Use of Linux user groups and user Rights 2

Touch/etc/nologin

echo System is maintanining >>/etc/nologin

Can control all non-administrator root other than the normal user can not login

7 version inside

cd/run/

Touch/run/nologin

The same effect so that ordinary users can not login

Ehho Weihu >/run/nologin

Useradd-ou0 Root2

Generate an administrator user by forcing this into uid=0

Cp-r/etc/skel/. /home/zczx

Cp-r/etc/skl/. [^.] */HOME/ZCZX

Group

Groupadd

-G Specify GID number

-R Creating a system group

CentOS 6:id<500

CentOS 7:id<1000

Groupmod

-N New name

-G New GID

Groupdel

Deleting a secondary group does not remove the user's primary group.

gpasswd

-A User: Add user to the specified group

-D User: Remove users from the specified group

-A user1,user2,.....: Set up a list of users with administrative rights

-m specifies that the member function is similar to-a

-R: Remove password

-r: Restrict user login group, only group member can join with NEWGRP

NEWGRP command: Temporarily switch base Group

If the user does not belong to this group, a password is required

"Directly when the string output

"" Variable can identify

"Reverse reference, variable output

Specific output to see the use of

Permissions

R Read

W Write writing

X Excute Execution

File-rw-r--r--

rw-r--r--

User group Other

chmod

Change Mode Modify Permissions

chmod who opt per file ...

Who:u,g,o,a

pot:+,-, =

Per

chmod u=rwx F1

chmod a=rwx F1 everyone A

of the file

With r permission, can read text, but cannot modify text

W permission can be modified to write empty files, there is a certain danger, but no permission to delete files

With x permission, for an executable binary program or script

X: Does not increase X, (the premise itself has no X permission)

of the Catalog

R: You can view a list of files within a directory, but you cannot access the file, you cannot CD, and you cannot view the file's metadata

W: You can create or delete files to match x permissions.

x: can go into the directory, you can access the directory of files, do not display directory files, but can be directly accessed by the file name

x: does not increment X (the premise itself has no X permission)

The directory has W and X, write and execute permissions to manipulate the contents of the directory, you can delete files under the directory

Chmod-r a=rwx dir1/

Chmod-r a=rwx dir1/

Octal digits

Rw-r-----

1,101,000,002 binary

4,204,000,004 binary

6,408 binary

640:rw-r-----

755:rwxr-xr-x

CHOMD 640

Chomd

U file belongs to master permission

G Same group User rights

o Other user rights

A all users (including the above 3 types)

+ Add Permissions

-Cancel Permissions

= Unique Set permissions

chmod--reference/etc/shadow dir1 Reference file Dir1 permission settings

How to fix the user root directory is deleted

RM-RF Wangcai

Cp-r/etc/skel Wangcai

Chown-r Wangcai.wangcai Wangcai/

chmod Wangcai

Chown modifying the owner of a file

Change the owner or owning group for each file

-R recursively processes all files and subdirectories

Chgrp modifying the owner of a file

Change the group ownership of a file

-R recursively change the directory and the group ownership of its contents

Umask can be used to keep the Create file permission

-S: Displays the current mask as a character

-P: With umask beginning to display the current mask as a number

Umask + default per =file 666/dir 777

Umask + value Umask 022

Can be added by adding a file. BASHRC Permanent Entry

Umaks essentially blocks the corresponding bits of the maximum permissions from the directory or file, resulting in default permissions.

Umask 125

Maximum Permissions 110 110 110 666

Binary: 001 010 101 125

110 100 010 642

Table of Contents: Dir 777-umask Direct subtraction calculation

Files: File 666-umask with Odd plus 1, even reserved

Umask 127

Touch FFF

666-127=54-1

=640

-rw-r-----

Umask-s

Directly Show file permissions

Umask-p output can be called

Non-privileged user umask is 002

Root Umask is 022.

