Touch/etc/nologin
echo System is maintanining >>/etc/nologin
Can control all non-administrator root other than the normal user can not login
7 version inside
cd/run/
Touch/run/nologin
The same effect so that ordinary users can not login
Ehho Weihu >/run/nologin
Useradd-ou0 Root2
Generate an administrator user by forcing this into uid=0
Cp-r/etc/skel/. /home/zczx
Cp-r/etc/skl/. [^.] */HOME/ZCZX
Group
Groupadd
-G Specify GID number
-R Creating a system group
CentOS 6:id<500
CentOS 7:id<1000
Groupmod
-N New name
-G New GID
Groupdel
Deleting a secondary group does not remove the user's primary group.
gpasswd
-A User: Add user to the specified group
-D User: Remove users from the specified group
-A user1,user2,.....: Set up a list of users with administrative rights
-m specifies that the member function is similar to-a
-R: Remove password
-r: Restrict user login group, only group member can join with NEWGRP
NEWGRP command: Temporarily switch base Group
If the user does not belong to this group, a password is required
"Directly when the string output
"" Variable can identify
"Reverse reference, variable output
Specific output to see the use of
Permissions
R Read
W Write writing
X Excute Execution
File-rw-r--r--
rw-r--r--
User group Other
chmod
Change Mode Modify Permissions
chmod who opt per file ...
Who:u,g,o,a
pot:+,-, =
Per
chmod u=rwx F1
chmod a=rwx F1 everyone A
of the file
With r permission, can read text, but cannot modify text
W permission can be modified to write empty files, there is a certain danger, but no permission to delete files
With x permission, for an executable binary program or script
X: Does not increase X, (the premise itself has no X permission)
of the Catalog
R: You can view a list of files within a directory, but you cannot access the file, you cannot CD, and you cannot view the file's metadata
W: You can create or delete files to match x permissions.
x: can go into the directory, you can access the directory of files, do not display directory files, but can be directly accessed by the file name
x: does not increment X (the premise itself has no X permission)
The directory has W and X, write and execute permissions to manipulate the contents of the directory, you can delete files under the directory
Chmod-r a=rwx dir1/
Chmod-r a=rwx dir1/
Octal digits
Rw-r-----
1,101,000,002 binary
4,204,000,004 binary
6,408 binary
640:rw-r-----
755:rwxr-xr-x
CHOMD 640
Chomd
U file belongs to master permission
G Same group User rights
o Other user rights
A all users (including the above 3 types)
+ Add Permissions
-Cancel Permissions
= Unique Set permissions
chmod--reference/etc/shadow dir1 Reference file Dir1 permission settings
How to fix the user root directory is deleted
RM-RF Wangcai
Cp-r/etc/skel Wangcai
Chown-r Wangcai.wangcai Wangcai/
chmod Wangcai
Chown modifying the owner of a file
Change the owner or owning group for each file
-R recursively processes all files and subdirectories
Chgrp modifying the owner of a file
Change the group ownership of a file
-R recursively change the directory and the group ownership of its contents
Umask can be used to keep the Create file permission
-S: Displays the current mask as a character
-P: With umask beginning to display the current mask as a number
Umask + default per =file 666/dir 777
Umask + value Umask 022
Can be added by adding a file. BASHRC Permanent Entry
Umaks essentially blocks the corresponding bits of the maximum permissions from the directory or file, resulting in default permissions.
Umask 125
Maximum Permissions 110 110 110 666
Binary: 001 010 101 125
110 100 010 642
Table of Contents: Dir 777-umask Direct subtraction calculation
Files: File 666-umask with Odd plus 1, even reserved
Umask 127
Touch FFF
666-127=54-1
=640
-rw-r-----
Umask-s
Directly Show file permissions
Umask-p output can be called
Non-privileged user umask is 002
Root Umask is 022.
