Article Directory

Preface
1. User knowledge points
2. Configuration files of users and permissions
3. Operation commands for users and permissions
to sum up

Preface

Today I will introduce you to the users and permissions in Linux

1. User knowledge points

Account-based access control
Account category: user account, group account
Identification method: UID, GID
user account
Super user root, system user, ordinary user
group account
Basic group (private group)
additional group (subordinate group)

2. Configuration files of users and permissions

1./etc/passwd

Basic information of user accounts stored
in each user record line to: split into seven fields
Field 1: The user account name
field 2: password string or placeholder x
Field 3: UID number of user accounts
field 4: Basic belongs GID number of the group
Field 5: User's full name
Field 6: Home directory
Field 7: Path to login Shell program

2./etc/group

Save the basic information of the group account.
Each group record is divided into 4 fields.
Field 1: The name of the group account.
Field 2: The password placeholder. x
Field 3: The GID number of the group account.
Field 4: The members of the group. List

3./etc/gshadow

Save the management information of the group account.
Each group record is divided into 4 fields.
Field 1: The name of the group account.
Field 2: The encrypted password string.
Field 3: The administrator list of this group.
Field 4: The group's Member user list

3. Operation commands for users and permissions

1. User operation commands

useradd Add user
Format: useradd [options]... User name
Common command options
-u: Specify UID tag number
-d: Specify the home directory (home directory), the default is /home/user name
-G: Specify the additional group to belong
to- s: the login interpreter for the specified user

[root@localhost ~]# useradd nsd01
[root@localhost ~]# grep nsd01 /etc/passwd
[root@localhost ~]# id nsd01
[root@localhost ~]# useradd nsd02
[root@localhost ~]# grep nsd /etc/passwd
[root@localhost ~]# useradd -u 1200 nsd03
[root@localhost ~]# grep nsd /etc/passwd
[root@localhost ~]# useradd nsd04
[root@localhost ~]# grep nsd /etc/passwd
[root@localhost ~]# ls /home/
[root@localhost ~]# useradd -d /opt/nsd05 nsd05
[root@localhost ~]# ls /home/
[root@localhost ~]# ls /opt/
[root@localhost ~]# grep nsd /etc/passwd
[root@localhost ~]# cat /etc/shells 
[root@localhost ~]# useradd -s /sbin/nologin nsd06
[root@localhost ~]# grep nsd /etc/passwd
[root@localhost ~]# groupadd abc
[root@localhost ~]# useradd -G abc nsd07
[root@localhost ~]# id nsd07
[root@localhost ~]# useradd -G abc nsd08

usermod modify user
Format: usermod [options]... User name
Common command options
-l: change the login name of the user account
-u: user id
-d: home directory path
-s: login interpreter
-G: additional group // reset Additional group

[root@localhost ~]#  usermod -d /opt/nsd06 nsd06
[root@localhost ~]#  grep nsd /etc/passwd
[root@localhost ~]#  ls /opt/nsd06
[root@localhost ~]#  usermod -u 1500 nsd08
[root@localhost ~]#  grep nsd /etc/passwd
[root@localhost ~]#  id nsd08
[root@localhost ~]#  groupadd tarena
[root@localhost ~]#   usermod -G tarena nsd08
[root@localhost ~]#   id nsd08

The passwd command (set the password for the user)
format: passwd [option]... User name
Common command options
-stdin: take the password from standard input (such as pipe)

[root@localhost ~]#   passwd nsd01
[root@localhost ~]#   su - nsd01
[root@localhost ~]#  passwd nsd01
[root@localhost ~]#   passwd nsd02
[root@localhost ~]#  echo 123 | passwd --stdin nsd03

userdel Delete user
Format: userdel [-r] User name
Add -r option, home directory/user mail will also be deleted

[root@localhost ~]# userdel nsd01
[root@localhost ~]# ls /home/

[root@localhost ~]# rm -rf   /home/nsd01/
[root@localhost ~]# userdel  -r nsd02
[root@localhost ~]# ls /home/
<hr style=" border:solid; width:100px; height:1px;" color=#000000 size=1">

2. View permissions and set permissions

Access method (permission)
-read: allow to view the content-read r
-write: allow to modify the content-write w
-executable: allow to run and switch-execute x
permission applicable object (attribution) -owner
: own this file/ The user of the directory -user u
- Belonging to the group: the group that owns this file/directory -group g
-Other users: users other than the owner and the belonging group -other o

Use the ls -l command
-ls -ld file or directory...
start with -: text file starts with d: directory starts with l: shortcut
[root@localhost ~]# ls -ld /etc/
[root@localhost ~]# ls -l /etc/passwd
[root@localhost ~]# ls -l /etc/shadow

[root@localhost ~]# ls -ld /home/student

[root@localhost ~]# ls -ld /tmp

Common error messages: Permission denied: Insufficient permissions
Use the chmod command
– chmod [-R] Attribution ±= Permission category document...
[-R]: Set permissions recursively

[root@localhost ~]# mkdir /nsd01
[root@localhost ~]# ls -ld /nsd01/
[root@localhost ~]# chmod u-w /nsd01
[root@localhost ~]# ls -ld /nsd01/
[root@localhost ~]# chmod u+w /nsd01
[root@localhost ~]# ls -ld /nsd01/
[root@localhost ~]# chmod g+w /nsd01
[root@localhost ~]# ls -ld /nsd01
[root@localhost ~]# chmod g=r /nsd01
[root@localhost ~]# ls -ld /nsd01
[root@localhost ~]# chmod o=---  /nsd01
[root@localhost ~]# ls -ld /nsd01
[root@localhost ~]# chmod u=rwx,o=rx /nsd01
[root@localhost ~]# ls -ld /nsd01
[root@localhost ~]# chmod u=rwx,g=rx,o=rx /nsd01
[root@localhost ~]# ls -ld /nsd01
[root@localhost ~]# chmod ugo=rwx  /nsd01
[root@localhost ~]# ls -ld /nsd01

