First, user group management
Create a group
Groupad command:
Groupadd [OPTION] ... group_name-g gid: Specify GID number; [Gid_min,gid_max]-r: Create System Group; CentOS 6:id<500 CentOS 7:id<1000
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/69/wKioL1eixiCBlOOZAAAQUkXLl9E337.png "title=" 1.png " alt= "Wkiol1eixicbloozaaaqukxll9e337.png"/>
Group Property Modification
Groupmod command:
Groupmod [OPTION] ... group_name-g:gid, change group id-n: Change group name groupmod-n mutest mysystemgroupmod-g 10010 mytest
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/6A/wKiom1eix9zQbS4aAAAdF5DmG_w958.png "title=" 2.png " alt= "Wkiom1eix9zqbs4aaaadf5dmg_w958.png"/>
Delete a group
Groupdel command:
Groupdel Group_namegroupdel mytest
Group password
GPASSWD command:
GPASSWD [OPTION] group-a User: Add user to the specified group;-D User: Remove users from the specified group user-a user1,user2,...: Set up a list of users with administrative rights
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/85/69/wKioL1eiyPvQM9VmAAAml4bcOys527.png "title=" 3.png " alt= "Wkiol1eiypvqm9vmaaaml4bcoys527.png"/>
NEWGRP command: Temporarily switch base Group, if user does not belong to this group, need group password
NewGroup mytest
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/85/6A/wKiom1eiykvDJt1xAABDraEvjr0169.png "title=" 4.png " alt= "Wkiom1eiykvdjt1xaabdraevjr0169.png"/>
Change and view Group members
Groupmems command:
groupmems [options] [action] options: -g, --group groupname Change to specified group (root only) Actions: -a, --add username Specify user join group -d, --delete username Remove users from a group -p, --purge clear all Members from the group -l, --list Show Group Members list groups [option]. [username]... View User-owned Groups list
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/69/wKioL1eiysfRuRMBAAAuRPF_p1g602.png "title=" 5.png " alt= "Wkiol1eiysfrurmbaaaurpf_p1g602.png"/>
Second, user Rights management
File Basic Permissions Description:
[Email protected] ~]# lltotal 4-rw-r--r--. 1 root root 4 12:26 file-: File type rw-: Owner rights r--: owning group permissions r--: Other user rights.: SELinux Open 1: Number of links, number of citations root: main root: Owner 11: File size 4 12:26: File creation time FileName: file name
File Properties Operations:
Modify the owner of the file, the genus Group
chown [OPTION] ... [OWNER] [: [GROUP]] FILE ... Usage: The colon in the OWNER OWNER:GROUP:GROUP command is available. Replace;-r: Recursive chown [OPTION] ...--reference=rfile file...chown-r nginx. Nginx/var/html/www/chown gentoo:hadoop file Chown:root file chown Hadoop file chown--reference=/etc/shadow file
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/6A/wKiom1eizzaAv8boAAAvoaCHf6Q998.png "title=" 7.png " alt= "Wkiom1eizzaav8boaaavoachf6q998.png"/>
Modify the file group, only the administrator has this right:
CHGRP [OPTION] ... GROUP file ... chgrp[option] ...--reference=rfile file ...-r recursive chgrp Gentoo chen.txt chgrp--reference=/tmp/chen.out /root/filechgrp-r hadoop/var/html/www/
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/6A/wKiom1ei0T_wN_Y_AAAXn7wkCvA098.png "title=" 8.png " alt= "Wkiom1ei0t_wn_y_aaaxn7wkcva098.png"/>
Detailed file permissions:
