Linux User and Rights management

"File management, pipelines, user and group management, user and Rights management" \ User and Group management

User and Group Management

Linux system is a multi-user multi-tasking time-sharing system, any user who wants to use system resources must first request an account from the system administrator and then enter the system as this account. On the one hand, the user's account can help the system administrator to track the users who use the system and control their access to system resources, and on the other hand can help users organize files and provide security protection for users. Each user account has a unique user name and a separate password. When a user types the correct user name and password at logon, they are able to enter the system and their home directory. To achieve the management of user accounts, the main tasks to be completed are as follows:

1. Add, delete and modify the user account.

2. Management of user passwords.

3. Management of user groups.

There are two types of Linux users, namely the Administrator (uid:0) and the ordinary user (uid:1-65535), and the normal user is divided into the system user and the login user.

　　Note : What content a program can access depends on which publisher the program is from.

The Linux group can be divided into the Administrators group (gid:0) and the normal user group (1-60000)

　　Note : The CENTOS6 version and the CENTOS7 version have a slightly different UID than GID.

In addition, user groups can be divided into basic groups (users create a basic group by default with their first name when they are created) and additional groups (in addition to the existing base groups, additional groups are added, other groups are this user-attached group)

So the group name is a common name, and only one user is called a private group, and the group contains multiple users called public groups

Linux User and group-related configuration files

Information about users and user groups is stored under/etc/passwd,/etc/shadow,/etc/group and/etc/gshadow files. The specific contents of these files are described below.

1./etc/passwd

The user and its attribute information are saved under this file. Each message is separated from left to right by a colon divided into 7 parts, username (user name): X (password placeholder, the real password can not be placed here, Too insecure): UID (User ID): GID (user group ID): Store user's comment information: User home directory: The shell that the user uses by default.

2./etc/shadow

This file holds the user's password and its associated attribute information, where each message is separated from left to right by a colon divided into 9 parts, user name: password (encrypted, password "!") or "*" User has been disabled): the date of the most recent password change, the number of days since the beginning of the first day of Linux (starting January 1, 1970): Password minimum usage time: Password maximum time: Password alarm time (before the password expires n days to alarm, Need to change password): Inactivity time (M-day can still be logged out after warning time): Expiration Time (at which time the user cannot use): Reserved bit is temporarily unused.

3./etc/group

This file holds the user group and its attribute information, each line is divided into 4 parts by a colon from left to right, the group name (creating a user creates a group with the same name): X Group password placeholder (same as user password is stored in another location): GID: comma-delimited list of users, A list of users with this group as additional groups.

4./etc/gshadow

This file holds the group password and its related attribute information, each line is divided into 4 parts by a colon from left to right, the group name (create a user will create a group with the same name): Ciphertext password (empty when only members of this group can get permissions, "!" With "*" Do not need password to join directly): User group administrator (is a comma-delimited list of users, the user group administrator can modify the password and group members, but also the other members of the group have the same permissions): Members (this group is a user list of additional groups of users, should be and/etc/ List of users under Group)

User and group-related management common commands

First, user created: Useradd

How to use: useradd [options] Login

Common options:

-u:--uid UID: Specifies UID, defined in/etc/login.defs

-g:--gid Group: Indicates the user base group, which can be a group name or GID

-g:group1[,group2,... [, GROUPN]] : Specifies the additional group to which the user belongs, with the group pre-existing

-c:--comment Comment: User annotation information

-d:/path/to/home_dir: The specified path is the user's home directory: by replicating/etc/skel this directory and renaming the implementation, the specified home directory path does not replicate the environment profile for the user if it exists beforehand

-s:--shell Shell: Specify the user's default shell, and the available list is stored under/etc/shells

-r: Create a System user.

　　Note : The default value is set in/etc/default/useradd. Use the useradd-d command to view the default configuration for creating users

Second, create group: Groupadd

How to use: groupadd [option] ... group_name

Common options:

-G GID: Specify GID number

-R: Creating a System Group

Third, view the user ID information: ID

How to use: ID [OPTION] ... [USER]

Common options:

-U: Show only valid UID

-G: Displays only the user's base group ID

-G: Displays only the IDs of all groups to which the user belongs

Iv. switch users or execute commands as other users: Su

How to use: su [Options ...] [-] [user [args ...]]

Switch User mode:

Non-logon switch, does not read the destination user's configuration file for initialization: Su USERNAME

Login switch, will read the destination user profile, completely switch: Su-username or su-l USERNAME

Change Identity Execution Command:

Su [-] username-c ' COMMADN '

Five, user encryption: passwd

How to use: Passwd[options]username: Modify the specified user password, only the root user has permission.

