Use of Linux user groups and user Rights 2

Source: Internet
Author: User
Tags file permissions

Touch/etc/nologin

echo System is maintanining >>/etc/nologin

Can control all non-administrator root other than the normal user can not login


7 version inside

cd/run/

Touch/run/nologin

The same effect so that ordinary users can not login

Ehho Weihu >/run/nologin


Useradd-ou0 Root2

Generate an administrator user by forcing this into uid=0


Cp-r/etc/skel/. /home/zczx

Cp-r/etc/skl/. [^.] */HOME/ZCZX


Group


Groupadd

-G Specify GID number

-R Creating a system group

CentOS 6:id<500

CentOS 7:id<1000

Groupmod

-N New name

-G New GID


Groupdel

Deleting a secondary group does not remove the user's primary group.



gpasswd

-A User: Add user to the specified group

-D User: Remove users from the specified group

-A user1,user2,.....: Set up a list of users with administrative rights

-m specifies that the member function is similar to-a

-R: Remove password

-r: Restrict user login group, only group member can join with NEWGRP


NEWGRP command: Temporarily switch base Group

If the user does not belong to this group, a password is required



"Directly when the string output

"" Variable can identify

"Reverse reference, variable output

Specific output to see the use of



Permissions


R Read

W Write writing

X Excute Execution


File-rw-r--r--

rw-r--r--

User group Other


chmod

Change Mode Modify Permissions

chmod who opt per file ...

Who:u,g,o,a

pot:+,-, =

Per

chmod u=rwx F1

chmod a=rwx F1 everyone A

of the file

With r permission, can read text, but cannot modify text

W permission can be modified to write empty files, there is a certain danger, but no permission to delete files

With x permission, for an executable binary program or script

X: Does not increase X, (the premise itself has no X permission)

of the Catalog

R: You can view a list of files within a directory, but you cannot access the file, you cannot CD, and you cannot view the file's metadata

W: You can create or delete files to match x permissions.

x: can go into the directory, you can access the directory of files, do not display directory files, but can be directly accessed by the file name

x: does not increment X (the premise itself has no X permission)

The directory has W and X, write and execute permissions to manipulate the contents of the directory, you can delete files under the directory


Chmod-r a=rwx dir1/

Chmod-r a=rwx dir1/


Octal digits


Rw-r-----

1,101,000,002 binary

4,204,000,004 binary

6,408 binary

640:rw-r-----

755:rwxr-xr-x

CHOMD 640

Chomd

U file belongs to master permission

G Same group User rights

o Other user rights

A all users (including the above 3 types)


+ Add Permissions

-Cancel Permissions

= Unique Set permissions


chmod--reference/etc/shadow dir1 Reference file Dir1 permission settings



How to fix the user root directory is deleted

RM-RF Wangcai

Cp-r/etc/skel Wangcai

Chown-r Wangcai.wangcai Wangcai/

chmod Wangcai


Chown modifying the owner of a file

Change the owner or owning group for each file

-R recursively processes all files and subdirectories


Chgrp modifying the owner of a file

Change the group ownership of a file

-R recursively change the directory and the group ownership of its contents



Umask can be used to keep the Create file permission

-S: Displays the current mask as a character

-P: With umask beginning to display the current mask as a number


Umask + default per =file 666/dir 777

Umask + value Umask 022

Can be added by adding a file. BASHRC Permanent Entry


Umaks essentially blocks the corresponding bits of the maximum permissions from the directory or file, resulting in default permissions.

Umask 125

Maximum Permissions 110 110 110 666

Binary: 001 010 101 125

110 100 010 642

Table of Contents: Dir 777-umask Direct subtraction calculation

Files: File 666-umask with Odd plus 1, even reserved


Umask 127

Touch FFF

666-127=54-1

=640


-rw-r-----



Umask-s

Directly Show file permissions


Umask-p output can be called



Non-privileged user umask is 002

Root Umask is 022.

