Users and Permissions under Ubuntu (iii)

Seven, adding and deleting group-related commands

The same we will first introduce two important profiles:/etc/group and/etc/gshadow, the one in front is actually the same as/etc/passwd. The latter is the password table of the group. Let's see what it looks like:

root:x:0:

Adm:x:4:m,syslog

m:x:1000:

This is part of the intercepted/etc/group, each line is divided into four segments by a colon, and the first paragraph is the group name. The second paragraph is password, the third is the GID, and the fourth paragraph is the member of the group below.

We see that the fourth segment of root and group M is empty, and the fourth paragraph of the ADM Group has two members. Why is there such a difference? It turns out that each user-added group is divided into the main group and the secondary group, the main group refers to the user account was just established when the binding group, just to see the fourth paragraph inside the/etc/passwd can know the user's main group is which, to see the user m information m:x:1000:1000: M,,,:/home/m:/bin/bash Obviously the main group of user M is M. Then the name of each account will not be in the fourth paragraph of the main group in/etc/group today, because in some way this is self-evident or default, if a user is in the fourth paragraph now. That means that the group is not its primary group.

Another concept is called a valid group, although a user can add multiple groups and have corresponding permissions, but this is for files or folders that already exist. If a user wants to create a new file or folder, which group does it belong to? The answer is a valid group, which is where the user is located.

We know that at some point, a user can only be active within a group, even if he has access to other groups. For example, a leader manages three departments that have three groups, but each time he can only sit in a particular department office, he cannot sit in three offices at the same time, even if he has access to two other offices.

With the groups command, you can see all the groups that the current user belongs to, the first of which is a valid group for that user.

Use the NEWGRP command to toggle between active groups. A similar leader is going to have an office.

Then again by default, when a user logs on to Linux. Which is a valid group? Which is similar to the office that leads the first one every day? The answer is the main group above, where it is called the initial group. But no matter what the name, said is/ETC/PASSWD fourth paragraph that group.

root:*::
daemon:*::

M:!::

This is part of the interception of the/etc/gshadow. Each line is also divided into four segments by a colon, each of which is a group name, password, group administrator, member.

Password section if! or *, the reorganization cannot be logged in, that is, you cannot switch with NEWGRP.

Add Group command

GROUPADD-G/R groupname-g behind and GID, plus-r means that the system group is established, that is, the second column of/etc/gshadow becomes an asterisk or an exclamation mark.

Change Group command: Groupmod similar to Usermod. i.e.--groupmod [-g GID] [-N group_name]

Delete Group command: Groupdel groupname. However, there are some areas where this command should be noted, because in some cases it will fail because the initial group of the actual user is the group. So the binding should be removed first, that is, change the user's GID in/etc/passwd or delete the user directly.

Viii. Other Orders

1) In addition to the above groups can view the information of the group, another ID command. Can see a lot of other information, directly in the terminal to enter the ID is good, do not need to add a number of parameters.

2) passwd command passwd [-LUNXWS] Username

-L: Lock the password of the username account, and change the password bar within the/etc/shadow.
-U: Unlock the-l lock!
-N: The following number of days (number), the shortest number of days, that is, the fourth column within the/etc/shadow;
-X: The number of days to follow, the maximum number of days, i.e. the fifth column within the/etc/shadow;
-W: The number of days to follow (number), warning days, that is, the sixth column within the/etc/shadow;
-S: Displays information about the username at the moment.

Users and Permissions under Ubuntu (iii)