Umask: View
Umask #: Setting
File owner | File belongs to Group user | Other users
R W x | R W x | R W X
4 2 1 | 4 2 1 | 4 2 1
Special permissions
SUID s 4
Sgid s 2
Sticky T 1
The permission number is preceded by a number in front of the original digital base
When started as a process, the owner of its process is the initiator, and the group of the process is the owner of the initiator
Special permissions take effect when the X Execute permission is in effect
ll
Suid
passwd
ll/usr/bin/passwd
-rwsr-xr-x
Suid is represented by the number 4
Normal user performs owner-owned permissions
In the file modification chmod u+s to pay attention to security issues, because most of the files are root users
Only valid for binary processes
Sgid
Group permissions
The root group has little permissions, fundamentally different from the root user
Sgid is represented by the number 2
CHOMD u-s,g-s/testdir
Effects on binary programs
In the directory, the new file under the directory belongs to the same group of the directory, and the new directory and subdirectory belong to the same group as the directory.
Sticky
Sticky bit
CHOMD O+t/testdir
You can create and delete your own files, but cannot delete other users ' files (root) except for users
Acting on the Directory
Chattr
Modifying a file's unique properties on the Linux second extended file system
-R recursively modifies the properties of the directory and its contents
Chattr +a user.txt lock User.txt Atime Read time
Chattr-a user.txt Elimination Atime time lock
Lsattr User.txt can show if the file is with a
Lsattr display file specific properties on Linux second extended file system
-R recursively lists the properties of the directory and the contents
-V Show file version
-a lists all files in the directory, including the. starting file attributes
Chattr prevent your files from being operated incorrectly
+ I cannot delete, rename, change
+ A can only increase
Lsattr Display Specific Properties
Acl:
Ability to add restricted privileges to enable flexible rights management
The Centos 7 default creation of XFS and Ext4 file systems has ACL functionality.
Prior to the Centos 7 release, the default Ext4 file system was manually created without ACL functionality.
Add Manually:
Tune2fs-o ACL/DVE/SDB1
Mount-o acl/dve/sbd1/mnt
ACL Effective Order: Owner, custom user, custom group, other person.
Setfacl setting file access control lists
-M: Changing the file's access control list
-M: Read access Control list entry changes from file
-X: Remove entries based on the Access control list in the file
-X: Read access control list entries from file and delete
-B: Remove all extended access control List entries
-K: Remove the default access control list
-N: Effective permission mask not recalculated
-D: Actions applied to the default Access control list
-R: Recursive operation subdirectory
-V: Displays the version and exits
Setfacl-m u:zczx:rwx
User
-M g:zczx:0
Group
Setfacl-x U:ZCZX F1
-X g:zczx fi
Clear ACL permissions
Setfacl-b
Completely clear the ACL traces
Getfacl F1
You can see special permissions
U:wang
U:wangcai
Setfacl-x A.txt
Remove ACL permissions for list users in a file
Setfacl-m m::x F1 mask::--x
Once the ACL permissions have been set, modifying the G group's permissions equals modifying the Mask permission
Setfacl-m M::RW F1
Set the Mask permission
In addition to the owner's permissions, the permissions of other users and groups are limited to RW or not enough RW.
can only be compared to small and equal. (User and other do not affect)
Setfacl-m d:u:wangcai:rwx
Getfacl can see special permissions
Base ACL cannot be deleted
Setfacl-k dir Delete default ACL permissions
Setfacl-b file clears all ACL permissions
Getfacl F1 | Getfacl--set-file=-F2
Copy the ACL permissions for the F1 to F2
Cp-a f1/root/
Cp-p F1
Getfacl-r/tmp/dir1 > Acl.txt
Setfacl-r-b/tmp/dir1
Setfacl-r--set-file=acl.txt/tmp/dir1
Getfacl-r/tmp/dir1
mkdir test
Groupadd G1
Groupadd G2
Groupadd G3
CHGRP G1 Test
chmod 2770 Test
CHGRP G1 Test
Setfacl-m g:g2:rwx Test
Setfacl-m g:g3:rwx Test
Setfacl-m d:g:g2:rwx Test
Setfacl-m d:g:g3:rwx Test
Setfacl-m d:g:g3:r Test
Getfacl Test
Gpasswd-a User G2
This article is from the "zczx_" blog, please be sure to keep this source http://swzczx.blog.51cto.com/11767585/1834320
Use of Linux user groups and user Rights 2