Linux User, group management and permissions (i)

First, user management

1. Why users need

1) Reasonable allocation of computer and network resources 2) You can control the user's access to the system. 3) Identity authentication 4) The process runs as a user

2. User classification

The user's role is identified by UID (user ID), not by user name

Linux system three categories of users: Root users, system users, ordinary users

1) Root User

The root user uid is 0, with the highest privilege

2) System users

Also become a virtual user, pseudo-user or fake user, does not have the ability to log on to the Linux system, but it is an indispensable user of the system operation

centos6:1~499

centos7:1~999

3) Ordinary Users

Ability to log on to Linux systems with limited permissions, created by administrators

centos6:500~65535

centos7:1000~65535

3. User authorization

A user's permission to operate on a file or a folder, for authorization (authorization)

4. Group

A container for associating multiple users with permissions, setting permissions on a file at a time

Administrative Group, Normal group

Basic groups, additional groups

5. Manage Users and Groups

Common commands: Useradd,passwd,userdel,usermod,groupadd,gpasswd,groupdel,groupmod

1) Useradd command

Useradd [-C comment] [-D Home_dir]
[-E Expire_date] [-F Inactive_time]
[-G Initial_group] [-G group[,...]]
[-M [-K Skeleton_dir] |-m] [-s Shell]
[-U uid [-O]] [-N] [-R] Login

(-C: Specify description information,-D: Specify home directory,-e: Account termination date,-F: Inactive time,-G: Basic Group,-G: Additional group,-s: Specified shell,-u: Specified UID

[Email protected] software]# Useradd-u 501 user1

User1:x:501:501::/home/user1:/bin/bash

That is: User name: Password: User uid: Basic Group ID: User description information: User home directory: Bash

(Note: When you create a user, a group with the same name as the user name is created automatically if you do not specify a base group)

2) passwd command

passwd [-K] [-l] [-u [-f]] [-d] [-e] [-N mindays] [-X Maxdays] [-W warndays] [-I inactivedays] [-S] [--stdin] [username]

Usage:

passwd: Change your password

passwd username Modify the password for the specified user

[Email protected] ~]# passwd user1
Change the password for the user user1.
New Password:
Re-enter the new password:

Parameters:

--stdin: Can be entered as a password via data from the previous pipeline

-l:lock, will/etc/shadow the second column of the front Plus! Disable password

-U: as opposed to-l, it means unlock.

-S: Lists the password-related parameters, that is, most of the information in the shadow file

-N: The number of days after, shadow the 4th field, how long the password cannot be changed

-X: After the number of days, shadow the 5th field, how long must change the password

-W: Number of days to follow, shadow 6th field, warning days before password expires

-I: Followed by "date", Shaodow 7th field, password expiration date

[Email protected] ~]# echo "yubing" | passwd--stdin yubing
Change the password for the user yubing.
PASSWD: All the authentication tokens have been successfully updated.

[Email protected] ~]# passwd-s yubing
Yubing PS 2015-12-31 0 99999 7-1 (password is set, use SHA512 encryption.) )

[[email protected] ~]# passwd-l yubing Lock user

3) usermod Modify user Properties

-a|--append # #把用户追加到某些组中, only used with the-G option
-c|--comment # #修改/etc/passwd file Fifth paragraph comment
-d|--home # #修改用户的家目录通常和-m option used together
-e|--expiredate # #指定用户帐号禁用的日期, Format yy-mm-dd
-f|--inactive # #用户密码过期多少天后采用就禁用该帐号, 0 means the account is disabled when the password is expired, 1 means disable this feature, the default value is-1
-g|--gid # #修改用户的gid, the reorganization must exist-g|--groups # #把用户追加到某些组中, used only with the-a option
-l|--login # #修改用户的登录名称
-l|--lock # #锁定用户的密码
-m|--move-home # #修改用户的家目录通常和-D option with
-s|--shell # #修改用户的shell
-u|--uid # #修改用户的uid, the UID must be unique
-u|--unlock # #解锁用户的密码

Case:

• New user User02, specify password: 12345, create user group

[Email protected] ~]# Useradd User02
[Email protected] ~]# echo "123456" | passwd--stdin User02
Change the password for the user User02.
PASSWD: All the authentication tokens have been successfully updated.
[Email protected] ~]# Groupadd user

• Add User02 users to the user group

[Email protected] ~]# Usermod-ag user User02 #多个组之间用空格隔开
[[email protected] ~]# ID
Uid=0 (Root) gid=0 (root) group =0 (root) environment =unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

• Modify User02 user's home directory

[[Email protected] ~] #usermod-D/test/user02

• Modify User Name

[[Email protected] ~] #usermod-L Userchain User02

[[email protected] ~]# ID userchain
uid=503 (Userchain) gid=503 (USER02) group =503 (USER02), 504 (user)

• Specify an expiration date for the account

[Email protected] ~]# usermod-e "2016-08-11" Userchain

• Specify how many days after the user account password expires, disable the account

[[Email protected] ~] #usermod-F 0 userchain

(Note: Usermod does not allow you to change the user account name on the line.) When Usermod is used to change the UserID, it must be confirmed that the user does not perform any program on the computer)

4) Userdel Delete command

Grammar
Userdel [-R] Login

Describe
The Userdel command modifies the SYSTEM account file to delete all the login reference parts. The subject name must be present.

The-R files are removed from the user directory. Files in other locations will also be identified and deleted.

[Email protected] ~]# Userdel-r Userchain
[[email protected] ~]# ID userchain
Id:userchain: No such user
4) Groupadd Group creation Command

-G GID Specify GID number

[Email protected] ~]# Groupadd MYGRP2
[Email protected] ~]# Tail/etc/group
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
TCPDUMP:X:72:
SLOCATE:X:21:
user1:x:501:
yubing:x:502:
user02:x:503:
user:x:504:
mygrp2:x:505:
5) Groupdel Delete Group

[Email protected] ~]# Groupdel MYGRP2

Second, user rights

1, user rights mainly include: R W

For files: r: You can use the View tool to view content (CAT,VI) W: Editable content x: Draws this file to the kernel to start as a process

For Table of Contents: R: You can use the LS command to list information about all files and subdirectories within it

W: Create and delete files in this directory

X: can CD into this directory, you can switch into this directory, use Ls-l to view the directory and sub-file all permissions information

2, the user initiates a process to access a file resource, the rights matching mechanism

1) First look at the owner of this process, whether the owner of the file being accessed is the same user, and if so, to run the file as the owner of the access, so that the permissions applied to the owner

For example: On the system, run the LS command as the root user, view the/etc/fstab file, and the owner of the accessed file is root, at which point the same user is determined

2) If not, to see if the user running the process belongs to the group of files being accessed, if yes, apply group permissions, if not, apply additional permissions

Linux User, group management and permissions (i)