Linux
Sixth chapter account and authority management
Enjoy life and love the challenge
Mingyuan Share
A paragraph of each chapter:
Every good person has a silent time. People always have difficulties, will be ignored by others, this time is your most critical time, we need to believe in life, do not give up, fate will not abandon you, bitter past can be sweet.
Today we want to learn the various configuration and management of the users and groups in Linux, in fact, do not want to command more difficult to remember, in fact, more than a few times to remember, the simpler you think it is easier for you to reach your goal.
Theory:
Linux Controls access to resources based on user identities
Let's look at the classification of Linux user accounts and groups first:
① Super User Root
② Ordinary Users
③ Program User
Group account :
① Basic Group (private group)
② additional groups (public groups)
Our system has the same user and group ID as Windows, respectively.
UID and GID:
UID(user identity, ID number)
GID(group Identify, set identification number)
We know all the files in Linux so:
Basic information for saving a user's account
File Location:/etc/passwd
Each row corresponds to one user's account record
We can view it through tail (because the new user defaults to the back)
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M01/58/8E/wKiom1Sz2cWjmKJPAABDloWHHjI479.jpg "height=" 94 "/>
Used to save password strings, password expiration, and other information
File Location:/etc/shadow
Each line corresponds to a user's password record (go and see for yourself)
useradd CommandFormat: useradd [options] ... User name
Common Command Options
-u: Specify UID tag number
-D: Specify the host directory, default to/home/user name
-e: Specify the account expiration time
-G: Specify the user's base group name (or UID number)
-G: Specify the user's additional group name (or GID number)
-M: Do not establish and initialize the host directory for the user
-S: Specify the user's login shell
passwd command Set password, etc.
Format: passwd [options] ... User name
Common Command Options
-D: Clears the user's password so that it can log in without a password
-L: Lock user account
-S: Check the status of the user account (whether locked)
-U: Unlock user account
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M02/58/8E/wKiom1Sz2cbw9xEGAAAl3HtO9wU096.jpg "height=" "/> (password will not be displayed OH)
Direct passwd will modify your current user's password without adding a username.
Modify user account Properties & #8212;& #8212; usermod
Usermod command
Format: usermod [options] ... User name
Common Command Options
-L: Change the login name of the user account
-L: Lock user account
-U: Unlocking user accounts
The following options have the same meaning as in the Useradd command
-U,-D,-e,-G,-G,-S
Userdel Delete user account
Userdel command
Format: Userdel [-r] User name
When you add the-r option, it means that the user's host directory is deleted
Do it together.
One, create the user directory:
Create Directories/tech/benet and/TECH/ACCP, respectively, for hosting files for user accounts in each project group.
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc3ff.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8B/wKioL1Sz2sKCddQ7AAATKXKkRQM739.jpg "height="/>
Second, add the group account:
Add a group account for two items Benet, accp,gid numbers are set to 1001, 1002, respectively.
Add group account for technical department Tech,gid number is set to 200
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc400.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8B/wKioL1Sz2sKCddQ7AAATKXKkRQM739.jpg "height="/>
Add, delete, modify group accounts:
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc401.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8E/wKiom1Sz2caCWpHUAAAFI2lXtko517.jpg "height="/> Groupadd Command Add group account
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc402.tmp "src=" http://s3.51cto.com/wyfs02/M02/58/8E/wKiom1Sz2ceTzx8LAAAFI2lXtko288.jpg "height="/> GPASSWD command Add, set, delete group members
; When adding members, use the-a option
; When deleting members, use the-D option
; If you need to specify all member users of the group account at the same time, you can use & #8220;-m& #8221; (Note: You can use only one group at a time, and if you use the second time, the members you added first are overwritten.) )
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc403.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8E/wKiom1Sz2cezieQlAAAFI2lXtko501.jpg "height="/> Groupdel command to delete a group account
Third, add user account:
1, the Benet group consists of three users, Kylin, Tsengia, and Obama, and the host directory is used in the/tech/benet/directory with the same name as the account folder. Where Kylin user account is set to expire after December 31, 2011
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc404.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8E/wKiom1Sz2cfDE6kaAAAtGV7Tb4k125.jpg "height="/>
2, the ACCP group consists of two users, namely handy, Cucci, and the host directory uses the folder with the same name as the account in the/tech/accp/directory. Where the Cucci user's login shell is set to/bin/ksh
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc414.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8B/wKioL1Sz2o_QvcaPAAAjFCkGuXI567.jpg "height="/>
Add, delete, and modify user accounts:
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc415.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8B/wKioL1Sz2o_Tn129AAAFI2lXtko831.jpg "height="/> Useradd command Add user account
Basic command format:
useradd [Options] User name
; -U: Specifies the user's UID number, which requires that the UID number is not used by another user
; -D: Specify the user's host directory location
; -E: Specifies the user's account expiration time, which can be used in the YYYY-MM-DD date format
; -G: Specify the user's base group name (or use GID number)
; -G: Specify the user's additional group name (or use GID number)
; -M: Do not establish the host directory, even if the host directory is set in the/etc/login.defs system configuration
; -S: Specify the user's login shell
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc416.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8B/wKioL1Sz2pDTmKOAAAAFI2lXtko317.jpg "height="/> passwd command to set password for user account
; -D: Clears the password for the specified user and logs in to the system using only the user name
; -L: Lock user account
; -S: Check the status of the user account (whether locked)
; -U: Unlocking user accounts
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc417.tmp "src=" http://s3.51cto.com/wyfs02/M02/58/8B/wKioL1Sz2pCwfVFXAAAFI2lXtko287.jpg "height="/> Useradd command to modify user account properties
; -U: Modify the UID number of the user
; -D: Modify the user's host directory location
; -E: Modify the user's account expiration time, you can use the YYYY-MM-DD date format
; -G: Modify the user's base group name (or use the GID number)
; -G: Modify the user's additional group name (or use the GID number)
; -M: Do not establish and initialize the host directory for the user
; -S: Specify the user's login shell
; -L: Change the login name of the user account (logins name)
; -L: Lock user account
; -U: Unlock user account
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc437.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8B/wKioL1Sz2pDjyPLmAAAFI2lXtko790.jpg "height="/> Userdel Command & #8212; Delete user account
& #216; -R: Can delete the host directory at the same time
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc438.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8F/wKiom1Sz2cjTUH9fAAAFI2lXtko765.jpg "height="/> Initial configuration file for user account:
& #216;. bashrc_profile file: The command in this file will be executed each time the user logs on
& #216;. bashrc file: Commands in this file will be executed at each load & #8220;/bin/bash& #8221; program (including login system, of course)
& #216;. bash_logout file: The commands in this file will be executed each time the user logs out
Four, all the above user accounts are required to join the tech group, they have been added to the group, and then check.
