Write catalog title here
- 1. Overview of user and group accounts
-
- 2. User account file /etc/passwd
-
- 3. User account file /etc/shadow
-
- 4. Add user account useradd
-
- 5. Set/change user password passwd
-
- 6. Modify the attributes of the user account usermod
- Seven. Delete the user account userdel
- 8. The initial configuration file of the user account
- Nine.PATH variable
- 10. Group account file
- 11. Add group account groupadd
- 12. Add and delete group members gpasswd
- 13. Delete the group account groupdel
- 14. Query account information
- 15. Query account information finger command
- Sixteen. tty terminal switch
- 17. Permission and ownership of files/directories
- 18. Set permissions for files and directories chmod
- 19. Set the ownership chown of files and directories
- Twenty. Set the default permissions umask of directories and files
1. Overview of user and group accounts
1. Linux controls resource access based on user identity
User accounts:
super user, ordinary user, program user
Super user: root user is the default super user account in the Linux operating system, and has the highest authority to the host. The super user in the system is only
Ordinary user: created by the root user or other administrator users, the owner's authority will be restricted, and generally only have complete data in the user's own home directory
Program users: When installing the Linux operating system and some applications, certain low-privileged user accounts are added. These users are generally not allowed to log in to the system and are only used to maintain the normal operation of the system or a program, such as bin, daemon, ftp, mail, etc.
Group account:
Basic group (private group)-user-created own group
Additional group (public group) -additional group added to user
Basic group (private group): There is only one basic group account, usually the group specified when creating a user. The 4th field recorded in the /etc/passwd file is the user's basic group GID number
Additional group (public group): In addition to the basic group, the user adds a specified group
UID and GID:
UID: user identification number
GID: group identification number
The UID and GID number of the root user account are fixed to 0. The UID and GID number of the
program user account defaults to 1-499
. The UID and GID number of ordinary users default to 500 -60000
2. User account file /etc/passwd
Based on system operation and management needs, all users can access the contents of the passwd file, and only the root user can change it
Save basic information such as user name, home directory, login shell, etc.
File location: /etc/passwd
Each line corresponds to a user's account record
[root@localhost ~]# head -2 /etc/passwd
root: x:0:0:root :/root:/bin/bash
root: x:0:0:root: /root:/bin/bash
Field 1: User account name
Field 2: User password placeholder "x"
Field 3: User account UID number
Field 4: Belonging to the basic group account the GID number
field 5: full name
field 6: host directory
field 7: She1l login information (/ bin / bash to be landing system, / sbin / nologin and / bin / false to disable user login system)
3. User account file /etc/shadow
■Save the user's password, account validity period and other information
●File location: /etc/shadow
●Each line corresponds to a user's password record
[root@localhost ~]# head -2 /etc/shadow
[root@localhost ~]# tail -1 /etc/shadow
40 root:… :|18445:0:9999:7:::
Field 1: The name of the user account.
Field 2: Use MD5 encrypted password string information. When it is "*" or "!!", it means that the user cannot log in to the system. If the content of this field is empty, the user can log in to the system without a password
Field 3: The time of the last password modification, which means the number of days between the last password modification time from January 1, 1970
Field 4: The minimum number of days for the password to be valid. After the password is changed this time, at least this number of days must pass before the password can be changed again. The default value is 0, which means no restriction
Field 5: The maximum number of days the password is valid. After the password is changed this time, the password must be changed again after this number of days. The default value is 99999, which means no restriction
Field 6: How many days in advance to warn the user that the password will expire, the default value is 7
Field 7: How many days after the password expires to disable this user
Field 8: Account expiration time. This field specifies the number of days the user is invalidated (calculated from January 1, 1970). The default value is empty, which means the account is permanently available.
Field 9: reserved field (unused)
4. Add user account useradd
useradd命令
useradd [选项].. 用户名
Add user account useradd or adduser to
add the record of the user account at the end of the /etc/passwd file and /etc/shadow file.
If the group to which the user belongs is not clearly specified, a basic group account with the same name as the user account will be automatically created, and the record information of the group account will be saved to /etc/group and /etc/gshadow.
