Article Directory
1. Manage user accounts
1.1 Overview of User Accounts
| user account | Description |
|---|---|
| root | The root user is the default super user account in the Linux operating system and has the highest authority on the host. The super user is the only one in the system. |
| general user | Created by the root user or other administrator users, the permissions will be limited, generally only have full permissions in the user's own home directory |
| Program user | When installing the Linux operating system and some applications, certain low-privileged user accounts are added. These users are generally not allowed to log in to the system and are only used to maintain the normal operation of the system or a program, such as bin, daemon, ftp, mail etc. |
1.2 Group accounts
| Group account | Description |
|---|---|
| Basic group (private group) | There is only one basic group account, which is generally the group specified when creating a user. The 4th field recorded in the /etc/passwd file is the user's basic group GID number |
| Additional group (public group) | In addition to the basic group, the user adds a specified group. |
1.3 UID and GID
UID: User identification number
GID: Group identification number
The UID and GID number of the root user account are fixed values 0 The UID and GID number of the
program user account defaults to 1~499
The UID and GID number of ordinary users defaults to 500~60,000
1.4 User account files
The user account, password and other information in the Linux system are all saved in the corresponding configuration file. You can manage the user account by directly modifying these files or using user management commands.
There are two main configuration files related to user accounts, namely /etc/passwd and /etc/shadow. The former is used to save basic information such as the user name, host directory, and login shell, while the latter is used to save the user's password, account validity period and other information. In these two configuration files, each line corresponds to a user account, and different configuration items are separated by a colon ":".
1.41 User account file /etc/passwd
-
Save basic information such as user name, home directory, login shell, etc.
-
File location: /etc/passwd
-
Each row corresponds to a user’s account record
Based on system operation and management needs, all users can access the contents of the /etc/passwd file, but only the root user can make changes.
In the early UNIX operating system, the password information of the user account is stored in the passwd file. Unscrupulous users can easily obtain the password string and perform brute force cracking, so there are certain security risks. After improvement, the password was transferred to a special shadow file, and only the password placeholder "x" was kept in the passwd file.
Each row corresponds to a user's account record
root:x:0:0:root:/root:/bin/bash
字段1:用户帐号的名称 (root)
字段2:用户密码占位符“x”(x)
字段3:用户帐号的UID号(0)
字段4:所属基本组帐号的GID号(0)
字段5:用户全名(root)
字段6:宿主目录(/root)
字段7:登录Shell信息(/bin/bash为可登陆系统,/sbin/nologin和/bin/false为禁止用户登陆系统;)
注:字段7中/bin/nologin登录时被拒绝,有提示拒绝登录;/bin/false 没有提示
1.42 User account file /etc/shadow
■Save the user's password, account validity period and other information.
By default, only the root user can read the content in the /etc/shadow file, and it is not allowed to directly edit the content in the file.
Each line corresponds to a user’s password record with
9 fields (separated by:)
root:$6$VyOUGqOC$v5HlLM1wagZC/FwGfnrtJFnlT:18445:0:99999:7:::
字段1:用户帐号的名称(root)
字段2:使用MD5加密的密码字串信息,当为“*”或“!!”时表示此用户不能登录到系统。若该字段内容为空,则该用户无须密码即可登录系统($6$VyOUGqOC$v5HlLM1wagZC/FwGfnrtJFnlT)
字段3:上次修改密码的时间,表示从1970年01月01日算起到最近一次修改密码时间隔的天数(18445)
字段4:密码的最短有效天数,自本次修改密码后,必须至少经过该天数才能再次修改密码。默认值为0,表示不进行限制(0)
字段5:密码的最长有效天数,自本次修改密码后,经过该天数以后必须再次修改密码。默认值为99999,表示不进行限制(99999)
字段6:提前多少天警告用户密码将过期,默认值为7(7)
字段7:在密码过期之后多少天禁用此用户(空)
字段8:帐号失效时间,此字段指定了用户作废的天数(从1970年01月01日起计算),默认值为空,表示账号永久可用。(空)
字段9:保留字段(未使用)(空)
注:字段7、8、9使用较少,一般使用默认,了解即可
1.5 User account management
1.5.1 Add user account useradd or adduser
Add the record of the user account at the end of the /etc/passwd file and /etc/shadow file.
If the user's home directory is not explicitly specified, a home directory with the same name as the user account will be automatically created in the /home directory, and various initial configuration files of the user will be created in this directory.
If the group to which the user belongs is not clearly specified, a basic group account with the same name as the user account will be automatically created, and the record information of the group account will be saved in the /etc/group and /etc/gshadow files.
When using useradd or adduser to add a user, you cannot perform any operations, because the user is not activated. Only after assigning a password to this user can it be activated and then can be operated.
格式:useradd [选项] 用户名
常用选项:
-u:指定用户的 UID 号,要求该 UID 号码未被其他用户使用。
-d:指定用户的宿主目录位置(当与-M 一起使用时,不生效)。
-e:指定用户的账户失效时间,可使用 YYYY-MM-DD 的日期格式。
-g:指定用户的基本组名(或使用 GID 号),对应的组名必须已存在。
-G:指定用户的附加组名(或使用 GID 号),对应的组名必须已存在。
-M:不建立宿主目录。
-s:指定用户的登录 Shell,(比如/bin/bash为可登陆系统,/sbin/nologin和/bin/false为禁止用户登陆系统)。
例如:
useradd -d /admin -g wheel -G root admin1
useradd -e 2020-12-31 -s /sbin/nologin admin2
Adding the user account zhangsan When adding the user account zhangsan, the user's directory is
created at the same time. A user named lisi is created. The UID number is 2000. Specify the user's additional group name zhangsan. Do not create a host directory and specify the user's account Expiration time 2021-12-31
1.5.2 Set password passwd for user account
The root user can specify the user name as a parameter to manage the password of the specified account.
