Linux User and User group management overview

Article Title: Linux User and User group management overview. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

This document describes the concepts of user and group management in Linux, and lists commands related to user and group; this article also describes single-user multi-task and multi-user multi-task. It should be said that this document is a relatively basic document.

1. Understand the concept of single-user multitasking and multi-user multitasking in Linux

Linux is a multi-user, multi-task operating system. We should understand the concept of single-user multi-task and multi-user multi-task.

1. Linux single-user multitasking

Multi-task for a single user. For example, when we log on to the system with beinan and enter the system, I want to open gedit to write the document. However, when writing the document, I feel less music, so I opened xmms to make some music again. Of course, I couldn't even listen to some music, and MSN had to open it. I wanted to know what some of my colleagues are doing now. In this way, when I log on with the beinan user, run gedit, xmms, msn, And the fcitx input method. In this case, a beinan user executes several tasks to complete the work. Of course, beinan is a user, others can log on remotely and do other work.

2. Linux multi-user and multi-task

Sometimes many users use the same system at the same time, but not all users must do the same thing, so there are multiple users and multiple tasks.

For example, LinuxSir. the Org server contains FTP users, system administrators, web users, and common users. At the same time, some may be visiting the forum, and some may be uploading software package management sites, for example, luma or Yuking is managing their home page system and FTP. At the same time, there may be system administrators who are maintaining the system. They use nobody users to browse the home page, the uploaded Software Package uses FTP users. The Administrator's maintenance or viewing of the system may use a common account or super-Permission root account. Different users have different permissions, different users are required to complete different tasks. You can also say that different users may do different jobs.

It is worth noting that multi-user multi-task operations are not performed by the keyboard and display of a single machine at the same time. Multiple users may log on remotely, for example, remote control of the server, anyone with user permissions can perform operations or access.

3. User Role differentiation

Users are divided into roles in the system. In Linux, permissions and tasks are different because of different roles; it is worth noting that the user's role is identified by UID, especially UID. In system management, the system administrator must stick to the unique characteristics of UID.

Root User: The system is unique and real. You can log on to the system, operate any files and commands in the system, and have the highest permissions;

Virtual users: These users are also known as pseudo users or fake users. They are differentiated from real users. Such users do not have the ability to log on to the system, but are indispensable users for system operation, for example, bin, daemon, adm, ftp, mail, etc. All these users are owned by the system rather than those added later. Of course, we can also add virtual users;

Ordinary real users: These users can log on to the system, but can only operate the contents of their home directories; limited permissions; these users are added by the system administrator.

4. Security of multi-user operating systems

Multi-user systems are more convenient for system management. From a security perspective, the multi-user management system is more secure. For example, if a file under a beinan user does not want other users to see it, just set the file permissions, only one beinan user can read, write, and edit data. In this way, only one beinan user can operate on its private files. Linux is the best performing solution for multiple users, linux can protect the security of every user, but we also have to learn about Linux as a secure system. If there is no security-aware administrator or management technology, such a system is not secure.

From the server point of view, the system security under multiple users is also the most important. For Windows operating systems that we commonly use, the system's capability of permission management can only be said to be general, there is no way to compare with Linux or Unix systems.

2. Concepts of user and group

1. user Concept

Based on our understanding of multiple users in Linux, we understand that Linux is a real multi-user operating system, so we can build several users in Linux ). For example, our colleague wants to use my computer, but I don't want him to log on with my user name, because my user name contains information and information (that is, private content) that he does not want others to see) in this case, I can create a new user name for him to use the user name I opened, which is in line with the operational rules from the computer security perspective.

Of course, the concept of user is not just that. in Linux, there are still some users who are used to complete specific tasks, such as nobody and ftp. We access LinuxSir. org's webpage program is a nobody user. ftp or nobody is used for anonymous ftp access. For details about Linux accounts, see/etc/passwd.

2. Concepts of user groups

A user group is a collection of users with the same features. For example, sometimes we want to allow multiple users to have the same permissions, for example, to view or modify a file or execute a command, we need a user group. We define all users to the same user group. By modifying the permissions of files or directories, the user group has certain operation permissions, so that users under the user group have the same permissions on the file or directory. This is achieved by defining the group and modifying the file permissions.

For example, in order for some users to have the permission to view a document, such as a timetable, the person who writes the timetable must have the permission to read and write the document, we want some users to know the contents of this Schedule without modifying them. Therefore, we can place these users into a group and modify the permissions of this file to make the user group readable, in this way, each user in the user group is readable.

The ing between users and user groups is one-to-one, many-to-one, one-to-many, or many-to-many.

One-to-one: a user can be a unique member of a group.

Multiple-to-one: multiple users can be members of a unique group and cannot belong to other user groups. For example, beinan and linuxsir users only belong to beinan user groups.

One-to-multiple: a user can be a member of multiple user groups. For example, beinan can be a member of the root user group, a member of the linuxsir user group, or an adm user group.

Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group. In fact, the many-to-many relationship is the expansion of the first three. I have understood the three above, this article can also be understood.

 

[1] [2] [3] Next page