Linux user and group management, Linux User Management
I. Overview:
1. Three types of users in Linux:
(1) Super User (root) has all permissions of the operating system. The UID value is 0.
(2) general users have limited operating system permissions. UID value: 500 ~ 6000
(3) the pseudo-user is designed to facilitate system management and meet the requirements of the corresponding system process file owner. The pseudo-user cannot log on, and the UID value is 1 ~ 499
Ii. User account files
1. Password File:/etc/passwd
2. shadow password file:/etc/shadow
Only the root user has the modification permission for the above files
Iii. User Account Management
1. Create an account
Format: useradd [<option>] <User Name>
Example: useradd-gstuff-e 8/31/2005 pp
Useradd Command Options
-Uuid: Specify the uid of the new user. By default, the current maximum UID is used to add 1.
-Ggroup: Specifies the group (private group) of the new user. This group must exist.
-Ggroup: specify an additional group for the new user.
-Ddir: Specifies the directory of the new user.
-Sshell: Specifies the Shell used by new users. The default value is bash.
-Ccomment: Additional information about a new user, such as the full name.
-Eexpire: Specifies the user's logon expiration time (08/31/2005)
-M: Create a new user's own directory
2. Create user account command useradd/adduser
In Red Hat Linux, no matter whether the adduser or useradd command is executed, it actually points to the file/usr/sbin/useradd. Therefore, you only need to select a command to execute it:
Useraddpp: Create a pp account
Passwd pp: Set the password
3. Create and delete user accounts
Create an account:
Useradd-g stuff-e 08/31/2005 pp
Passwd pp
Set a password for pp to create a user pp belonging to the stuff group. The logon expiration time is
Delete an existing user account
Userdel-r pp
The DELETE command userdel parameter-r is used to delete all user information (including the home directory)
4. Disable, restore, and delete accounts
Disable
Usermod-L username Disabled Account
Passwd-l username Password Disabled
Restore
Usermod-U username resume Disabled Account
Passwd-u username resume disabled Password
Delete
Userdel-r u1: delete account U1 and Home Directory
-R: Delete the home directory.
Note: The command usermod is not the same as passwd in the function of disabling and recovering accounts.
5. Disable and delete user accounts
Disabling an account means that users are not allowed to log on to the system for the moment, and their data must be retained. You can edit the/etc/passwd file and mark the row of the account to be stopped.
Iv. Group Management
1. Component
(1) private group (g)
When creating a new user, if no group is specified, RedHat creates a private group with the same name as the user.
(2) Standard Workgroup (G)
A standard group can accommodate multiple users. If you use a standard group, you should specify the group to which a new user belongs when creating a new user.
(3) group files
/Etc/group
2. Create, delete, and modify a group
Groupadd-g 888 group2: Create a group group2 with a GID of 888
Groupdel group2: Delete Group group2
Groupmod-n group22 group2: Modify group2 group name group22
3. id command
Function: view the UID and GID of a user.
Format: id [Option] User Name
Parameters:
-G: only the GID of the user group is displayed.
-G: only the GID of the user's affiliated group is displayed.
-U: displays UID only.
4. finger command
You can view user information, including the user's own directory, startup shell, and user name.
Format: finger [Option] account
-L is displayed in long cells. The default option is
-S is displayed in short Cells
5. chfn and chsh
(1). chfn function: Change User Information
Format: chfn account
Chfnpp: Change pp user information
(2). chsh function: Change the startup shell
Format: shell modified by chsh-s
[Pp @ linuxpp] # chsh-s/bin/bash change the shell of pp to/bin/bash
Permission management for linux users and groups
First, you need to understand the linux permission mechanism. I feel that your understanding of this permission and your command skills are insufficient.
First, the file permissions in linux are for users. Whether a file can be read and written depends on the type of permissions that the user currently uses for the file belongs to, the owner, the group, or other permissions. This is critical. That is, the UGO permission system. You need to know about these settings first. In addition, specify that the user or group command to which a file belongs is chown instead of chmod. As for your question. In fact, there are many implementation methods. For example, for special permissions, it is better to implement the access control list facl. I hope you can understand this problem and solve it yourself.
Permission management for linux users and groups
Below is my copy
You can view the command details on Baidu chmod and then use it.
I have never thought about merging a group, but you can modify the parameters. Then, each created user group can be set to the group name you edited. This is too bad. I have never done it seriously.
Change the owner and group of the directory/tmp/sco to sawn and the group net chown-R sawn: net/tmp/sco chmod to modify the file and folder read/write execution attribute 1. Put hh. the c file is changed to writable and readable. the chmod 777 hh can be executed. c. Modify the attributes of all files in a directory to writable and readable. Run chmod 777 *. * replace the folder name with the suffix. Similarly, if you want to modify the attributes of all htm files, chmod 777 *. htm 2. Change the directory/tmp/sco to writable and readable. Execute chmod 777/tmp/sco to modify all folder attributes in a directory to writable and execute chmod 777 * use the folder name * you can modify all the files and folders in/tmp/sco and Their subfolders to be writable and readable. You can execute chmod-R 777/tmp/sco to write w = 4 readable r. = 2 executable x = 1 777 means you have full permissions. Users and group permissions can be freely combined as needed