Linux User and Rights management
User Management
Multi-user multitasking operating system
User type
Administrator user root
Normal User
System User/program user
User-related files:
/etc/passwd User Information
Format:
User name: X:uid:gid: Description Information: SHELL
Uid:
---60000
0---999 system users
SHELL:
/bin/bash Default
/sbin/nologin System users
/etc/shadow User password information
User:
Basic Group
Additional group user UserA-----> user Group UserA; Caiwu, Shichang, Jishu, YANFA
1. Create user
# useradd [option] User name
Option options:
1)-U uid Specifies the UID of the user
[Email protected] ~]# useradd-u user2
[[email protected] ~]# ID user2
uid=2000 (User2) gid=2000 (user2) group =2000 (User2)
[Email protected] ~]#
2) Specify the user's base group, additional group
-G Gid/Group name
-G Gid/Group name,...
[Email protected] ~]# Groupadd Caiwu
[Email protected] ~]# useradd-g user1-g Caiwu User3
[Email protected] ~]#
[[email protected] ~]# ID User3
uid=2001 (User3) gid=1001 (user1) group =1001 (User1), 2001 (CAIWU)
3) Specify the user shell name
-S shell name
- m does not create a host directory
[Email protected] ~]# useradd-s/sbin/nologin-m Apache
4) Create a system user
-R
[[email protected] ~]# useradd-r MySQL
5) Specify the user's host directory
[Email protected] ~]# useradd-d/tmp/hadoop Hadoop
2. Switch users
# Su-User name
3. View User ID Information
[[email protected] ~]# ID user1
uid=1001 (user1) gid=1001 (user1) group =1001 (user1)
[[email protected] ~]# ID User3
uid=2001 (User3) gid=1001 (user1) group =1001 (User1), 2001 (CAIWU)
[Email protected] ~]# id-u User3
2001
[Email protected] ~]# id-g User3
1001
[Email protected] ~]# id-g User3
1001 2001
[Email protected] ~]# id-u-N user3
User3
[Email protected] ~]# id-g-N user3
User1
[Email protected] ~]# id-g-N user3
User1 Caiwu
[Email protected] ~]#
4. Set User password
# passwd [option] [user name]
[Email protected] ~]# passwd user1
1) View User password status
[Email protected] ~]# Passwd-s user1
User1 PS 2017-04-11 0 99999 7-1 (password is set, use the SHA512 algorithm.) )
2) lock user password (cannot log in)
[Email protected] ~]# Passwd-l user1
Locks the password of the user user1.
PASSWD: Successful operation
[Email protected] ~]# Passwd-s user1
User1 LK 2017-04-11 0 99999 7-1 (password has been locked.) )
3) Unlock user password
[Email protected] ~]# Passwd-u user1
Unlocks the user User1 password.
PASSWD: Successful operation
[Email protected] ~]# Passwd-s user1
User1 PS 2017-04-11 0 99999 7-1 (password is set, use the SHA512 algorithm.) )
[Email protected] ~]#
4) Force user password to expire
[Email protected] ~]# PASSWD-E user1
The user User1 password is being terminated.
PASSWD: Successful operation
5. Modify user Information
# usermod [option] User name
-U UID
-G Group Name
-Group G Name
-S shell name
[Email protected] ~]# Usermod-ag Caiwu User3
[[email protected] ~]# ID User3
uid=2001 (User3) gid=1001 (user1) group =1001 (User1), 2001 (Caiwu), 2004 (Shichang)
6. Delete users
# userdel [option] User name
[Email protected] ~]# Userdel user1
[[email protected] ~]# userdel-r user2>>> Delete the user's host directory at the same time
User Group Management
1. Create a user group
# Groupadd User Group name
2. Delete user groups
# Groupdel User Group name
[Email protected] ~]# Groupadd Jishu
[Email protected] ~]# Useradd Tom
[Email protected] ~]# Useradd Mike
[Email protected] ~]# Useradd Jerry
[Email protected] ~]# usermod-g Jishu Tom
[Email protected] ~]# usermod-g Jishu Jerry
[Email protected] ~]# usermod-g Jishu Mike
[[email protected] ~]# grep "Jishu"/etc/group
Jishu:x:2005:tom,jerry,mike
[Email protected] ~]# gpasswd-d Tom Jishu
Removing user "Tom" from the "Jishu" group
[[email protected] ~]# grep "Jishu"/etc/group
Jishu:x:2005:jerry,mike
[Email protected] ~]#