Umask: View

Umask #: Setting

File owner |  File belongs to Group user | Other users

R W x |  R W x | R W X

4 2 1 |  4 2 1 | 4 2 1

Special permissions

SUID s 4

Sgid s 2

Sticky T 1

The permission number is preceded by a number in front of the original digital base

When started as a process, the owner of its process is the initiator, and the group of the process is the owner of the initiator

Special permissions take effect when the X Execute permission is in effect

ll

Suid

passwd

ll/usr/bin/passwd

-rwsr-xr-x

Suid is represented by the number 4

Normal user performs owner-owned permissions

In the file modification chmod u+s to pay attention to security issues, because most of the files are root users

Only valid for binary processes

Sgid

Group permissions

The root group has little permissions, fundamentally different from the root user

Sgid is represented by the number 2

CHOMD u-s,g-s/testdir

Effects on binary programs

In the directory, the new file under the directory belongs to the same group of the directory, and the new directory and subdirectory belong to the same group as the directory.

Sticky

Sticky bit

CHOMD O+t/testdir

You can create and delete your own files, but cannot delete other users ' files (root) except for users

Acting on the Directory

Chattr

Modifying a file's unique properties on the Linux second extended file system

-R recursively modifies the properties of the directory and its contents

Chattr +a user.txt lock User.txt Atime Read time

Chattr-a user.txt Elimination Atime time lock

Lsattr User.txt can show if the file is with a

Lsattr display file specific properties on Linux second extended file system

-R recursively lists the properties of the directory and the contents

-V Show file version

-a lists all files in the directory, including the. starting file attributes

Chattr prevent your files from being operated incorrectly

+ I cannot delete, rename, change

+ A can only increase

Lsattr Display Specific Properties

Acl:

Ability to add restricted privileges to enable flexible rights management

The Centos 7 default creation of XFS and Ext4 file systems has ACL functionality.

Prior to the Centos 7 release, the default Ext4 file system was manually created without ACL functionality.

Add Manually:

Tune2fs-o ACL/DVE/SDB1

Mount-o acl/dve/sbd1/mnt

ACL Effective Order: Owner, custom user, custom group, other person.

Setfacl setting file access control lists

-M: Changing the file's access control list

-M: Read access Control list entry changes from file

-X: Remove entries based on the Access control list in the file

-X: Read access control list entries from file and delete

-B: Remove all extended access control List entries

-K: Remove the default access control list

-N: Effective permission mask not recalculated

-D: Actions applied to the default Access control list

-R: Recursive operation subdirectory

-V: Displays the version and exits

Setfacl-m u:zczx:rwx

User

-M g:zczx:0

Group

Setfacl-x U:ZCZX F1

-X g:zczx fi

Clear ACL permissions

Setfacl-b

Completely clear the ACL traces

Getfacl F1

You can see special permissions

U:wang

U:wangcai

Setfacl-x A.txt

Remove ACL permissions for list users in a file

Setfacl-m m::x F1 mask::--x

Once the ACL permissions have been set, modifying the G group's permissions equals modifying the Mask permission

Setfacl-m M::RW F1

Set the Mask permission

In addition to the owner's permissions, the permissions of other users and groups are limited to RW or not enough RW.

can only be compared to small and equal. (User and other do not affect)

Setfacl-m d:u:wangcai:rwx

Getfacl can see special permissions

Base ACL cannot be deleted

Setfacl-k dir Delete default ACL permissions

Setfacl-b file clears all ACL permissions

Getfacl F1 | Getfacl--set-file=-F2

Copy the ACL permissions for the F1 to F2

Cp-a f1/root/

Cp-p F1

Getfacl-r/tmp/dir1 > Acl.txt

Setfacl-r-b/tmp/dir1

Setfacl-r--set-file=acl.txt/tmp/dir1

Getfacl-r/tmp/dir1

mkdir test

Groupadd G1

Groupadd G2

Groupadd G3

CHGRP G1 Test

chmod 2770 Test

CHGRP G1 Test

Setfacl-m g:g2:rwx Test

Setfacl-m g:g3:rwx Test

Setfacl-m d:g:g2:rwx Test

Setfacl-m d:g:g3:rwx Test

Setfacl-m d:g:g3:r Test

Getfacl Test

Gpasswd-a User G2

This article is from the "zczx_" blog, please be sure to keep this source http://swzczx.blog.51cto.com/11767585/1834320

Use of Linux user groups and user Rights 2