Overview of user accounts and group accounts
Linux controls resource access based on user identity
- user account
- Super user, ordinary user, program user
- Group account
- Basic group (private group)
- Additional group (public group)
- UID and GID
- UID (User IDentity, user identification number)
- GID (Group IDentify, group identification number)
User account file
Save basic information such as user name, host directory, and login shell
- File location: /etc/passwd
- Each row corresponds to a user account record
Save user password, account validity period and other information
/etc/shadow
Add user account
useradd command
useradd [options] username
- -u: ------------------------------------ Specify how much UID
- -d: ------------------------------------Specify the host directory
- -e: ------------------------------------ Specify the account expiration time
- -g: ------------------------------------Specify user basic group
- -G: ------------------------------------Specify the user additional group, which can belong to the user group or Can belong to other
- -M: ------------------------------------Do not create a host directory
- -s: ------------------------------------Specify the login shelluser
Set/change user password passwd
passwd command
passwd [options] username
- -d: ------------------------------------clear password
- -l: ------------------------------------ lock account
- -s: ------------------------------------Check whether the account is locked
- -u:------------------------------------Unlock user account
Example:
passwd tom ##账户设置密码
passwd -l tom ##锁定tom
cat /etc/passwd ##看下tom
passwd -u tom ##解锁tom
passwd -l lisi ##会看到shadow lisi有2个锁定的”!“号
usermod -U lisi ##这个命令敲2次可以解锁
Modify the attributes of a user account usermod
usermod command
usermod [options] username
- -u ------------------------------------ modify user UID
- -d ------------------------------------ modify the user's home directory location
- -e ------------------------------------ Modify the user account expiration time can be YYYY-MM-DD date
- -g ------------------------------------ modify the user's basic group name
- -G ------------------------------------ modify the user's additional group name
- -s ------------------------------------Specify the user's login shell
- -l ------------------------------------ change user login name
- -L ------------------------------------ lock account
- -U ------------------------------------Unlock user account
Example:
usermod -l A B ##将B的登录名称改成A
mkdir /data ##创建A新的宿主目录/data
usermod -d /data A ##修改A的宿主目录
usermod -s /sbin/nologin A ##修改A的shell环境为:不能登录
Delete user account userdel
userdel command
userdel [-r] username
- When the -r option is added, it means to delete even the user's home directory
The initial configuration file of the user account 3 important hidden files
- .bash_profile --------The commands in the file will be executed every time the user logs in
- .bashrc --------The commands in the file are executed every time the /bin/Bash program (including login) is loaded
- .bash_logout --------The commands in the file will be executed every time you log out
Both .bashrc and .bash_profile are started on boot, and .bashrc is more refined than .bash_profile.
Bash_logout is understandable, wipe your ass, wipe your footprints after doing bad things.
Group account file
Similar to user account file
- /etc/group: save the basic information of the group account
- /etc/gshadow: save the password information of the group account
Add group account groupadd
groupadd command
groupadd [-g GID] group account name
Example:
groupadd -g 1000 market ##指定GID号
Add and delete group members gpasswd and group account groupdel
gpasswd command
gpasswd [option] group account name
- -a: --------------Add a user to the group
- -d: -------------- Remove a user member from the group
- -M: --------------Define the list of group members, separated by commas
groupdel command
groupdel group account name
Example:
groupdel market ##删除组账号market
Query account information
groups Username---------------View the group
id the user belongs to Username---------------View user information
finger Username--- ------------Query the detailed information of the user account
w, who, users command---------------Query the information of the user who has logged in to the host
File/directory permissions and ownership
access permission
- Read r: Allow to view file content and display directory list
- Write w: allow to modify the content of the file, allow to create, move and delete files or subdirectories in the directory
- Executable x: Allow programs and switch directories
Ownership (ownership)
- Owner: the user account that owns the file or directory
- Group: the group account that owns the file or directory
Set permissions of files and directories chmod
chmod [option] permission directory file name
- -R:----------------- Modify directory permissions recursively
- u:-----------------user owner
- g:-----------------group belongs to the group
- o:-----------------other other
- a:-----------------all all
- +:-----------------Add permissions
- -:-----------------Reduce permissions
- =:-----------------Set permissions
Set the ownership chown of files and directories
chown Owner: group file directory -----------------######Set the ownership of the file directory
-R------------ -----Recursively modify the ownership of the directory