Linux Basics----User and file Rights management

User and file Rights Management experiment Introduction

1, the creation of Linux, delete users, and user groups and other operations. 2, the file permissions in Linux settings.

First, Linux user management

Linux is a multi-user login operating system, such as "Li Lei" and "Han Meimei" can both log on the same host, they share some of the resources of the host, but they also have their own user space, for storing their own files. But in fact their files are placed on the same physical disk or even the same logical partition or directory, but due to the Linux user management and permissions mechanism , different users can not easily view, modify each other's files.

Let's take a look at the basics of account management under Linux.

1. View the user

Please open the terminal and enter the command:

$ who am i或者$ who mom likes

The first column of the input indicates the user name of the user who opened the current pseudo-terminal (to see the user name of the current logged-in user, to remove the space to use directly whoami ), the second column pts/0 represents a pts pseudo-terminal, the so-called pseudo-is relative to the /dev/tty device, remember the last section of the terminal when the seven use [Ctrl]+ [Alt] + [F1]～[F7] to switch the /dev/tty device, this is the "real terminal", pseudo-terminal is when you use in the graphical user interface /dev/tty7 each open a terminal will produce a pseudo terminal, pts/0 the back of that number represents the opening of the pseudo-terminal number, You can try to open a terminal, then enter it inside who am i , see if the second column becomes pts/1 , and the third column indicates the start time of the current pseudo-terminal.

whocommand other common parameters

Parameters	Description
-a	Print all that you can print
-d	Print the Dead process
-m	Same am i ,mom likes
-q	Print the current number of logged-in users and user names
-u	Print current logged in user login information
-r	Print Run level

2. Create a user

In a Linux system, the root account has the supremacy of the entire system, such as new/added users.

Root privileges, one of system permissions, and the systems permissions can be understood as a concept, but higher than Administrator permissions, Root is the Linux and UNIX system in the Super Administrator user account, the account has the entire system supremacy of power, all objects he can operate, So many hackers in the intrusion system, you have to elevate permissions to root permissions, using the method of Windows to understand that is to add their own illegal account to the Administrators user group. More like the Android operating system (based on the Linux kernel) to gain root privileges, it means that the phone has been given the highest rights, this time you can do any files on the phone (including system files) to perform all the add, delete, change, check the operation.

We generally log on to the system as a regular account of the login, to create a user needs root permission, this command is used here sudo . However, the use of this command has two large premises, one is that you want to know the current login user's password, and the second is that the current user must be in the sudo user group. The password for the Shiyanlou user is "Shiyanlou" and it also belongs to the Sudo user group (which will show you how to view and add the user group later). Now let's create a new user named Lilei:

$ sudo adduser lilei

Follow the prompts to enter the Shiyanlou password (the Linux password input is usually not visible), and then to the Lilei user to set the password, the following options for some of the content you can choose to use the default value of direct return:

This command not only adds the user to the system, but also creates the home directory for the new user by default:

$ ls /home

Now that you have created the good one user, and you can log in using the user you created, use the following command to switch the logged in User:

-l lilei

Exit Current user You can use exit commands or use shortcut keys as you would exit a terminal Ctrl+d .

3. User groups

In Linux each user has a attribution (user group), the user group simply understand is a set of users, they share some resources and permissions, and have private resources, and the form of home, your siblings (different users) belong to the same home (user group), You can have this family together (shared resources), Mom and dad treat you all the same (share permissions), you occasionally write a diary, others without permission can not view (private resources and permissions). Of course, a user can belong to more than one user group, as you belong to the family, but also belong to the school or company.

How do you know which user groups you belong to in Linux?

Method One: Use the groups command

$ groups shiyanlou

Where the colon is preceded by the user, followed by the user group that the user belongs to. Here you can see that Shiyanlou users belong to both the Shiyanlou and sudo user groups, and each time a new user does not specify a user group, the default is to automatically create a user group with the same user name (almost the same as the parent's meaning, or Mister), where you should pay special attention to that sudo user group, if you are not in this sudo user group then you are not able to use the sudo command, that is, you are unable to temporarily get administrator privileges, and later will say how to add an existing user to the Sudo user group.

Method Two: View /etc/groupFile

$ cat /etc/group | sort

This cat command is used to read the contents of the specified file and print it to the terminal output, which will be used in detail later. | sortindicates that the text to be read is sorted in a dictionary and then output, and then you will see the following heap of output, you can see the Shiyanlou user group information at the bottom:

No, it's okay, you can use the command to filter out some of the results you don't want to see:

$ cat /etc/group | grep -E "shiyanlou|sudo"

etc/groupFile Format description

The content of/etc/group includes the user group, user group password, GID, and the user that the user group contains, one record per user group. The format is as follows:

Group_name:password:GID:user_list

You see the password field above as an ' x ' does not mean that the password is it, but that the password is not visible.

