Linux_ user, Group, and Rights management

Linux is a multi-user, multi-tasking operating system! The so-called multi-user refers to the simultaneous use of system resources, multitasking means running multiple programs at the same time.

The user is divided into the administrator and the ordinary user, the ordinary user is divided into the system user and the login user. The administrator's permissions are the largest, the administrator has limited resources in the case of the allocation of resources to different users, as well as the monitoring and management of different users. System users run only the service program, and the logged-on user is the normal consumer of system resources

The user ID (UID) of each user on different CentOS versions is not the same. Have a certain limit. The UID of the administrator is "0".

The UID of the system user on the CentOS 5, 6 version is 1-499 the UID of the ordinary user is

The UID of the system user on the CentOS 7.0 version is the UID of the 1-999 ordinary user 1000+

To achieve the management of user accounts, the main tasks to be completed are: User account Add, modify, delete, password management, user group management ... Wait, here's what you'll get!

First, user management

The management of user accounts mainly involves the addition, modification and deletion of accounts.

1. Add a new user account using the "useradd" command, the general options are as follows.

-G: Specify user's user group-G: Specify the user's additional group

-C: Note Information-D: Specify the user's home directory

-M: Forced to create home directory-S: User Login shell Name

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/1D/wKiom1bgDfCivuTmAAATqyQXP2w208.png "title=" 2016-03-09_194848.png "alt=" Wkiom1bgdfcivutmaaatqyqxp2w208.png "/>

As shown, create a new user "Lweim"whose login shell name is "Bin/ksh"and the home directory is "/home/lweim"; another new user "Slackware" , its login shell is "/bin/bash"and the home directory is "/usr/slackware "

Note: The new user "Useradd" followed by "-D" and without "-D" or plus "-S" and no "-S" is different. No "-D" is the system's default home directory "/home/lweim". Add "-D" to the specified home directory "/usr/slackware"

Do not add "-S" is the system default login shell, plus "-S" is the designated login shell

2, if an account is not used, can be removed from the system, delete an account to use the "Userdel" command, the general options are as follows.

- R: Delete home directory together

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7D/1C/wKioL1bgFL-Sq7XeAAAogq2dO-g388.png "title=" 2016-03-09_201635.png "alt=" Wkiol1bgfl-sq7xeaaaogq2do-g388.png "/>

By the graph. "- R"is not added when user "WANGTC" is deleted, and there is a home directory.

"- R"was added when user "Wangzix" was deleted, and its home directory was deleted.

3. Modification of the user. is to modify the user's related properties. such as home directory, user group, login shell ... And so on, the user modifies to use the "usermod" command, the general options are as follows.

-C: Note Information D: Modify the location of the home directory

-S: Modify the Login shell name

Cases:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7D/1C/wKioL1bgFqTxIKoMAAAPfOMs_VQ996.png "title=" 1.png " alt= "Wkiol1bgfqtxikomaaapfoms_vq996.png"/>

When the "usermod" command is used, the user's home directory "Lweim " is changed from "/home/lweim" to "/usr/lweim". Login shell name changed from "/bin/ksh" to "/bin/bash "

4. Password management;

An important content of user management is password management, the Super User (administrator) can change their own and other users ' passwords, ordinary users can only modify their own password. The "passwd" command is required to change the password, and the general options are as follows;

- L: Lock password-u: unlock password

-D: Clear Password

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7D/1E/wKiom1bgGgrDBbAkAAApBwTQjdw701.png "title=" 33.png "alt=" Wkiom1bgggrdbbakaaapbwtqjdw701.png "/>

Second, user group management

Each user has a user group or can have multiple additional groups (that is, additional groups). The management of user groups involves the addition, modification, and deletion of user groups.

1. Add a new user group using the "groupadd" command, the general options are as follows;

-G: Specifies the group identification number of the new user group-r: Create a system group

Cases:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7D/1E/wKiom1bgHCTQA-FHAAAQWSof4wY198.png "title=" 444. PNG "alt=" Wkiom1bghctqa-fhaaaqwsof4wy198.png "/>

The first command is to create a user group named "Group1" whose group ID number is 1001;

The second command is to create a system group named "Group2" with the group identification number 986;

2, modify the user group's properties using the "groupmod" command, the general options are as follows;

-G: Specify a new group ID number for the user group-N: Change a new name for the user group

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7D/1D/wKioL1bgIBLgAPssAAATJ0ItfFA339.png "title=" 11.png "alt=" Wkiol1bgiblgapssaaatj0itffa339.png "/>

This command names the user group "GROUP4" as the new name "GROUP5", and the user group identification number is changed from "2223" to "3333".

3. If you want to delete an existing user group, use the "Groupdel" command.

Cases:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7D/1D/wKioL1bgITXSE_wqAAAVSvCRATE960.png "title=" 22.png "alt=" Wkiol1bgitxse_wqaaavsvcrate960.png "/>

The command for this user is to delete the user group "GROUP5" .

Third, Rights management

Linux is a typical multi-user system, different users in different positions, also have different permissions. The permissions for each user to access the same file or directory are different.

