Linux User identity and File Permission commands

Linux User identity and File Permission commands
I. User identity and capabilities

Root users have high system ownership and can manage various system functions, such as adding/Deleting Users, starting/disabling processes, and enabling/disabling hardware devices.

User UID

In fact, root is just a name. What truly makes it a "Super User" is the UID value:

UID (short for User IDentification): each User has a corresponding UID value, just like our ID card number.

Super User UID0: the default value of root user is 0. System User UID1-999: system services in the system run by different users, more secure, by default restricted login system. Normal user UID1000 ~ : A common user created by the Administrator for daily work and cannot manage the system.

Note: The UID must not conflict. The UID created by the Administrator starts from 1000 (even if there is an idle number ). The account name and UID are saved in the/etc/passwd file, while the account password is saved in the/etc/shadow file.

Group GID

GID (Group IDentification): You can add multiple users to a Group to facilitate task assignment or work.

Imagine if a company employee wants to share information with the same department, they can join their own working groups, such as the technical department, O & M department, and Finance Department ......

When a user is created, a default group (the GID is the same as the UID, also known as the basic group) is created and then added to the group.

The user group name and GID are stored in the/etc/group file.

Ii. File permissions and ownership

In Linux, everything is a file. The ownership and permissions of files and directories are defined to specify the read, write, and execute permissions of the owner, all groups, and others respectively.

File Permission

Read r (read), write w (write), execute x (execute) abbreviation is (r, w, x), can also be expressed by a number (, 1)

Example: If the permission of a file is 7, the file is readable, writable, and executable (4 + 2 + 1 ). If the permission is 6, it indicates read (4) and write (2 ). 5 represents readable (4) and executable (1 ). 3 indicates writable (2) and executable (1 ).

File Type

For example, the file owner (owner) in is root, all groups (groups) are root, and the file name is instsall. log, the first minus sign of the permission bit "-" indicates the normal file type.

File types include:

-: Common file d: directory file B: block device file c: character device file p: Pipeline File

The File Permission is rw-r-that is, the owner (owner) has the read and write permissions, all groups (groups) have the read permission, and others only have the read permission.

Permission attribution

A common file is the place where data is actually saved. It does not have the permission to delete itself:

R: actual file content that can be read w: editable/Add/modify the actual content of the file x: executable

Directory files are stored with the directory structure and file permissions:

R: readable directory structure and permissions w: You can change the directory structure list, create/delete/rename/Transfer sub-files/directories. X: indicates that the user can enter this directory.

Note:Files created in this directory automatically inherit the user group of this directory (you can only set the Directory)

Iii. Use chmod and chown

The chmod command is used to modify the [permission] of a file or directory and to modify the permission of a file or directory. The format is chmod [parameter] Permission file or directory name. The chown command is used to modify the [owner and group] of a file or directory. The format is chown [parameter] owner: Owner group file or directory name.

For example:

chown -R root:root /var/lib/jeninschown -R root:root /var/cache/jenkinschown -R root:root /var/log/jenkins

The command parameters of chmod and chown are easy to remember-if you do not add parameters to a file, add-R to the directory (recursively modify the attributes of all files in the directory ).

Iv. su command and sudo service su command

The su command is used to change the user's identity (switch the login) in the format of su [-] user name.

When switching to another user, the root user does not need to enter a password and tries to switch to the normal user Olympus:

[root@root ~]# su olysa

A common user needs to enter the account password of the other user before switching.

To change the environment variable to a new user, add a parameter-.

Sudo Service

The sudo command is used to provide general users with additional permissions to complete the tasks that the original Super User can complete. The format is: sudo [parameter] command name.

Sudo features:

1: restrict the user to execute the specified command.

2: record each command executed by the user.

3: the configuration file (/etc/sudoers) provides centralized user management, permissions, host, and other parameters.

4: the user does not need to verify the password within 5 minutes (default value) after the password is verified, which is more convenient.

Common Parameters of The sudo command include:

Parameters	Function
-H	Lists help information.
-L	List executable commands of the current user.
-U	The user name or UID value executes the command as the specified user identity.
-K	Clear the Security time. The next time you run sudo, You need to verify the password again.
-B	Run the specified command in the background.
-P	Prompt for changing the password.

Only super users can use the mongodo command to edit the configuration file/etc/sudoers Of The sudo program.