R: Read w: Write x: Execute r=4 w=2 x=1 Admin Create file default permissions are as follows:[[email protected] ~]# Lltotal 4-rw-r--r--. 1 root gentoo 0 Aug 4 13:20 chen.txtdrwxr-xr-x. 2 root root 6 aug 4 13:27 Dir-rw-r--r--. 1 root root 11 aug 4 12:26 file[[ Email protected] ~]# umask0022umask: Mask Administrator: Directory permissions: 777-umask 755 file Permissions:666-umask 644 [[email protected] ~]# su - gentoo[[email protected] ~]$ touch file[[email protected] ~]$ mkdir dir[[email protected] ~]$ lltotal 0drwxrwxr-x. 2 gentoo gentoo 6 aug 4 13:32 dir-rw-rw-r--. 1 gentoo gentoo 0 aug 4 13:31 file[[email protected] ~]$ umask0002 Normal User: Directory permissions: 777-umask 775 file permissions: 666-umask 664 umask principle: umask from the directory file to screen out the corresponding bits of the maximum permissions, This results in the default permissions dir:777-umask file:666-umaks if the cardinality is plus one, even the immutable umask value can be used to retain the new file permission in the Create Files permission: 666- Umask If there is an execute (odd) permission for a bit, its permissions +1 new DIR permission: 777-umask non-privileged user umask 002 root umask is 022 umask: view umask #: settings umask002 umask –S mode display umask –p output can be called Global Settings: /etc./bashrc user settings:: ~/.BASHRC
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/6A/wKiom1ei1MXxpxQlAAAbF_eVngA811.png "title=" 9.png " alt= "Wkiom1ei1mxxpxqlaaabf_evnga811.png"/>
Set file Properties command:
chattr [ -rvf ] [ -v version ] [ mode ] files... chattr +A Add the Access file three times unchanged chattr +i Cannot delete, rename, change chattr -i unlock chattr +a only add chattr -a lsattr Display Specific Properties [[email protected] ~]# Chattr +i file[[email protected] ~]# lsattr file----I----------- file[[ email protected] ~]# rm -rf filerm: cannot remove ' file ': operation not permitted[[email protected] ~]# echo "Love" >>file-bash: file: permission denied[[email protected] ~]# chattr -i file. [[Email protected] ~]# chattr +a file[[email protected] ~]# lsattr file-----A---------- ./file[[email protected] ~]# rm -rf filerm: cannot remove ' file ': Operation not permitted[[email protected] ~]# echo "Love" >> file[[email protected] ~]# cat filelove
Third, access control list
Acl:access controllist, enabling flexible permissions management In addition to the file owner, the owning group and others, you can set permissions on more users centos7.0 the XFS and Ext4 file systems created by default have ACL capabilities. centos7.x Previous versions, the default manually created Ext4 file system has no acl functionality. Manual Increase Required: tune2fs –o acl /dev/sdb1 mount –oacl /dev/sdb1 / Mntacl Effective Order: Owner, custom user, custom group, other people the group permission on the ACL file is mask value (custom user, custom group  , with maximum permissions for the group), rather than traditional group permissions getfacl Special permissions are visible: Flags default ACL permissions give x, and files do not inherit x permissions. base acl cannot delete setfacl -k dir remove default ACL permissions setfacl -b file1 clear all ACL permissions getfacl file1 | setfacl --set-file=-file2 Copy file1 ACL permissions to the FILE2SETFACL command:setfacl - set file access control lists setfacl [-bkndrlpvh] [{-m|-x} acl_spec] [{-m|-x} acl_file] file ... option:-B: Remove all permissions -k: Clear default Permissions -m,x: Define ACL permissions -r: Recursive setfacl -m u:wang:rwx file|directorysetfacl -rm g:sales:rwx directorysetfacl -m file.acl file|directorysetfacl -m g:salesgroup: Rw file|directorysetfacl -m d:u:wang:rx directorysetfacl -x u: wang file |directorysetfacl -x file.acl directorysetfacl -m m::rw file
This article is from "Wake up your not alarm clock but dream" blog, please be sure to keep this source http://purify.blog.51cto.com/10572011/1834328
Linux permissions, group management, and access control lists (ACLs)