If the group to which the user belongs is not clearly specified, it will automatically Create a basic group account with the same name as the user account, and the record information of the group account will be saved in the /etc/group and /etc/gshadow files.
Common options
| -u | Specify the user's UID number and require that the UID number is not used by other users. |
|---|---|
| -d | Specify the user's home directory location (when used with -M, it does not take effect). Only use absolute path to specify directory |
| -e | Specify the user’s account expiration time, you can use the date format YYY -MM-DD |
| -g | Specify the user's basic group name (or use GID number), the corresponding group name must already exist |
| -G | Specify the user's additional group name (or use GID number), the corresponding group name must already exist |
| -M | Do not create a home directory |
| -s | Specify the user's login shell, (for example, /bin/bash is the login system, /sbin/nologin and /bin/false are forbidden users to log in to the system) |
-d useradd / ADMIN Wheel -g -G root admin1
useradd -e -s Vsbin 2021-12-31 / nologin admin2
create user
5. Set/change user password passwd
passwd [选项]..用户名
设置用户密码方法二: echo "密码" | passwd --stdin 用户名
The root user can specify the user name as a parameter to manage the password of the specified account; if the user name is not specified, modify the password of the current account.
Ordinary users can execute a single "passwd" command to change their password.
Common options
| -d | Clear the password of the specified user, and use only the user name to log in to the system |
|---|---|
| -l | Lock the user account, the locked user account will no longer be able to log in to the system |
| -s | View the status of the user account (whether it is locked) |
| -u | Unlock user account |
Lock user account:
[root@localhost ~]# passwd -l wangwu
锁定用户 wangwu 的密码 。
passwd: 操作成功
[root@localhost ~]# passwd -S wangwu
wangwu LK 2021-02-03 0 99999 7 -1 (密码已被锁定。)
[root@localhost ~]#
Unlock user account:
6. Modify the attributes of the user account usermod
usermod [选项]...用户名
以下选项与useradd命令中的含义相同
-u、-d、-e、 -9、 -G、-S
-u: modify the user's UID number
-d: modify the user's home directory location
-e: modify the user's account expiration time, you can use the date format of YYYY- -MM-DD
-g: modify the user's basic group name (or use GID number)
-G: modify the user's additional group name (or use GID number)
-s: specify the user's login shell.
-l: change the login name of the user account
-L: lock the user account
-∪: unlock the user account
Change the login name of the admin1 user to master
usermod -l admin1 master
and then cat /etc/passwd to view
Seven. Delete the user account userdel
userdel [-r] 用户名
添加“-r”选项时可以将该用户的宿主日录一并 删除
8. The initial configuration file of the user account
File source The
useradd command adds a new user account
and creates some initial configuration files in the user's home directory.
These files come from the account template directory /etc/skel/ and are basically hidden
files.
The main user initial profile
~/.bash_ profile
~/.bashrc
~/.bash_ logout
Initial configuration file of the user account
用户宿主目录下的初始配置文件只对当前用户有效
~/ .bash_ profile
#此文件中的命令将在该用户每次登录时被执行,它会设置一些环境变量,并且会调用该用户的~/.bashrc文件
~/ . bashrc
#此文件中的命令会在每次打开新的bash shel1时 (也包括登录系统)被执行,并且会调用/etc/bashrc文件
~/ . bash_ logout
#此文件中的命令将在用户每次退出登录或退出bashshell时执行
全局配置文件对所有用户有效
/etc/profile
#这个文件是为系统全局变量配置文件,可通过重启系统或者执行source /etc/profile 命令使profile文件被读取
/etc/profile.d/
#这个文件实际上是/etc/profile的子目录,存放的是--些应用程序所需的启动脚本
/etc/bashrc
#每一 -个运行bash shel1的用户都会执行此文件,可通过执行bash命令打开一-个新的bash she11时, 使bashrc文件被读取
vi /etc/bashrd
alias myls=' /bin/ls -lhr'
bash
type myls
Nine.PATH variable
The PATH variable is used to set the default search path of executable programs.
