Account and Rights Management
Requirements:
One, create the user directory:
Create Directories/tech/benet and/TECH/ACCP, respectively, for hosting files for user accounts in each project group.
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image003 "border=" 0 "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/M00/77/5A/ Wkiol1zmtecis_agaaajm9w9js4141.png "" 244 "height="/>
Second, add the group account:
Add a group account for two items Benet, accp,gid numbers are set to 1001, 1002, respectively.
Add group account for technical department Tech,gid number is set to 200
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image005 "border=" 0 "alt=" clip_image005 "src=" http://s3.51cto.com/wyfs02/M02/77/5A/ Wkiol1zmtedcotltaaamllu1_yi544.png "" 244 "height="/>
Add, delete, modify group accounts:
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001 "border=" 0 "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/M00/77/5A/ Wkiol1zmtegwnzt4aaactxu8pnc128.gif "" "height="/> groupadd command-add group account
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[1] "border=" 0 "alt=" clip_image001[1] "src=" http://s3.51cto.com/wyfs02/M02/77 /5c/wkiom1zms9gst81waaactxu8pnc440.gif "" "height="/> gpasswd command-Add, set, delete group members
? When adding members, use the "-a" option
? When deleting members, use the "-d" option
? You can use the "-M" option if you need to specify all member users of the group account at the same time. (Note: You can use only one group at a time, and if you use the second time, the members you added first are overwritten.) )
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[2] "border=" 0 "alt=" clip_image001[2] "src=" http://s3.51cto.com/wyfs02/M01/77 /5a/wkiol1zmtelrb9ljaaactxu8pnc130.gif "" "height="/> Groupdel command-delete group account
Third, add user account:
1, the Benet group consists of three users, Kylin, Tsengia, and Obama, and the host directory is used in the/tech/benet/directory with the same name as the account folder. Where Kylin user account is set to expire after December 31, 2011
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image007 "border=" 0 "alt=" clip_image007 "src=" http://s3.51cto.com/wyfs02/M02/77/5C/ Wkiom1zms9kwlpfdaaalndwsii4336.png "" 244 "height="/>
2, the ACCP group consists of two users, namely handy, Cucci, and the host directory uses the folder with the same name as the account in the/tech/accp/directory. Where the Cucci user's login shell is set to/bin/ksh
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image009 "border=" 0 "alt=" clip_image009 "src=" http://s3.51cto.com/wyfs02/M02/77/5A/ Wkiol1zmtepc2jxaaaaz30yp2eg928.png "" 244 "height="/>
Add, delete, and modify user accounts:
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[3] "border=" 0 "alt=" clip_image001[3] "src=" http://s3.51cto.com/wyfs02/M00/77 /5a/wkiol1zmteozasbqaaactxu8pnc078.gif "" "height="/> useradd command-Add user account
Basic command format:
useradd [ options ] User name
? -U: Specifies the user's UID number, which requires that the UID number is not used by another user
? -D: Specify the user's host directory location
? -E: Specifies the user's account expiration time, which can be used in the YYYY-MM-DD date format
? -G: Specify the user's base group name (or use GID number)
? -G: Specify the user's additional group name (or use GID number)
? -M: Do not establish the host directory, even if the host directory is set in the/etc/login.defs system configuration
? -S: Specify the user's login shell
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[4] "border=" 0 "alt=" clip_image001[4] "src=" http://s3.51cto.com/wyfs02/M00/77 /5a/wkiol1zmtesrzlxmaaactxu8pnc236.gif "" "height="/> passwd Command-set password for user account
? -D: Clears the password for the specified user and logs in to the system using only the user name
? -L: Lock user account
? -S: Check the status of the user account (whether locked)
? -U: Unlocking user accounts
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[5] "border=" 0 "alt=" clip_image001[5] "src=" http://s3.51cto.com/wyfs02/M01/77 /5c/wkiom1zms9thaxvxaaactxu8pnc569.gif "" "height="/> useradd command-Modify user account properties
? -U: Modify the UID number of the user
? -D: Modify the user's host directory location
? -E: Modify the user's account expiration time, you can use the YYYY-MM-DD date format
? -G: Modify the user's base group name (or use the GID number)
? -G: Modify the user's additional group name (or use the GID number)
? -M: Do not establish and initialize the host directory for the user
? -S: Specify the user's login shell
? -L: Change the login name of the user account (logins name)
? -L: Lock user account
? -U: Unlock user account
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[6] "border=" 0 "alt=" clip_image001[6] "src=" http://s3.51cto.com/wyfs02/M01/77 /5a/wkiol1zmtexza0ffaaactxu8pnc272.gif "" "height="/> userdel command-delete user account
? -R: Can delete the host directory at the same time
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[7] "border=" 0 "alt=" clip_image001[7] "src=" http://s3.51cto.com/wyfs02/M02/77 /5b/wkiol1zmtext7mbzaaactxu8pnc941.gif "" "" height= "/> user account Initial configuration file:
? . bashrc_profile File: The commands in this file will be executed each time the user logs on
? . BASHRC File: The commands in this file are executed every time the "/bin/bash" program is loaded (including, of course, the login system)
? . bash_logout File: The commands in this file will be executed each time the user logs out
Four, all the above user accounts are required to join the tech group, they have been added to the group, and then check.
