1. User group
Because linux is a multi-tasking system , there may be many people working on the host. For example, there are 4 people ABCD working on the linux host, 3 ABC and 3 people are working on the same project and create a folder. This file can only be accessed by ABC 3 people, and no other users can enter it. Not a user group anymore.
It may be easy to understand by analogy. There are many students in a school divided into many classes to facilitate school management. In Linux, users (students) should also be managed in groups according to a certain strategy. Then, relative to you, your classmates are your users in the same group, and students in other classes are users who are not in the same group.
It happens that you have a set of very popular comics, you are the owner of the file (comic), and the owner of the file has the maximum permission to read, write, and execute the file. If you are willing to share files with users in the same group, you can give users in the same group (classmates) certain permissions to access your files, such as readable, non-writable, and executable. If you are willing to share comics with students from other classes, the owner of the file can also grant readable, non-writable and non-executable permissions to users who are not in the same group. In this way, the management of the access rights of different users to a certain file is realized . It all depends on the file owner to decide which user has what permissions to access the owner's file according to the actual situation. Of course, if you set the permission of your own file to 777, then all users have the same maximum permissions as the owner of the file, and you will lose absolute control over the file.
You can also understand it this way, the file owner should have higher permissions than the users in this group, and the permissions of users in this group should be higher than those of non-users in this group. As the file owner or root user, you cannot arbitrarily grant this group or non-group users the same permissions as the file owner, which will lead to security holes.
Hope this explains it to you.
2. User
Each time through a remote connection (SHH), the user name and password must be entered, and after entering, it will be under the /home/yonghu/ directory level.
Each user only has the permission under the current folder, and has no permission under other folders unless the owner grants permission.
Sudo can temporarily elevate permissions. For example, if you create a default.conf file in /etc/nginx/conf.d/, you need root permissions: sudo vim default.conf
The su command can elevate your user privileges to root, provided you have the correct password.
adduser name creates a user with root privileges followed by the command passwd name
3. User space and kernel space
4. User classification
1. System administrator: the root account, UID number 0, has all system permissions, it is similar to the administrator account in the Windows system, and is the owner of the entire system.
2. System user: The built-in account of linux to satisfy its own system management is usually automatically created during the installation process and cannot be used to log in to the operating system. UIDs are between 1-499. Users such as halt, mail, etc. in the above figure are such users. It is similar to the system account in Windows, of course, the permissions are far less high than the system account.
3. Custom user: an account created by the root administrator for the user to log in to the system for operation, and the UID is above 500. It is similar to an account in the users user group in Windows systems.
You can view your current user id and gourp id through the id command.
Linux users are divided into: owner, group, and other. In a Linux system, by default, all accounts and general identity users in the system, as well as root-related information, are recorded in the /etc/passwd file. Everyone's password is recorded in the /etc/shadow file. Additionally, all group names are recorded in /etc/group
5. File/directory permission settings
https://www.cnblogs.com/peida/archive/2012/11/29/2794010.html
Permission analysis:
Implemented through the chomd command
Usage 1:
chmod [who] [opt] [mode] file/directory name
where who represents the object, which is one or a combination of the following letters:
u: represents the owner of the file
g: represents the user in the same group
o: represents other users
a: represents all users
opt represents an operation, which can be:
+: add a permission
-: cancel a permission
=: grant a given permission and cancel the original permission
And mode represents permissions:
r: readable
w: writable
x: executable
Example: Increase read and write permissions for file a.txt for users in the same group: chmod g+rw a.txt
Usage 2:
chmod [mode] file name We regard rwx as a binary number, if there is, it will be represented by 1, if not, it will be represented by 0, then rwx rx r- - can be expressed as: 111 101 100 and then convert every three bits into a In decimal, it's 754.
Example: We want the permissions of the a.txt file to be:
Then, we first get the permission string according to the above table: rw-rw-r--, then the binary number is 110 110 100, and then every three digits are converted into a decimal number, and we get 664, so we execute the command: chmod 664a.txt
chmod -v u+w /etc/sudoers
-v display verbose processing information when running
6. Add a new user and authorize
root privileges: delete other users' passwords, or add a new superuser
https://www.cnblogs.com/cmi-sh-love/p/6683709.html