Linux User Management

Source: Internet
Author: User
Tags touch command

first, the user's relevant configuration file:User information file:/etc/passwd password file:/etc/shadow user group file:/etc/group user group password file:/etc/gshadow user profile:/etc/login.defs /etc/default/useradd New User information file:/etc/skel login information:/ETC/MOTD Second, AddUser commandAddUser [-u uid][-g group][-d home][-s Shell]

-U: give the UserID directly

-G: give the GID directly

-D: Directly builds the root directory in the existing directory

-S: Define ShellTo create a user:[[email protected] ~]# useradd Lisi added create a user Lisi[[email protected] ~]# passwd Lisi set Lisi passwordchanging password for user Wangwu.New UNIX Password: Enter the password hereBad Password:it are based on a dictionary wordRetype new UNIX Password: Confirm password againPasswd:all authentication Tokens updated successfully.The above is a non-recommended way to create a user, and any user should belong to a group. It doesn't make much sense to create such "scattered people" in practice.  [[email protected] ~]# grep lisi/etc/passwd Lisi:x:502:502::/home/lisi:/bin/bashAs seen from the above information, the system defaults to a Lisi group that we created, with the group ID 504  User Switching:[[email protected] ~]# Su--Lisi root switch to Lisi user[[email protected] root]$ Su--root lisi user switch to rootPassword: Normal user switch root user is to password yo! Kiss! ordinary users to switch to other ordinary users also want the password yo!   User Change Password:[email protected] root]$ passwd changing password for user Lisi.changing password for Wangwu(current) UNIX password: First enter the original passwordNew UNIX Password: Enter a passwordRetype new UNIX Password: Re-confirm passwordPasswd:all authentication Tokens updated successfully.  The above is the cushion, the following is the focus.   thinking : In the previous section, we mentioned that the file that holds the user's password is shadow only by the root user. So why can ordinary users change the password?  ========================= SetUID=============================== This leads to an east----SetUID definition : When an executable program has setuid permissions, the user executes the program as the owner of the program. haha! The little wolf can not talk to the lamb with a friend, the Lamb may talk with the small sheep friends, so, the wolf put on the sheep's coat, and then to the identity of the sheep and the small sheep happy life together. Roar. In fact, the user executes this program is the command, passwd command authorized setuid permissions. So ordinary users can also change the password by passwd command.  Let's do a test!! It's interesting. Oh, do you want to try it too?  switch to the Lisi user below. [[email protected] ~]$ touch file01 Touch Create a file01 file[email protected] ~]$ ls-l file01 -rw-rw-r--1 Lisi Lisi 0 May 5 22:14 file01we see that this time the file created with the Touch command, the owner is Lisi, belongs to the group is the Lisi group Switch to root[email protected] ~]# ls-l/bin/touch-rwxr-xr-x 1 root root 38056 2009-07-03/bin/touch A careful friend will find more than one in front of the authority. That's right! Setuid belongs to this one.  setuid=4  now we give the Touch command a setuid grant setuid permission in two ways. [email protected] ~]# chmod u+s/bin/touch [email protected] ~]# chmod 4755/bin/touch  switch to the Lisi directory again[[email protected] ~]$ touch file02 Create file File02[email protected] ~]$ ls-l file02 -rw-rw-r--1 root Lisi 0 May 5 22:35 file02 this time we found that the same command touch, this time created by the owner of the file into the root  two ways to remove setuid permissions:[email protected] ~]# chmod u-s/bin/touch[email protected] ~]# chmod 755/bin/touch  ======================== SetGID================================= The use of Setgid, along with the use of setuid, is to add group permissions. setgid=2here's how to add Setgid:[email protected] ~]# chmod g+s/bin/touch [email protected] ~]# chmod 2755/bin/touch  General Command We can't grant setuid permission . If the VI command is granted the setuid command, there is no doubt that we have left a behind for Linux, so that we can modify the user and password information file through the VI command. So what are the command settings for setuid? We can look it up.  [email protected] ~]# Find/-perm-4000-o-perm-2000 in the current directory (/) Find with setuid (-perm-4000) or (-O) with commands for SetGID (-perm-2000) Permissions   ======================= sticky bit ================================== What is the role of adhesion, let's look at an example, which is easier to understand.  [[email protected] test]# mkdir ABC Create a directory ABC[[email protected] test]# touch abc/newfile Create a file in this directory newfile [[email protected] test]# chmod 777 ABC set permissions on this directory for everyone who has all permissions [email protected] test]# ls-ld ABC drwxrwxrwx 2 root root 4096 May 5 23:44 ABC [[email protected] test]# ls-l abc/newfile newfile file permissions are not censored by others. -rw-r--r--1 root root 0 May 5 23:44 abc/newfile switch to Lisi user[email protected] test]$ RM-RF ABC With the ABC directory under the NewFile killed, Lisi users have all the rights to the ABC directory, but the NewFile file does not delete permissions ah. This is the Linux access to the file rules. if Zhang San and John Doe have ownership of a folder, this folder has Zhang San files, there are John Doe files, if Zhang San look at John Doe file uncomfortable, then he directly killed, John Doe up a look at the cry. Why let Li four not cry? There's a sticky bit here.   sticky bits.Sticky bit =1T, if a permission is 777 directory has sticky bit, each user can create a file in this directory , but can only delete the files that they are the owner.   how to authorize the adhesive position:[email protected] test]# chmod o+t ABC[email protected] test]# chmod 1755 ABC let's try to delete it again:[email protected] abc]$ RM newfileRM: Delete general empty files with write protection ' newfile '? yRM: Unable to delete ' NewFile ': Insufficient permissions You can delete the files you created! [email protected] test]# Touch Newfile2[email protected] test]# RM newfile2RM: Delete general empty file ' Newfile2 '? y

Linux User Management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.