User Action Environment Profile:
Copied from the/etc/skel directory
[Email protected] ~]# ls-a/home/usera/
. .. . bash_logout. Bash_profile. BASHRC. Mozilla
. BASHRC Open a new terminal/ETC/BASHRC
. bash_profile User Login system /etc/profile
. bash_logout Logoff system
Example: Setting command aliases
# alias Command aliases = ' Command '
To set an alias for a single user:
[Email protected] ~]# VIM/HOME/USERA/.BASHRC
Alias ipshow= ' Cat/etc/sysconfig/network-scripts/ifcfg-eth0 '
[Email protected] ~]# SOURCE/HOME/USERA/.BASHRC
To set aliases for all users:
[Email protected] ~]# VIM/ETC/BASHRC
Alias ipshow= ' Cat/etc/sysconfig/network-scripts/ifcfg-eth0 '
[Email protected] ~]# SOURCE/ETC/BASHRC
File directory Permissions Management
General permissions:
RRead 4
WWrite write 2
XExecute execution 1
File:
R viewing file contents (CAT/MORE/LESS/HEAD/TAIL/GREP)
W Edit file contents (VIM)
XShell/python Script
Directory:
R View files under the directory (LS/TMP)
W Modify the files in the directory (new, delete, MV)
x Switch directory (CD)
View File Permissions
[Email protected] ~]# ls-l/etc/fstab
-rw-r--r--. 1 root root 465 July 2016/etc/fstab
View Directory Permissions
[Email protected] ~]# ls-ld/etc/
Drwxr-xr-x. 136 root root 8192 April 13:48/etc/
Set file directory Permissions
1) chmod Modify Permissions
# chmod {augo}{+-=}{rwx} file name
A All
uuser owner
GGroup of genera
o Other
[Email protected] ~]# chmod a+x/test/1.txt
[Email protected] ~]# chmod g=rw/test/3.txt
# chmod nnn File name
[Email protected] ~]# chmod 600/test/4.txt
2) Modify the owner of the file, belong to the group
# chown user name. User group name File name
[Email protected] ~]# chown user1.caiwu/test/1.txt
[Email protected] ~]# chown user1/test/2.txt
[Email protected] ~]# chown root.caiwu/test/4.txt
To modify only the genus group:
# CHGRP user Group name file name
[Email protected] ~]# chgrp caiwu/test/3.txt
Method 2)facl----file access Control List
Set permissions:
Set permissions for individual users
# setfacl-m u: User name: Permission file name
[Email protected] ~]# setfacl-m u:user4:r/test/3.txt
[Email protected] ~]# Getfacl/test/3.txt
Getfacl:removing leading '/' from absolute path names
# File:test/3.txt
# Owner:user1
# Group:user3
user::rw-
user:user4:r--
Group::rwx
Mask::rwx
Other::r-x
Set permissions for a single user group
# setfacl-m G: User group name: Permission file name
Remove Facl Permissions
Remove permissions for a single user
# setfacl-x u: User name File name
[Email protected] ~]# setfacl-x u:user4/test/3.txt
Remove permissions for a single user group
# setfacl-x G: User group name file name
Special permissions:
Suid4
Sgid2
Sticky bit 1# chmod 644 file01 # chmod 6644 file02 # chmod 2700
1, Suid
Role: Ordinary users during the execution of the command, will temporarily obtain the command is the main user of the operating system permissions
[Email protected] ~]# ls-l/usr/bin/passwd
-rwsr-xr-x. 1 root root 27832 June 2014/usr/bin/passwd
Set SUID Permissions
# chmod u+s file name
2, Sgid
For directory settings
Role: After the directory has Sgid permissions, the newly created file in the directory inherits the group information of the directory
Set Sgid Permissions
# chmod G+s Directory Name
[Email protected] ~]# ls-ldh/linux/
Drwxr-sr-x. 2 root Caiwu 18 April 15:37/linux/
3. Sticky bit
For directory settings
Role:
Only the main user, directory owner and root of the file under the directory can delete the file
[Email protected] ~]# ls-ldh/tmp/
DRWXRWXRWT. 8 root root 4.0K April 15:45/tmp/
Set Sticky bit permissions
# chmod o+t Directory Name
chmod, Chown, Chgrp, Setfacl
Common options:-r
This article is from the "lyw666" blog, make sure to keep this source http://lyw666.blog.51cto.com/12823216/1957697
Linux user and file directory management