Add other users to the sudo user group

By default, newly created users do not have root privileges or sudo user groups, and they cannot temporarily get root privileges via the sudo command.

$ su -l lilei$ sudo ls

Will prompt Lilei not in the sudoers file, meaning that Lilei is not in the Sudo user group, as for the sudoers file (/etc/sudoers) You better not move it now, careless operation will lead to more troublesome consequences.

Use usermod the command to add a user group to the user, and you must have root privileges to use the command, you can either use the root user to add user groups to other users, or use the sudo command to get permission to execute the command with other users already in the sudo user group

Here I use the Shiyanlou user to execute the sudo command to add Lilei to the sudo user group so that it can also use the sudo command to get root privileges

$ su shiyanlou$ groups lilei$ sudo usermod -G sudo lilei$ groups lilei

Then you switch to lilei the user, and now you can use sudo to get root privileges.

4. Delete a user

Deleting a user is a simple matter:

$ sudo deluser lilei --remove-home

Ii. Linux file permissions 1. view File permissions

We have used the command many times before, ls as you can see, we use it to list and display the files in the current directory, of course, without any parameters, it will do more than that, and now we need to use it to view the file permissions.

To list files in a longer format:

-l

You may not know the last item except the file name, so what does it mean?

Perhaps you still do not understand, such as the first file type and permissions that a bunch of things exactly what to refer to, what the link is, what is the last modification time, the following one by one ways:

• File type

About the file type, here's one thing you have to keep in mind that Linux is all files , because this is the device files ( /dev directory has a variety of device files, mostly with specific hardware equipment related) This said, there socket is (network sockets, specifically what, Interested users can themselves to understand or look forward to the experiment building follow-up related courses), and pipe (pipeline, this thing is very important, we will discuss later, here you first know that there is the existence of it). Soft link files, linked files are divided into two, the other is of course "hard link" (hard links are not commonly used, the specific content is not the focus of this course discussion, and soft link is equivalent to the shortcut on Windows, you remember this is enough)

• File permissions

Read permission, indicating that you can use cat <file name> such commands to read the contents of a file, write permissions, that you can edit and modify a file, execute permissions, usually refers to the executable binaries or script files can be run, like the ' exe ' suffix on Windows files, but the Linux The type of file is not distinguished by the file suffix name. One thing you should be aware of is that a directory must have both read and Execute permissions to open, and a directory with write permission to allow other files to be created, because the directory file actually holds information such as a list of files in that directory

Owner permissions, which you should understand, as to the user group permissions, refers to all other users in your user group to the file permissions, for example, you have a pobman, then this user group permissions determine whether your siblings have the authority to use it to destroy it and take possession of it.

• Number of links

The number of file names linked to the Inode node where the file is located (for the concept of Linux file system related concepts, not in the scope of this course, interested users can understand themselves).

• File size

With the Inode node size as the size of the file, you can give LS plus -lh parameters to see the size of the file more visually.

Understanding some of the concepts of file permissions, let's add ls some other common uses of commands:

• Show except '. ' (current directory), ' ... ' All files that contain hidden files except the ones above the previous directory (the file that starts with '. ' In Linux is a hidden file)

$ ls -A

Of course, you can use the '-A ' and '-l ' parameters at the same time:

$ ls -Al

To view the full properties of a directory instead of displaying the file attributes in the directory:

<目录名>

• Show all file sizes and present them in a way that ordinary humans can understand:

$ ls -AsSh

Where small S is the size of the display file, big S is sorted by file size, and if you need to know how to sort by other means, use the "man" command to query.

2. Change the file owner

Assuming that the Lilei user is currently logged in, create a new file named "Iphone6":

$ touch iphone6

The visible file owner is Lilei:

Now change the file owner to Shiyanlou using the following command:

$ cd /home/lilei$ ls iphone6$ sudo chown shiyanlou iphone6$ cp iphone6 /home/shiyanlou

Now check to see that the file owner was successfully modified to Shiyanlou:

3. Modify File Permissions

If you have a file that you do not want to be read, written, or executed by another user, then you need to modify the permissions of the file, there are two ways:

• mode 1:2 binary digit representation

Three sets of permissions for each file (owner, owning user group, other user, remember this order is certain ) corresponds to this "rwx", that is, a ' 7 ', so if I want to change the file "Iphone6" permission to only I can use it then:

To demonstrate, I'll add some content to the file:

echo "echo \"hello shiyanlou\"" > iphone6

Then modify the permissions:

chmod 700 iphone6

Now, other users can't read this "iphone6" file anymore:

• Mode two: Add and subtract assignment operation

To accomplish the same effect as above, you can:

chmod go-rw iphone

' G ' o ' and ' u ', respectively, represent Group,others,user, ' + ', '-' to add and remove the corresponding permissions respectively.

Linux Basics----User and file Rights management