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image011 "border=" 0 "alt=" clip_image011 "src=" http://s3.51cto.com/wyfs02/M01/77/5C/ Wkiom1zms9adtsogaaaq_ca6fly972.png "" 244 "height="/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image013 "border=" 0 "alt=" clip_image013 "src=" http://s3.51cto.com/wyfs02/M02/77/5B/ Wkiol1zmtebgul8saaakzytjiug508.png "" 244 "height="/>
Enquiry Account Information:
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[8] "border=" 0 "alt=" clip_image001[8] "src=" http://s3.51cto.com/wyfs02/M00/77 /5c/wkiom1zms9bjzrmlaaactxu8pnc303.gif "" "height="/> user account file :
? Mainly:/etc/passwd,/etc/shadow
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[9] "border=" 0 "alt=" clip_image001[9] "src=" http://s3.51cto.com/wyfs02/M01/77 /5c/wkiom1zms9ecxz-raaactxu8pnc106.gif "" "Height="/> group account file :
? Mainly:/etc/group,/etc/gshadow
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[10] "border=" 0 "alt=" clip_image001[10] "src=" http://s3.51cto.com/wyfs02/M02/ 77/5c/wkiom1zms9fj6_wqaaactxu8pnc616.gif "" "height="/> groups command-query the group to which the user account belongs
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[11] "border=" 0 "alt=" clip_image001[11] "src=" http://s3.51cto.com/wyfs02/M02/ 77/5b/wkiol1zmteiia0n4aaactxu8pnc395.gif "" "height="/> ID Command-Query the identity of the user account
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[12] "border=" 0 "alt=" clip_image001[12] "src=" http://s3.51cto.com/wyfs02/M02/ 77/5b/wkiol1zmteig49tuaaactxu8pnc262.gif "" "height="/> finger command-Query login properties of user account
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[13] "border=" 0 "alt=" clip_image001[13] "src=" http://s3.51cto.com/wyfs02/M00/ 77/5b/wkiol1zmteid9nrjaaactxu8pnc929.gif "" "Height="/> w command-Query the current host user login status (users, WHO)
Five, for Kylin, Tsengia, handy these three user accounts set the initial password for "123456", other users temporarily do not set a password
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image015 "border=" 0 "alt=" clip_image015 "src=" http://s3.51cto.com/wyfs02/M01/77/5C/ Wkiom1zms9nb567eaaay1t5csjq456.png "" 244 "height=" 108 "/>
Six, set directory permissions and attribution
1, set the/tech directory group as tech, removing all permissions from other users
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image017 "border=" 0 "alt=" clip_image017 "src=" http://s3.51cto.com/wyfs02/M02/77/5C/ Wkiom1zms9qjnxktaaai1x0qyac157.png "" 244 "height="/>
2, set the genus Group of the/tech/benet directory to Benet, removing all permissions from other users
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image019 "border=" 0 "alt=" clip_image019 "src=" http://s3.51cto.com/wyfs02/M02/77/5C/ Wkiom1zms9ri5mooaaakxspnmdy659.png "" 244 "height="/>
3, set the genus Group of the/TECH/ACCP directory to ACCP, removing all permissions from other users
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image021 "border=" 0 "alt=" clip_image021 "src=" http://s3.51cto.com/wyfs02/M02/77/5B/ Wkiol1zmteqjlh9zaaaj5fokt20884.png "" 244 "height="/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[14] "border=" 0 "alt=" clip_image001[14] "src=" http://s3.51cto.com/wyfs02/M02/ 77/5b/wkiol1zmtevs1xkzaaactxu8pnc594.gif "" "Height="/> " set directory and file permissions:
When you need to set permissions for a file or directory, it is done primarily through the chmod command.
n character form:
r Read View file Contents view directory contents (show subdirectories, file list)
w Write modify file contents Modify directory contents (create, move, delete files or directories in directory)
x executable the file (program or script) Execute CD command to enter or exit the directory
n Digital form:
The R, W, x permission characters can be represented as octal digits 4,2,and1, representing a combination of permissions that need to accumulate numbers.
Basic usage Format:
chmod [Ugoa ... ] [+-=] [rwx] file or directory ...
Or
chmod nnn file or directory ...
? " Ugoa " indicates the user class to which this permission setting is targeted. "U" represents the owner of the document, "G" represents the genus, "O" represents any other user, "A" represents all users (sum of u, G, O)
? " +-= " represents an action action that sets permissions. "+" means to increase the corresponding permission, "-" means to reduce the corresponding permissions, "=" To set the corresponding permissions only
? " rwx " is a character combination of permissions, or it can be split using
? " nnn " for specific permission values that need to be set, such as" 770 "," 644 ", etc.
? - R : Sets the permissions for all subdirectories and files in a directory to the same value.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image001[15] "border=" 0 "alt=" clip_image001[15] "src=" http://s3.51cto.com/wyfs02/M01/ 77/5c/wkiom1zms9uhiivlaaactxu8pnc414.gif "" "height=" "/>" set directory and file attribution:
Need to set the file or directory attribution, mainly through the chown command.
Basic usage Format:
Chown Owner [: [ Genus Group ]] file or directory ...
When the owner and the group are set, a semicolon ";" is used to separate the user name from the group name. If you only set up a group, you use the form ": group name".
? - R : recursively modifies directory attribution
Seven, set up common data storage directory
Create a/public directory that allows users in all technical groups to read, write, execute files, and disallow access to this directory by users of non-technical groups
Steps::
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image023 "border=" 0 "alt=" clip_image023 "src=" http://s3.51cto.com/wyfs02/M00/77/5B/ Wkiol1zmteyzhjxgaaalfsbizfo460.png "" 244 "height="/>
Linux Account and Rights management