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc449.tmp "src=" http://s3.51cto.com/wyfs02/M02/58/8F/wKiom1Sz2ciAGdy3AAAXJOBS1Zo272.jpg "height=" "/>
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc44a.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8F/wKiom1Sz2ciQr5zDAAARERWvtVk589.jpg "height=" "/>"
Enquiry Account Information:
User account File :
mainly:/etc/passwd,/etc/shadow
group account files :
mainly:/etc/group,/etc/gshadow
groups command-Query the group to which the user account belongs
ID command-Query the identity of the user account
Finger command-Query login properties of user account
W command-Query the current host's user login status(Users,who)
Five, set the initial password for the three user accounts for kylin,tsengia, andhandy as " 123456", other users temporarily do not set a password
steps: :
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc461.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8F/wKiom1Sz2cnzSV0aAABBF-hBtc4497.jpg "height=" 108 "/>
Six, set directory permissions and attribution
1, set the/tech directory group as tech, removing all permissions from other users
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc462.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8F/wKiom1Sz2cngixo3AAAPjOl1NiI319.jpg "height="/>
2, set the genus Group of the/tech/benet directory to Benet, removing all permissions from other users
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc463.tmp "src=" http://s3.51cto.com/wyfs02/M02/58/8F/wKiom1Sz2cnA-57NAAAQpILWkrY458.jpg "height=" "/>"
3, set the genus Group of the/TECH/ACCP directory to ACCP, removing all permissions from other users
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc483.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8F/wKiom1Sz2cmiIMzNAAAQ6ff0Uv0218.jpg "height="/>
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc484.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8F/wKiom1Sz2cqRKIroAAAFI2lXtko388.jpg "height="/> To set permissions for directories and files:
When you need to set permissions for a file or directory, it is done primarily through the chmod command.
N Character form:
R Read View file contents view directory contents (show subdirectories, file list)
W Write modify file contents Modify directory contents (create, move, delete files or directories in directory)
x executable the file (program or script) Execute CD command to enter or exit the directory
Digital form:
The R, W, x permission characters can be represented as octal digits 4, 2, and 1, representing a combination of permissions that need to accumulate numbers.
Basic usage Format:
chmod [Ugoa ... ] [+-=] [rwx] file or directory ...
Or
chmod nnn file or directory ...
"Ugoa" indicates the user class to which the permission setting is directed. "u" represents the owner of the document, "g" represents the genus, "o" represents any other user, "a" represents all Users (u,g, Sum of o )
"+-=" represents an action action that sets permissions. "+" means to increase the corresponding permission, "-" means to reduce the corresponding permissions, "=" To set the corresponding permissions only
"rwx" is a combination of the characters of a permission, or it can be split to use
"nnn" is the specific permission value you want to set, such as "770", "644", etc.
- R: sets the permissions for all subdirectories and files in a directory to the same value.
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc485.tmp "src=" http://s3.51cto.com/wyfs02/M00/58/8F/wKiom1Sz2fqBsP7cAAAFI2lXtko027.jpg "height="/> To set the attribution of directories and files:
Need to set the file or directory attribution, mainly through the chown command.
Basic usage Format:
Chown owner [: [Genus]] file or directory & #8230;
At the same time set the genus, the user name and group name are separated by semicolons & #8220;;& #8221; If you only set up a group, you use the form ": group name".
- R: Recursive modification of directory attribution
Seven, set up common data storage directory
Create a/public directory that allows users in all technical groups to read, write, execute files, and disallow access to this directory by users of non-technical groups
Steps::
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "border=" 0 "alt=" Wpsc486.tmp "src=" http://s3.51cto.com/wyfs02/M01/58/8F/wKiom1Sz2fqCwUOrAAASmibYKYI491.jpg "height="/>
Here can only be simple to introduce you, but also need more practice to master.
Linux chapter Sixth account and Rights management