Ordinary users can only execute a single "passwd" command to modify their passwords.
命令格式:passwd [选项] 用户名
常用选项:
-d:清空指定用户的密码,仅使用用户名即可登录系统。
-l:锁定用户账户,锁定的用户账号将无法再登录系统。
-S:查看用户账户的状态(是否被锁定)。
-u:解锁用户账户。(-u解锁时,如果没有密码会提示,需要使用-f强制解锁)
Set the password After
clearing the password, you can log in directly
1.5.3 Modify the attributes of a user account usermod
命令格式:usermod [选项] 用户名
常用选项:
-u:修改用户的 UID 号。
-d:修改用户的宿主目录位置。
-e:修改用户的账户失效时间,可使用 YYYY-MM-DD 的日期格式。
-g:修改用户的基本组名(或使用 GID 号)。
-G:修改用户的附加组名(或使用 GID 号)。
-s:指定用户的登录 Shell。
-l:更改用户账号的登录名称。
-L:锁定用户账户。
-U:解锁用户账户。
Change the login name of the zhengsan user to wangwu
1.5.4 Delete user account userdel
命令格式:userdel [-r] 用户名
添加“-r”选项时可以将该用户的宿主目录一并删除
Create a chenliu account and delete it with -r, you can find that the host directory is deleted.
If the host directory to be deleted contains other accounts, the host directory will not be deleted
2. Management group account
2.1 Group account management
2. .1 Set of account files
/etc/group:保存组帐号基本信息
/etc/gshadow:保存组帐号的密码信息
[root@promote home]#grep "ceshi1" /etc/group
ceshi:x:1002:ceshi1
ceshi1:x:1003:
字段1:组帐号的名称
字段2:占位符“x”
字段3:组账号的GID号
字段4:组账号包含的用户成员(一般不包括基本组对应的用户帐号),多个成员之间以逗号“,”分隔
2.1.2 Add group account groupadd
添加组账号
命令格式:groupadd [-g GID] 组账号名
删除组账号
命令格式:groupdel 组账号名
示例:groupadd -g 2000 ceshi2 添加一个组账号名为ceshi2,GID号为2000的组账号
tail -1 /etc/group 查看此文档的最后一行,一般最后一行就是刚添加的
Add a group account named class01
2.1.3 Add and delete group members gpasswd
命令格式:gpasswd [选项] 组账号名
常用选项:
-a:向组内添加一个用户
-d:从组内删除一个用户成员
-M:定义组成员列表,以逗号分隔
2.1.4 Delete group account groupdel
groupdel 组账号名
Example
groupdel market 删除组账号market
grep "market" /etc/group
2.2 Query account information
2.2.1 Query the groups to which the user belongs
groups [用户名]
2.2.2 Query user identification id
id [用户名]
2.2.3 Query the detailed information of the user account finger
yum install -y finger 安装finger(版本可能不一样,可以直接Tab补齐)
finger [用户名]
2.2.4 Query the information of users who have logged in to the host
w 、who、users命令
Usually use tty to refer to various types of terminal equipment, Centos7 system, tty1 represents the graphical interface, tty2-tty6 represents the text interface, you can use ctrl+Alt+F1-F6 to switch.
Press Ctrl+Alt+F2 to log in, execute the w command, and check that the terminal used is tty2
pts indicates that it is connected with a remote tool, such as xshell, the number behind represents the time sequence of login, the smaller it proves the earlier the login
3. Permission and ownership of files
3.1 File/Directory Permission
Read r: allow to view the contents of files and display the directory list.
Write w: allow to modify the contents of files, and allow to create, move and delete files or subdirectories in the directory.
Executable x: allow to run programs and switch directories
| Permission item | read | write | carried out | . |
|---|---|---|---|---|
| Character representation | r | w | x | - |
| Digital representation (octal) | 4 | 2 | 1 | 0 |
3.2 Ownership (ownership)
| Attribution | Description |
|---|---|
| Owner | The user account that owns the file or directory |
| Belonging to the group | The group account that owns the file or directory |
3.3 View the permissions and ownership of files/directories
-rw-r--r--. 1 root root 0 1月 28 22:59 aa.txt
文件类型和权限 属主 属组
3.4 Set permissions of directories and files chmod
语法1:chmod [ugoa] [+-=] [rwx] 文件或目录...(+、-、= 分别表示增加、去除、设置权限)
(u、g、o、a 分别表示属主、属组、其他用户、所有用户)
(r,w,x权限字符可分别表示为8进制字符4,2,1,表示一个权限组合时需要将数字进行累加;如rwx=7,rw-r-r=644)
语法2:chmod nnn 文件或目录...(3位八进制数)
常用命令选项:-R:递归修改指定目录下所有子项的权限
3.5 Set the ownership chown of directories and files
chown 属主 文件或目录
chown :属组 文件或目录
chgrp 属组 文件或目录
chown 属主:属组 文件或目录
chown 属主.属组 文件或目录
-R:递归修改指定目录下所有子目录及文件的归属
3.6 Set the default permissions umask of directories and files
Umask function
specifies the default value of the current user's permission when
creating a new file or directory. The permission of the newly created file or directory is the default maximum permission minus umake (the maximum default permission for ordinary files is 6, and the maximum default permission for directories is 7)
1.umask Setting: umask 022
2. View of umask: umask
to sum up
Create public data storage directory
useradd user account-------add user account
groupadd group account-------add group account
chmod 777 user-------give users the highest authority (use with caution)
chown Owner user-----change the user’s owner
mkdir file name 1-----create a public directory
chmod 777 file name 1------change the public directory permissions to 777
so that the public data storage directory is just Built