteristics, for example, sometimes we want to have multiple users with the same permissions, such as viewing, modifying a file or executing a command, we need the user group, we define the user to the same user group, we modify the file or directory permissions , so that the user group has a certain operation permissions, so that users under the user group has the same permissions to the file or directory, which we define the group and modify the file permissions to achieve;
For example, in order for some users to have permission to view a document, such as a schedule, and the person who writes the timesheet has permission to read and write, we want some users to know the content of the timesheet without letting them modify it, so we can put these users into a group and then modify the permissions of the file. Make the user group readable so that each user under the user group is readable;
The correspondence between users and user groups is: one-to-many, one or one-to-many or many-to-many;
Single: A user can be the only member of a group;
Many-to-one: multiple users can be a member of a unique group, not belong to other user groups, such as Beinan and Linuxsir two users only belong to the Beinan user group;
One-to-many: a user can be a member of more than one user group, for example, Beinan can be a member of the root group or a member of the Linuxsir user group, or it can be a team of ADM users;
Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group, in fact, many-to-many relationship is the extension of the previous three, understand the above three, this article can also understand;
Third, user and user groups (group) related configuration files, commands or directories;
1, the user and user groups (group) related configuration files;
1) User-related configuration files;
/ETC/PASSWD Note: User's configuration file;
/etc/shadow Note: User shadow password file;
2) configuration files related to user groups (group);
/etc/group Note: User groups (group) configuration file;
/etc/gshadow Note: Shadow files for user groups (group);
2. Tools or commands for managing users (user) and user groups (group);
1) tools or commands for managing users (user);
Useradd Note: Add Users
AddUser Note: Add Users
passwd Note: Set a password for the user
Usermod Note: Modify the user command, can be usermod to modify the login name, the user's home directory and so on;
Pwcov Note: Synchronizing users from/etc/passwd to/etc/shadow
PWCK Note: Pwck is to verify that the user profile/etc/passwd and/etc/shadow file contents are legitimate or complete;
Pwunconv Note: Is the pwcov of the reverse operation, is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file;
Finger Note: View the user Information tool
ID Note: View the user's UID, GID, and user group to which they belong
CHFN Note: Change user Information tool
SU Note: User Switching tool
sudo note: sudo is executed by another user (execute a command as another user), SU is used to switch users, and then to complete the corresponding task by switching to the user, but sudo can execute commands directly, such as Sudo You do not need the root password to perform root assignment only root can execute the corresponding command, but the Visudo to edit the/etc/sudoers to achieve;
Visudo Note: Visodo is the command to edit the/etc/sudoers, or you can use the VI to edit the/etc/sudoers effect is the same without this command;
Sudoedit Note: Same as sudo function;
2) tools or commands for managing user groups (group);
groupadd 注:添加用户组;
groupdel 注:删除用户组;
groupmod 注:修改用户组信息
groups 注:显示用户所属的用户组
grpck
grpconv 注:通过/etc/group和/etc/gshadow 的文件内容来同步或创建/etc/gshadow ,如果/etc/gshadow 不存在则创建;
grpunconv 注:通过/etc/group 和/etc/gshadow 文件内容来同步或创建/etc/group ,然后删除gshadow文件;
3,/etc/skel directory;
/etc/skel directory is usually a directory of user startup files, this directory is controlled by root permissions, when we add users, the files in this directory are automatically copied to the newly added user's home directory, the files under the/etc/skel directory are hidden files, It is similar to the. file format; We can provide users with a unified, standard, Default user environment by modifying, adding, and deleting files in the/etc/skel directory;
[[email protected] beinan]# ls -la /etc/skel/
总用量 92
drwxr-xr-x 3 root root 4096 8月 11 23:32 .
drwxr-xr-x 115 root root 12288 10月 14 13:44 ..
-rw-r--r-- 1 root root 24 5月 11 00:15 .bash_logout
-rw-r--r-- 1 root root 191 5月 11 00:15 .bash_profile
-rw-r--r-- 1 root root 124 5月 11 00:15 .bashrc
-rw-r--r-- 1 root root 5619 2005-03-08 .canna
-rw-r--r-- 1 root root 438 5月 18 15:23 .emacs
-rw-r--r-- 1 root root 120 5月 23 05:18 .gtkrc
drwxr-xr-x 3 root root 4096 8月 11 23:16 .kde
-rw-r--r-- 1 root root 658 2005-01-17 .zshrc
/etc/skel directory files, generally we use the Useradd and AddUser command to add Users (user), the system automatically copied to the new Add users (user) in the home directory, if we modify the/etc/passwd to add users, We can create the user's home directory by ourselves, then copy the files under/etc/skel to the user's home directory, then use Chown to change the owner of the new user's home directory;
4,/etc/login.defs configuration file;
/etc/login.defs files are some planning when creating a user, such as when creating a user, whether the home directory, the UID and GID range, the user's deadline, and so on, can be defined by root;
such as Fedora's/etc/logins.defs file content;
# *required*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, Mail_dir takes precedence.
# Qmail_dir is for QMAIL
#
#QMAIL_DIR Maildir
Mail_dir/var/spool/mail Note: When creating a user, to create a user mail file in the directory/var/spool/mail;
#MAIL_FILE. MAIL
# Password Aging Controls:
#
# pass_max_days Maximum Number of days a password could be used.
# pass_min_days Minimum Number of days allowed between password changes.
# Pass_min_len Minimum acceptable password length.
# pass_warn_age number of days warning given before a password expires.
#
Pass_max_days 99999 Note: The user's password is the maximum number of days;
Pass_min_days 0 Note: Minimum number of days between password modifications;
Pass_min_len 5 Note: Minimum password length;
Pass_warn_age 7 Note:
#
# Min/max values for automatic uid selection in Useradd
#
Uid_min 500 Note: The minimum UID is 500, that is, when adding a user, the UID is starting from 500;
Uid_max 60000 Note: The maximum UID is 60000;
#
# Min/max values for automatic gid selection in Groupadd
#
Gid_min 500 Note: GID is starting from 500;
Gid_max 60000
#
# If defined, this command was run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# The user to be removed (passed as the first argument).
#
#USERDEL_CMD/usr/sbin/userdel_local
#
# If Useradd should create home directories for users by default
# on RH systems, we do. This option was ORed with THE-M flag on
# useradd command line.
#
Create_home Yes Note: Create a user's home directory, the request is created;
5,/etc/default/useradd documents;
The rule file when adding user through useradd;
# useradd defaults file
GROUP=100
HOME=/home 注:把用户的家目录建在/home中;
INACTIVE=-1 注:是否启用帐号过期停权,-1表示不启用;
EXPIRE= 注:帐号终止日期,不设置表示不启用;
SHELL=/bin/bash 注:所用SHELL的类型;
SKEL=/etc/skel 注: 默认添加用户的目录默认文件存放位置;也就是说,当我们用adduser添加用户时,用户家目录下的文件,都是从这个目录中复制过去的;
Postscript:
About the user and user Group (group) management content is about this much, as long as the above mentioned content and grasp, the user (user) and group management is almost Because the user and user groups (group) are associated with file and directory permissions, the operation of file and directory permissions will be independently written to introduce to you;
This article just let the novice brother understand the user and user groups (group) Some principles, so I write this article, most of the commentary content, I mean through the explanation and index some commands, let the novice brother understand a little theory is more important, technical operation is nothing more than command usage;
The contents of this article will be constantly updated and changed, some commands need to be written separately to explain, I will be completed in the last few days;
Reference Documentation:
Linux-related man and related help;
(GO) User management Overview of Linux Users and user groups (group) management