3. Additional permissions

Additional permissions (special permissions)
Set GID
occupies the x bit of the group (Group) is
displayed as s or S, depending on whether the group has x permissions
. Effective for the directory.
In a directory with SGID permissions, new documents will automatically inherit this Group identity

Let the child document automatically inherit the group identity of the parent directory

	[root@A ~]# mkdir /nsd07
	[root@A ~]#  chmod g+s /nsd07
	[root@A ~]# chmod g-s /nsd07
	[root@A ~]# chmod g-x  /nsd07
	[root@A ~]# chmod g+s /nsd07
	[root@A ~]# chmod g+x /nsd07
	[root@A ~]# chown :tarena /nsd07
	[root@A ~]#  mkdir /nsd07/aa
	[root@A ~]#  mkdir /nsd08
	[root@A ~]#  chown :tarena /nsd08
	[root@A ~]# mkdir /nsd08/bb
	[root@A ~]# chmod g+s /nsd08
	[root@A ~]#  mkdir /nsd08/cc
	[root@A ~]# touch /nsd08/a.txt
	[root@A ~]# ls -l /nsd08/a.txt

Set UID
? Attached to the x position of the
owner-the owner's authority identification will become s
-suitable for executable files, Set UID allows users to have the identity of the file owner and some permissions

[root@A ~]# /usr/bin/mkdir  /opt/haha
[root@A ~]# ls /opt/
[root@A ~]# cp /usr/bin/mkdir /usr/bin/xixidir
[root@A~]# ls /usr/bin/xixidir
[root@A ~]# /usr/bin/xixidir  /opt/abc
[root@A ~]# ls /opt/
[root@A ~]# chmod u+s  /usr/bin/xixidir 
[root@A ~]# ls -l  /usr/bin/xixidir
[root@A ~]# su - zhangsan
[zhangsan@A ~]$ /usr/bin/mkdir   dc01
[zhangsan@A ~]$ ls -l 
[zhangsan@A ~]$ /usr/bin/xixidir  dc02
[zhangsan@A ~]$ ls -l
[zahngsan@A ~]$ exit

Sticky Bit is
attached to other people's x-bits
-other people's permission identification will change to t
-suitable for directories with open w permissions, which can prevent users from abusing w write permissions (deleting other people's documents is prohibited)

[root@A ~]# mkdir  /nsd09
[root@A ~]#  ls -ld /nsd09
[root@A ~]#  chmod 777 /nsd09
[root@A ~]#  ls -ld /nsd09
分别切换用户lisi，用户zhangsan
[lisi@A ~]$ touch /nsd09/lisi.txt
[lisi@A ~]$ ls /nsd09/
[zhangsan@A ~]$ touch /nsd09/zhangsan.txt
[zhangsan@A ~]$ ls /nsd09
[lisi@A ~]$ rm -rf /nsd09/zhangsan.txt                      //删除成功
[zhangsan@A ~]$ rm -rf  /nsd09/lisi.txt                     //删除成功
    
[root@A ~]#  chmod o+t /nsd09
[root@A ~]# ls -ld /nsd09
分别切换用户lisi，用户zhangsan
[lisi@A ~]$ touch /nsd09/lisi.txt
[lisi@A ~]$ ls /nsd09/
[zhangsan@A ~]$ touch /nsd09/zhangsan.txt
[zhangsan@A ~]$ ls /nsd09
[lisi@A ~]$ rm -rf /nsd09/zhangsan.txt                      //删除失败
[zhangsan@A ~]$ rm -rf  /nsd09/lisi.txt                     //删除失败

4.acl permissions

acl access control list
? acl access policy
-can set independent permissions for individual users and individual groups
-most mounted EXT3/4 and XFS file systems are supported by default

Use of the setfacl and getfacl commands
Format: setfacl [options] u: user name: permissions file...
setfacl [options] g: group name: permissions file...
common command options
-m: define an ACL policy
-x: clear the specified ACL policy
-b: Clear all ACL policies that have been set
-R: Recursively set ACL policies

getfacl document... //View ACL policy

[root@A ~]# mkdir /nsd11
[root@A ~]# chmod o=--- /nsd11
[root@A ~]# ls -ld /nsd11
[root@A ~]# setfacl -m u:lisi:rwx /nsd11
[root@A ~]# setfacl -m u:zhangsan:rwx /nsd11
[root@A ~]# setfacl -m u:gelin01:rx /nsd11
[root@A ~]# setfacl -m u:gelin02:rx /nsd11
[root@A ~]# getfacl /nsd11
[root@A ~]# setfacl -x u:lisi /nsd11                    //删除用户lisi  ACL策略
[root@A ~]# getfacl /nsd11
[root@A ~]# setfacl -x u:zhangsan /nsd11      //删除用户zhangsan  ACL策略
[root@A ~]# getfacl /nsd11
[root@A ~]#  setfacl -b /nsd11                         //删除所有ACL策略
[root@A ~]#  getfacl /nsd11

to sum up

The above is what we are talking about today,
including the addition and setting of users and permissions. There are more content, and everyone will learn slowly.

Linux users and permissions are here!