The principle of PATH is effective:
every time the system is started, the command is initialized, and /etc/profile and ~/.bash_ profile are executed. /etc/profile will
append the paths /usr/local/bin., /usr/bin, /usr/1ocal/sbin, and /usr/sbin to the PATH. Then call the script recorded in /etc/profile.d.
10. Group account file
Similar to the user account file
/etc/group: save the basic information of the group
account_ /etc/gshadow: save the password information of the group account
[root@localhost ~]# grep “postfix” /etc/group
mail: x:12:postfix ## Group member list
postfix: x:89: ###Group account name
Field 1: The name of the group account
Field 2: Placeholder "x"
Field 3: GID number of the group account
Field 4: User members included in the group account (--generally does not include the user account corresponding to the basic group), multiple members are separated by commas ","
11. Add group account groupadd
groupadd命令
groupadd [-g GID]组账号名
[root@localhost ~]# groupadd -g 1000 market ##Add group account
[root@localhost ~]# tail -1 /etc/group
market❌1000:
12. Add and delete group members gpasswd
gpasswd命令
设置组帐号密码(极少用)、添加/删除组成员
gpasswd [选项... 组帐号名
Common options
-a: add a user to the group
-d: delete a user member from the group
-M: define a list of group members, separated by commas
13. Delete the group account groupdel
groupdel命令
groupdel组帐号名
[root@localhost ~]# groupdel market #Delete group account market
[root@localhost ~]# grep “market” /etc/group
14. Query account information
查询账号信息
查询用户所属的组
groups [用户名]
id command
Query user identity.
id [user name]
15. Query account information finger command
查询用户账号的登录属性
注:需要先进行安装finger软件包
finger [用户名]
w, who, users commands
Query the information of users who have logged in to the host
Sixteen. tty terminal switch
Usually tty is used to abbreviate various types of terminal devices, Centos7 system, tty1 represents the graphic world and tty2-tty6 represents the text world, and you can use Ctrl+A1t+F1-F6 to switch.
Press Ctrl+Alt+F2 to log in, I execute the w command, and the terminal used is tty2.
pts indicates that it is connected with a remote tool, such as xshell, and the number after it represents the time sequence of login. The smaller the sign, the earlier the login
17. Permission and ownership of files/directories
Access permission
Read r: Allow to view file content and display directory list
Write w: allows to modify the content of the file, and allows to create, move, or delete files or subdirectories in the directory.
Executable x: allows running programs and switching directories
Ownership (ownership)
Owner: the user account that owns the file or directory
Group: the group account that owns the file or directory
File/directory permission
r--------4----------read
w-------2----------write
x--- -----1----------Execute (octal number).
(s) setuid: This bit allows ordinary users to run programs or commands that only the root account can run in the role of root user
18. Set permissions for files and directories chmod
chmod [ugoa] [±=] [rwx] file or directory...
U, g, O, and a represent owner, group, other users, and all users, respectively
+, -, and day respectively indicate adding, removing, and setting permissions
r, W, X represent read, write, and run permissions respectively
or
chmod nnn file or directory...
nnn means: 3-digit octal number
Common option
-R: recursively modify the permissions of all sub-items in the specified directory
19. Set the ownership chown of files and directories
chown命令
chown owner file or directory
chown zhangsan abc.sh
chown: group file or directory
chown: lisi abc.sh
chown owner: group file or directory
chown root: root abc.sh
Common options
-R: recursively modify the ownership of all files and subdirectories in the specified directory
Twenty. Set the default permissions umask of directories and files
The role of umask
1. Control
the permissions of newly created files or directories 2. The default permissions remove the permissions of umask for the permissions of newly created files or directories
umask
setting: umask 022 umask 查 觥: umask
Example
Set umask to 000, create a new directory or file, and view permissions.
Set umask to 022, create a new directory or file, and then view permissions
Set the default permissions of daily records and files. umask
specifies the user ’s default permissions when
creating new files or directories. The permissions of newly created files or directories are the default maximum permissions minus umake (the maximum default permissions for ordinary files are 6, and the maximum default permissions for directories are Permission is 7)