Umask: View

Umask #: Setting


File owner |  File belongs to Group user | Other users

R W x |  R W x | R W X

4 2 1 |  4 2 1 | 4 2 1




Special permissions

SUID s 4

Sgid s 2

Sticky T 1

The permission number is preceded by a number in front of the original digital base

When started as a process, the owner of its process is the initiator, and the group of the process is the owner of the initiator

Special permissions take effect when the X Execute permission is in effect


ll


Suid

passwd

ll/usr/bin/passwd

-rwsr-xr-x

Suid is represented by the number 4

Normal user performs owner-owned permissions

In the file modification chmod u+s to pay attention to security issues, because most of the files are root users

Only valid for binary processes



Sgid

Group permissions

The root group has little permissions, fundamentally different from the root user

Sgid is represented by the number 2

CHOMD u-s,g-s/testdir

Effects on binary programs

In the directory, the new file under the directory belongs to the same group of the directory, and the new directory and subdirectory belong to the same group as the directory.



Sticky

Sticky bit

CHOMD O+t/testdir

You can create and delete your own files, but cannot delete other users ' files (root) except for users

Acting on the Directory


Chattr

Modifying a file's unique properties on the Linux second extended file system

-R recursively modifies the properties of the directory and its contents



Chattr +a user.txt lock User.txt Atime Read time

Chattr-a user.txt Elimination Atime time lock

Lsattr User.txt can show if the file is with a

Lsattr display file specific properties on Linux second extended file system

-R recursively lists the properties of the directory and the contents

-V Show file version

-a lists all files in the directory, including the. starting file attributes



Chattr prevent your files from being operated incorrectly

+ I cannot delete, rename, change

+ A can only increase

Lsattr Display Specific Properties



Acl:

Ability to add restricted privileges to enable flexible rights management

The Centos 7 default creation of XFS and Ext4 file systems has ACL functionality.

Prior to the Centos 7 release, the default Ext4 file system was manually created without ACL functionality.

Add Manually:

Tune2fs-o ACL/DVE/SDB1

Mount-o acl/dve/sbd1/mnt

ACL Effective Order: Owner, custom user, custom group, other person.


Setfacl setting file access control lists

-M: Changing the file's access control list

-M: Read access Control list entry changes from file

-X: Remove entries based on the Access control list in the file

-X: Read access control list entries from file and delete

-B: Remove all extended access control List entries

-K: Remove the default access control list

-N: Effective permission mask not recalculated

-D: Actions applied to the default Access control list

-R: Recursive operation subdirectory

-V: Displays the version and exits


Setfacl-m u:zczx:rwx

User

-M g:zczx:0


Group

Setfacl-x U:ZCZX F1

-X g:zczx fi


Clear ACL permissions


Setfacl-b

Completely clear the ACL traces



Getfacl F1

You can see special permissions



U:wang

U:wangcai


Setfacl-x A.txt

Remove ACL permissions for list users in a file


Setfacl-m m::x F1 mask::--x

Once the ACL permissions have been set, modifying the G group's permissions equals modifying the Mask permission


Setfacl-m M::RW F1

Set the Mask permission

In addition to the owner's permissions, the permissions of other users and groups are limited to RW or not enough RW.

can only be compared to small and equal. (User and other do not affect)



Setfacl-m d:u:wangcai:rwx


Getfacl can see special permissions


Base ACL cannot be deleted

Setfacl-k dir Delete default ACL permissions

Setfacl-b file clears all ACL permissions


Getfacl F1 | Getfacl--set-file=-F2

Copy the ACL permissions for the F1 to F2


Cp-a f1/root/

Cp-p F1


Getfacl-r/tmp/dir1 > Acl.txt

Setfacl-r-b/tmp/dir1

Setfacl-r--set-file=acl.txt/tmp/dir1

Getfacl-r/tmp/dir1





mkdir test

Groupadd G1

Groupadd G2

Groupadd G3


CHGRP G1 Test

chmod 2770 Test

CHGRP G1 Test

Setfacl-m g:g2:rwx Test

Setfacl-m g:g3:rwx Test

Setfacl-m d:g:g2:rwx Test

Setfacl-m d:g:g3:rwx Test

Setfacl-m d:g:g3:r Test

Getfacl Test

Gpasswd-a User G2


This article is from the "zczx_" blog, please be sure to keep this source http://swzczx.blog.51cto.com/11767585/1834320

Use of Linux user groups and user Rights 2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.