Common options:

-L: Lock the specified user

-U: Unlock the specified user

-n:mindays: Specify the minimum period of use

-x:maxdays: Maximum use Period

-w:warndays: Early Warning period

-i:inactivedays: Non-active period

Receive user password from standard input: echo "Password" | passwd--stdin username

Vi. User Attribute modification: usermod

How to use: usermod [options] LOGIN

Common options:

-u,uid: Modify user's ID to new UID;-G,--gid Group: Modify user to new basic group;-G, Group1[,group2,... [, GROUPN]] : Modify the additional group to which the user belongs; The original additional group will be overwritten, and if it is retained, use the-a option (append)-S, the new default shell-c, COMMENT: new annotation information;-D, Home_dir: New User home Directory　　The user's original files will not be transferred to the new home directory, and the-M option is used to move. -L, Login name: new user name;-l,lock: Lock user password; add a "!" before the user's original password string ;-U,--unlock: Unlock the user's password; vii. Delete User: Userdel

How to use: Userdel [options] LOGIN

Common Option-r: Delete the user's home directory, not delete the default

Eight, group properties modified: Groupmod

How to use: groupmod [options] GROUP

Common options:

-G GID: New GID

-N group_name: New group name

Nine, group delete: Groupdel

How to use: Groupdel GROUP

Ten, group password: gpasswd

How to use: gpasswd [option] Group

Common options:

-A User: Add user to the specified group

-D User: Remove additional groups named by the current group

-A user1,user2, ... : Set up a list of users with administrative rights

Xi. Modify user attributes: Chage

How to use: chage [options] LOGIN

Common options:

-D: Modify the last time the password was modified

-E: Modify user Expiration Time

-I: Change password expires in anger time limit

-W: Modify Alarm Days

-M: Change password minimum days to use

-M: Maximum number of days to change password

Permissions for files

The file permissions for the object are:

Owner: Master, u

Group: Genus, G

Other: Others, O

For files:

File readable (R): You can view its contents.

File Writable (W): The contents of the file can be modified.

File executable (x): You can bring the file to the kernel to boot into a process.

For catalogs:

Directory readable (R): You can use LS to view a list of files in a directory

Directory Writable (W): Files can be created or deleted in this directory

Directory executable (x): You can use Ls-l to view the files in the directory, you can CD into the directory.

Rights Management class commands

First, modify the file permissions (chmod)

How to use:

1. chmod [OPTION] ... Mode[,mode] ... FILE ...

You can directly assign the rwx directly to the appropriate user type: U is the owner, G is a group, O is other user, A is all users (same as ugo=---)

or directly manipulate a permission bit for a class of users (U+x,o-r)

2.chmod [OPTION] ...　　Octal-mode FILE ...       Use octal directly to modify R=4,w=2,x=1. Where-R can recursively modify permissions.　　3.chmod [OPTION] ...--reference=rfile FILE: Refer to Permissions for other files

view file permissions [[email protected]/]# LL-LH/djtotal 16K-rw-r--r--1Root rootWuyiJune - Ten: $hello_world.py-rw-r--r--1Root root theJune the Ten:xxname_daxiaoxie.py-rw-r--r--1Root root -June the  the: -name.py-rw-r--r--1Root root359Jul at  Geneva: -test.py Modify permissions [[email protected]/]#chmod 775/dj/hello_world.py [[email protected]/]# LL-LH/djtotal 16K-rwxrwxr-x1Root rootWuyiJune - Ten: $hello_world.py-rw-r--r--1Root root theJune the Ten:xxname_daxiaoxie.py-rw-r--r--1Root root -June the  the: -name.py-rw-r--r--1Root root359Jul at  Geneva: -test.py use a third way [[email protected]/]#chmod--reference=/dj/hello_world.py/dj/test.py [[email protected]/]# LL-LH/djtotal 16K-rwxrwxr-x1Root rootWuyiJune - Ten: $hello_world.py-rw-r--r--1Root root theJune the Ten:xxname_daxiaoxie.py-rw-r--r--1Root root -June the  the: -name.py-rwxrwxr-x1Root root359Jul at  Geneva: -Test.py[[email protected]/]#

Second, the owner of the modified file belongs to the main (use only the root user)

1. Modification of the owner (Chown)

How to use: chown[option] ... [OWNER] [: [GROUP]] FILE ... or use--referrence

Chown owner|owner:group|:group file (where: available. Replace and can be replaced with-R recursion)

2. Modified Genus (Chgrp)

Chgrp[option]...group file or--referrence mode

3. Masking code when file or directory creation: Umask

File:666-umask (If an X permission is present in the result of a class of user rights, the permission is 1)

Dir:777-umask

Umask: View Current value

umask#: Set Value

Linux User and Rights management