Linux User and permission basics 5 ---- Linux account management and ACL permission settings

A Linux account and user group 1 each login user will get at least two IDs, one is the user ID abbreviation UID, the other is the user group ID abbreviation GID2 each file will have the so-called owner ID and user group ID, when we need to display file attributes,

I. Linux accounts and user groups

1. each login user obtains at least two IDs, one for the user ID and the other for the user group ID.

2. each file has a so-called owner ID and user group ID. when we need to display file attributes, the system will find the corresponding account and group name based on/etc/passwd and/etc/shadow.

3. each line of the/etc/passwd file structure represents an account, and several lines represent several accounts in your system, however, you must note that many accounts are required for normal system operation. we can simply refer to them as system accounts, which cannot log on to the system.

4 UID user features

0 when the UID is 0, it indicates that the account is root. to grant root permissions to an account, change UID to 0.

1 ~ 499 ID reserved for the system, which belongs to the system account

500 ~ 65535 for general users (the ubuntu system starts from 1000)

5 after the password of a common user is forgotten, you can use the root identity to directly change the password of the general user.

If the root password is forgotten, we can start the system to enter the user maintenance mode and modify it.

2. Account Management

1. you can use useradd to create a user. if the password is given, use the passwd command.

2 UID value: when the system gives an account UID, it first obtains the minimum value by referring to the UID_MIN setting, and finds the maximum UID value by/etc/passwd, find the largest one, and add the UID of the new account.

3. when creating a password for a general account, you must use the format of "passwd account" and use "passwd" to change the password.

4. you can use chage to display more detailed password parameters.

5. You can use usermod to modify parameters of an account.

6. when you delete an account, you can manually cancel the account in/etc/passwd and/etc/shadow. generally, if this account is not enabled for the time being, set the expiration date of the account in/etc/shadow to 0 to make the account unusable, if you really don't want to use it, we can use userdel.

7. You can use groupadd to add a user group.

8. you can use groupmod to modify a user.

Three-user switching

1. use "su-" to directly change the identity to root, but this command requires the root password. that is to say, if you want to change the identity to root with su, your average user must have a root password.

2. run the root command string with the "sudo command". because sudo needs to be set in advance and sudo needs to enter the user's password, when multiple people manage a host together, sudo is better than su

3. simply use "su" to switch to the root identity, and set the read variables to non-login shell. in this way, many original variables will not be changed. If you use "su-" to switch to the root identity, you can use login shell to switch to the root identity.

4 If you want to execute the root command once, you can use the "su-c command" method.

5. Not everyone can execute sudo, but only users in/etc/sudoers can execute the sudo command.

6. sudo execution process

1. when a user executes sudo, the system checks in the/etc/sudoers file whether the user has the permission to execute sudo.

2. if the user has the permission to execute sudo, the user is asked to enter the user's own password for confirmation.

3. if the password is entered successfully, run the command after sudo.

7. for accounts other than root accounts, if you want to use sudo to execute the root permission command, root needs to use mongodo to change/etc/sudoers, allows the user to use all root commands

If the interval between two sudo operations is within 5 minutes, you do not need to enter the password again when you execute sudo again. if The sudo operation lasts for more than 5 minutes, you need to enter the password once.

4. Other Linux host information

1 If you want to know that you have logged on to the system, you can use w or who to query

2. write the information directly to the receiver and write the user account.

3 In Linux, the accounts and user groups actually record UID/GID numbers.

4. the user account/user group corresponds to UID/GID. for details, see The/etc/passwd and/etc/shadow files.

5 UID: only 0 and non-0. if the value is not 0, it is a general account. general accounts are divided into system accounts and logon accounts.

6. commands related to user creation, modification, and deletion are useradd, usermod, and uesrdel.

Commands related to user group creation, modification, and deletion are groupadd, groupmod, and groupdel.

7. You can use w, who, last, and lastlog to query the Account logon status on the system.