We can use the command "ll" or "Ls-l" to display the properties of a file or directory and the users and groups to which it belongs. The general options are as follows;

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7D/1F/wKiom1bgJSKhIGTiAAA9XDl40Wc051.png "title=" 111. PNG "alt=" Wkiom1bgjskhigtiaaa9xdl40wc051.png "/>

instance, the first attribute of the directory "etc" file is represented by "D ", and"D" on Linux represents the file as a directory file. Other attributes are as follows;

[-]: Indicates file

[L]: expressed as a linked document

[b]: As the device file inside the storage interface device (can be random access device)

[C]: Represents the serial port device inside the appliance file, such as a keyboard, mouse.

" 650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7D/1D/wKioL1bgJkbRUzgkAAABNr1pI6k584.png "title=" 333.png "alt=" Wkiol1bgjkbruzgkaaabnr1pi6k584.png "/>", minus the first character "D", followed by a three-bit group of characters, The left three bits are the owner's access rights (user), the access Rights (group) of all the users in the three-bit group, and the access rights of other users (others) for the right three. and are all three parameter combinations of [rwx] . where "R" stands for readable permissions,"W" for writable permissions, and"x" for executable permissions. "-" represents no permissions.

Note: The location of these three permissions does not change, and there are two states "either have permissions (denoted by 1), or do not have permissions (in 0)". Octal numbers are made up of three-bit binary numbers, as follows;

---: 000 0

--x:001 1

-w-:010 2

-wx:011 3

R--:100 4

R-X:101 5

RW-:110 6

rwx:111 7

Example: 650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7D/1F/wKiom1bgKhnS6y92AAAEejhPkOg775.png "title=" 555. PNG "alt=" Wkiom1bgkhns6y92aaaeejhpkog775.png "/>

The permissions of the directory "etc" are [rwxr-xr-x];

user=rwx=5 group=r-x=5 others=r-x=5

The permissions of the directory "etc" can be expressed as "755"

1, want to change the permissions, there are three ways. Need to use the "chmod" command, the general options are as follows;

- R: Recursive changes, that is, the permissions of the directory itself and the files below the directory are changed together.

(Method 1): Use "u=,g=,o= or ug= and so on" method to change the permissions!

Cases:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7D/1F/wKiom1bgL0_wZgtmAAAxYbVAIP4056.png "title=" 666. PNG "alt=" Wkiom1bgl0_wzgtmaaaxybvaip4056.png "/>

, this command changes the permission of "etc" from [rwxrwxr-x] to [rw-rw--x]. However, the files under the directory are not changed. To change the properties along with the files in the directory, you need to use the "-r" option. Such as

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7D/1E/wKioL1bgMcuDWwnMAABFxU9Xa64685.png "title=" 777. PNG "alt=" Wkiol1bgmcudwwnmaabfxu9xa64685.png "/>

(Method Two): Use "u+,g+,o+ or ug+ and so on" method to change the permission!

Example: the permission of the directory "etc" from the graph in (Method 1) is [DRW-RW---x], now want to change the permission to [Drwxrwxr-x], the method is as follows:

Cases:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/1E/wKioL1bgM96xrEVVAAAPSeSR8Hk646.png "title=" 999. PNG "alt=" Wkiol1bgm96xrevvaaapsesr8hk646.png "/>

Access to the directory itself as a file under the directory becomes more [drwxrwxr-x]

(Method Three): As mentioned above, each permission can be expressed as an octal number. For example, "775" can indicate a permission of [Drwxrwxr-x], 664 can represent a permission of [drw-rw-r--]. So we can change the directory and file permissions based on this. If you want to change the file and directory permissions to 770 (drwxrwx---), the method is as follows;

Cases:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7D/1E/wKioL1bgNYKy4mtlAAAQh4OxY2Q030.png "title=" 111. PNG "alt=" Wkiol1bgnyky4mtlaaaqh4oxy2q030.png "/>

The permissions for the files in the directory and directory shown in the figure are changed to 770. that is [drwxrwx---];

Note: the "u=" and "u+" in method one and method two are different.

"U=" is a three-bit permission in a group that changes simultaneously

"U+" is the right to change a certain bit in a group

For example: The permission is "R-X-WX---"

"U=r" is displayed as [R---WX---]

"U+w" is displayed as [rwx-wx---]

2. The "CHGRP" command is required to change the group of directories or files, the general options are as follows.

- R: The group of all files under the directory changes together.

Cases:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7D/1F/wKioL1bgydvx0nFQAAAtweoZOfM174.png "title=" 2016-03-10_090411.png "alt=" Wkiol1bgydvx0nfqaaatweozofm174.png "/>

The figure shows that the category "etc" and all the files in the directory are changed from "root" to "mageedu"

3. Changing the owner of a directory or file requires the "chowm" command, or you can change the group of directories or files at the same time. The general options are as follows;

- R: The group of all files under the directory changes together.

Cases:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7D/21/wKiom1bgy8XDVlGNAAAwnzWjoas478.png "title=" 22.png "alt=" Wkiom1bgy8xdvlgnaaawnzwjoas478.png "/>

The owner of all the files in the catalogue "etc" and the directory is changed from "root" to "WTC"and the group is changed from "mageedu" to "Lweimin".

This article is from the "11265133" blog, please be sure to keep this source http://11275133.blog.51cto.com/11265133/1749443

Linux_ user, Group, and Rights management