Linux User and Permissions Basics 5 Linux account management and ACL permissions settings

A Linux account and user group

1 each logged in user will obtain at least two IDs, one is the user ID short uid, one is the user group ID abbreviation GID

2 Each file will have the so-called owner ID and user group ID, when we have to display the requirements of file properties, the system will be based on/etc/passwd and/etc/shadow content to find the corresponding account number and group name in the display

3/ETC/PASSWD file structure each line represents an account number, there are a few lines on behalf of a few accounts in your system, but it is necessary to note that there are a lot of accounts in the system is the normal operation of the need, we can simply call it the SYSTEM account, these accounts cannot login system

4 UID's user characteristics

0 when the UID is 0, this account is root, and when you want to have root permissions for an account, modify the UID to 0.

1~499 reserved to the system using the ID, belong to the system account

500~65535 to the general user (Ubuntu system is starting from 1000)

5 General user Password forgotten, you can use the identity of root directly modify the general user's password can be

If the password is root is forgotten, we can use the boot into user maintenance mode and then modify

Two account management

1 can use Useradd to create a new user, the password is given using passwd this command can be

2 UID Specified value: When the system gives an account UID, it is the first reference uid_min set to obtain the minimum value, by/etc/passwd find the largest UID value, compare the two, find the biggest one plus one is the new account UID

3 to the general account to create a new password when you need to use the "passwd account" format, using "passwd" means to modify the password

4 You can use Chage to display more detailed password parameters

5 You can use Usermod to modify the parameters of an account

6 usually we want to delete an account, you can manually/etc/passwd and/etc/shadow inside the account cancellation can, in general, if the account is only temporarily not enabled, then the/etc/shadow inside of the account expiration date set to 0 can To make this account unusable, if it is really not want to use we can use Userdel

7 You can use Groupadd to add a user group

8 You can use Groupmod to modify a user

Three User Switching

1 with "Su-" directly to the identity of the root can be, but this command requires the root password, that is, if you want to become the root of Su, your average user must have a root password to do

2 to execute the command string of root with sudo command, sudo is better than su because sudo needs to be set up beforehand and sudo needs to enter the user's own password, so when multiple people manage a host together

3 simply use the "su" switch to become root identity, read the variable set the way Non-login shell, in this way many of the original variables will not be changed. If you use "Su-" to switch to root identity, you can switch to root using the login shell

4 If you want to perform a command of root once, you can take advantage of the "Su-C Command" method

5 Not everyone can execute sudo, but only users within/etc/sudoers can execute sudo command

6 Sudo's execution process

1 when the user executes sudo, the system finds in the/etc/sudoers file whether the user has permission to execute sudo

2 If the user has the ability to execute sudo, let the user enter the user's own password to confirm

3 If the password is entered successfully, the command followed by Sudo is executed.

7 other than root account, if you want to use sudo to execute a permission command that belongs to root, then root needs to use Visudo to change the/etc/sudoers so that the user can use the command function of all root

82 execution sudo interval in 5 minutes, then do sudo again do not need to enter the password again, if sudo operation more than 5 minutes, then need to enter a password

Four Linux host other information

1 If you want to know the user who is currently logged on to the system, you can query by W or who

2 Write can pass the information directly to the receiver, write user account

3 Linux operating system above, about account number and user group, actually record is uid/gid number just

4 user account/user group corresponding to Uid/gid, reference/etc/passwd and/etc/shadow two files

5 UID only 0 and not 2, not 0 for the general account, the general account is divided into System account and login account

6 with user new, change, delete related commands for Useradd,usermod,uesrdel

New with user group, change, delete related commands for Groupadd,groupmod,groupdel

7 system above the account login situation query can use W,who,last,lastlog

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/