Users and permissions under Ubuntu (i)

Source: Internet
Author: User

First, the basis

Use the command "Ls-l" under a directory to get detailed information about the files in the directory, such as:

-RW-------1 m 30509 July 8 00:26 xsession-errors.old
Drwxr-xr-x 2 m 4096 April 15 19:59 public/
Drwxr-xr-x 2 m 4096 April 15 19:59 Template/
Drwxr-xr-x 2 m 4096 May 9 09:23 video/
Drwxr-xr-x 3 m 4096 July 2 16:56 Pictures/
Drwxr-xr-x 7 m 4096 June 30 17:09 Documents/
Drwxr-xr-x 2 m 4096 July 6 12:36 download/
Drwxr-xr-x 2 m 4096 July 6 12:37 Music/
Drwxr-xr-x 2 m 4096 July 8 10:13 Desktop/

In Linux, users are managed in this way: first dividing all users into groups (group), with several users under each group. So for a file or directory, its permissions are in three parts, the user itself (U), the group except for the other person Group (g), and then the people outside the groups, called Others (O), which are all together (a).

corresponding to the output of the Ls-l command, the first 10 characters of each line are the properties of the file or directory, the number one represents its file type, and the following 9 are divided into three groups, three characters per group, representing the permissions of the U, G, o three groups respectively. Linux file permissions are generally divided into three types: Read (R), write (W), Execution (x). As can be seen from the above, a group of permissions of three characters in the past, in turn, in order to read, write, execute, if the corresponding permissions will display the right to represent the character, if not the "-" said.

Second, chmod order

First of all, we have a table on the PO, we already know that each group has three permissions, each permission bit has two states, so the three-bit combination of 8 states, as follows:

Octal Binary FileMode

0---

1 001--x
2 010-w-

3 011-WX
4 r--
5 R-x
6 rw-
7 rwx

The purpose of this table is to simplify the representation of permissions without having to write all the letters every time, with a number that can be substituted. Then there are two ways to understand this chart:

1, each permission bit has two kinds of state, have or not, respectively, expressed as 0 or 1, then the eight state of authority is naturally three bit 0, 1 combination, each combination can be expressed in a octal number, as shown in the leftmost column of the table;

2, we give each permission to different values, R for 4,w for 2,x for 1,-0, then each group has the right to each of the values of the and.

In short, either way, our goal is to get the octal number in the leftmost column of the table. Below we use the chmod command to modify the permissions of a file.


Most basic: Chmod??? FileName each. A permission that represents a group. For example, chmod 777 filename gives all permissions to each group of filename.

Upgrade: chmod u/g/o/a +/-/= r/w/x This format, first give the group name to be given, such as U,ug,go,uo,a, if not write, the default is a; then the operator, + means add,-represents the removal, = represents the setting, and finally the combination of permissions, such as R,RW, WX and so on.

Example: chmod o + wx filename; chmod u-x filename; chmod + w filename; chmod go = r filename;

If you want to set different permissions for multiple groups individually, you need to separate them with commas, such as: chmod u-x, go = R filename


Iii. umask order (to be continued)

Iv. Super User Rights command: Su and sudo

Under Linux, there is only one superuser root, which has super privileges, and its home directory is/root. Others are ordinary users, the home directory is/home under the username named folder. One of the distinctive features of Ubuntu is that when you first use it, you can't log in to the system as root. This is going to start with the installation of the system. For other Linux systems, the root password is typically set during the installation process so that the user can log in to the root account or use the SU command to switch to Superuser status.   In contrast, the Ubuntu default installation does not set a password for the root user, nor does it enable the root account. The root user and the user who installed the system are different, unless the user name is named root when installed.

1, Su

Su is used to toggle the current user to the specified user in the format of the SU parameter username. When username is omitted, the default is root.

Commonly used parameters are:-L (login), which means changing the user's environment setting while also loading the user, can be abbreviated to--that is, omitting l;-p (), indicating that the setting of the environment variable is not changed;-c (command), which needs to be followed by a single quotation mark. Indicates that the switch to a user only executes this command, and then returns to the original user.

2, sudo

Su can switch directly to root to obtain the highest privileges, but this also increases the risk. In general, as a regular user only need to be in a few moments to use root permissions, ordinary users have enough permissions to run most of the commands. In this way, there is no need to switch to the root of the command before switching back.

Sudo was created to address this need. It only requires ordinary users to enter their own password instead of the root password can temporarily obtain root permissions, "temporary" is to run only one command, the finished loss of root permissions. A bit like the su-c above, but the latter requires the root password.
We can simply understand that Su gets a stable superuser (or other user rights), and Sudo gets a temporary restricted root privilege that expires after a period of time.

Of course sudo is much more than that, in fact, Sudo is a bit like a finely controlled su, not only to temporarily get root permissions, but also to gain access to other users, not only to get a user right to execute all the commands, but also to limit his execution of certain commands- It is dangerous and unnecessary to give permission to execute all commands only if you need to execute a few commands. The way to achieve this fine control is to modify the sudo configuration file.

The sudo profile is/etc/sudoers, and when you modify the profile, be sure to edit it using the Visudo tool, because the tool will automatically check the configuration syntax, and if you find an error, give a warning when you save the exit and indicate which configuration is wrong. This ensures that the configuration file is correct. Conversely, if you use other text editing programs, the system can have serious consequences if you make an error. The following is the Ubuntu default/etc/sudoers file content:

# User Privilege Specification

Root all= (All)

# members of the admin group may gain root privileges

%admin all= (All)

The first configuration is to allow the root user to use the sudo command to become any other type of user in the system. The second configuration stipulates that all members of the administrative group can execute all commands as root.

Example: Jorge All= (Root)/usr/bin/find,/bin/rm

The first column stipulates its applicable object: User or group, in this case, it is user Jorge. In addition, because groups and users in the system can have duplicate names, the name of the group object must begin with a percent sign to specify that the applicable object of the rule is a group rather than a user. The second column specifies the applicable host for this rule. This column is especially useful when we deploy the sudo environment between multiple systems, where all represents all hosts. However, this column is replaced with the appropriate host name for the desktop system or if you do not want to deploy sudo to multiple systems. The value in the third column is enclosed in parentheses, indicating in what capacity the user in the first column is able to execute the command. In this case, the value is set to root, which means that the user Jorge be able to run the commands listed later as the root user. This value can also be set as a wildcard character all,jorge can be used as any user in the system to execute the listed commands. The last column (i.e./usr/bin/find,/bin/rm) is a comma-separated command table that can be run by the user specified in the first column as indicated in the third column. In this case, the configuration allows Jorge to run the/usr/bin/find and/BIN/RM commands as Superuser. It is important to note that the commands listed here must use absolute paths.


sudo command The default switch user is root, in order to run the command as a non-root user, you must use the-u option to specify the user you want to serve, assuming that you are configured in Sudoers. For example, if you want to execute the LS command as Fred, you should do this: $ sudo-u Fred Ls/home/fred, the default is to switch to root when there is no "-U Fred".



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.