Through the study of the first course, you should already know that Linux is an operating system that can realize multi-user login. For example, "Li Lei" and "Han Meimei" can both log in to the same host at the same time. They share some host resources, but They also have their own user space for storing their own files. But in fact their files are placed on the same physical disk or even in the same logical partition or directory, but due to Linux's user management and permission mechanism, different users cannot easily view and modify each other's files.
Let's learn the basics of account management under Linux.
2.1 View users
Please open a terminal and enter the command:
$ who am i
or
$ who mom likes
The first column of the output represents the user name of the user who opened the current pseudo terminal (to view the user name of the currently logged in user, remove the space and use it directly whoami ), the second column represents the pts/0 pseudo pts terminal, the so-called pseudo is relative to the /dev/tty device. Yes , remember the seven devices that use [Ctrl]+ [Alt]+ [F1]~[F7] to switch when we talked about the terminal in the previous section /dev/tty , this is the "real terminal", the pseudo terminal is when you use it in the graphical user interface /dev/tty7 , every time you open a terminal, it will generate a pseudo terminal Terminal, pts/0 the latter number represents the serial number of the opened pseudo-terminal, you can try to open another terminal, and then enter it in it who am i to see if the second column becomes pts/1 it, and the third column indicates the current pseudo-terminal startup time.
who Other common parameters of the command
| parameter | illustrate |
|---|---|
-a |
print everything that can be printed |
-d |
print dead processes |
-m |
with am i,mom likes |
-q |
Print the number of currently logged in users and their usernames |
-u |
Print the login information of the currently logged in user |
-r |
print runlevel |
2.2 Create user
In Linux systems, root accounts have the supreme rights of the entire system, such as creating/adding users.
Root authority, a type of system authority, and SYSTEM authority can be understood as a concept, but higher than Administrator authority, root is the super administrator user account in Linux and UNIX systems, this account has the supreme power of the entire system, all objects he All can be operated, so when many hackers invade the system, they have to escalate their privileges to root privileges. To understand them in the Windows way, they add their illegal accounts to the Administrators user group. For example, in the Android operating system (based on the Linux kernel), after obtaining the root authority, it means that you have obtained the highest authority of the mobile phone. At this time, you can perform all additions, deletions, changes, and inspections to any file (including system files) in the mobile phone. operation.
We usually log in as an ordinary account when we log in to the system. To create a user, root privileges are required, and sudo this command is used here. However, there are two major prerequisites for using this command. One is that you need to know the password of the currently logged in user, and the other is that the current user must be in the sudo user group. The shiyanlou user also belongs to the sudo user group (how to view and add user groups will be described later).
su, su- given sudo
su <user> You can switch to the user user, you need to enter the password of the target user when executing, sudo <cmd> you can run the cmd command at the privilege level, you need the current user to belong to the sudo group, and you need to enter the password of the current user. su - <user> The command is also to switch users, and the environment variables will also be changed to the environment variables of the target user.
Now we create a new user called lilei:
sudo adduser lilei
This command not only adds users to the system, but also creates a home directory for new users by default:
$ ls / home
Now that you have created a user and you can log in with the user you created, switch the login user with the following command:
$ su -l lilei
Enter the password for lilei you just set:
Exiting the current user is the same as exiting the terminal by using exit commands or using shortcut keys Ctrl+d.
2.3 User Groups
In Linux, each user has a belonging (user group). A user group is simply understood as a collection of users. They share some resources and permissions, and have private resources at the same time. (different users) belong to the same home (user group), you can jointly own this home (shared resources), parents treat you the same (sharing permissions), you occasionally write a diary, and others cannot view it without permission ( private resources and permissions). Of course, a user can belong to multiple user groups, just as you belong to both family, school or company.
How do you know which user groups you belong to in Linux?
Method 1: Use the groups command
$ groups shiyanlou
The colon indicates the user before the colon, and the user group to which the user belongs. Here you can see that the shiyanlou user belongs to the shiyanlou user group. If a user group is not specified each time a new user is created, a user group with the same name as the user name will be automatically created by default (which is almost equivalent to the meaning of parents, or the boss). By default in the sudo user group you can use the sudo command to gain root privileges. The shiyanlou user can also use the sudo command, why is it not displayed in the sudo user group? You can view the /etc/sudoers.d/shiyanlou file below, we /etc/sudoers.d created this file in the directory to give sudo permissions to the shiyanlou user:
Method 2: View the /etc/group file
$ cat /etc/group | sort
This cat command is used to read the contents of the specified file and print it to the terminal output, and its use will be described in detail later. | sort Indicates that the read text is sorted in a dictionary and then output, and then you will see a bunch of output as follows, you can see the user group information of shiyanlou at the bottom:
Didn't find it, that's ok, you can use the command to filter out some results you don't want to see:
$ cat /etc/group | grep -E "shiyanlou"
etc/group File format description
The content of /etc/group includes user group (Group), user group password, GID and the user (User) contained in the user group, one record for each user group. The format is as follows:
group_name:password:GID:user_list
The fact that you see the password field above as one x doesn't mean that the password is it, it just means that the password is not visible.
Add other users to sudo user group
By default, the newly created user does not have root privileges and is not in the sudo user group. You can add it to the sudo user group to gain root privileges:
$ su - l lilei
$ sudo ls
It will prompt that lilei is not in the sudoers file, which means that lilei is not in the sudo user group. As for the sudoers file (/etc/sudoers), you'd better not touch it now. Careless operation will lead to more troublesome consequences.
You can use usermod the command to add user groups for users. You must have root privileges to use this command. You can directly use the root user to add user groups to other users, or use the sudo command to obtain permissions for other users already in the sudo user group to execute this command. Order.
Here I execute the sudo command with the shiyanlou user to add lilei to the sudo user group, so that it can also use the sudo command to gain root privileges:
$ su shiyanlou # Here you need to enter the shiyanlou user password, click "SSH direct connection" on the right toolbar, you can see the password. $ groups lilei $ sudo usermod -G sudo lilei $ groups lilei
Then you switch back to the lilei user and you can now use sudo to gain root privileges.
Deleting a user is easy:
$ sudo deluser lilei --remove-home
3. Linux file permissions
File permissions are the access control permissions for files, that is, which users and groups can access the file and what operations can be performed.
Unix/Linux system is a typical multi-user system, different users are in different positions and have different access rights to files and directories. In order to protect the security of the system, in addition to strictly defining user permissions, Unix/Linux systems also carefully control user authentication, access control, transmission security, and file read and write permissions.
Every file or directory in Unix/Linux contains access rights, which determine who can access and how to access those files and directories.
3.1 View file permissions
We have used ls the command many times before. As you can see, we use it to list and display the files in the current directory. Of course, this is without any parameters. Of course, it can do more than that. Now we're going to use it to check file permissions.
List files using the longer format:
$ ls -l
You may not know the other items except that the last item is the file name, so what does it mean:
Maybe you still don’t quite understand. For example, what does the first file type and permissions mean, what is the link, and what is the last modification time. Let’s go through them one by one:
- file type
Regarding file types, here is one thing that you must always keep in mind that everything in Linux is a file, and it is because of this that there are device files ( /dev there are various device files in the directory, most of which are related to specific hardware devices). socket: Network socket, what is it specifically, interested users can learn about or look forward to the follow-up related courses in the laboratory building. pipe Pipeline, this thing is very important, we will discuss it later, here you first know that it exists. 软链接文件: There are two types of linked files, the other is of course "hard links" (hard links are not commonly used, the specific content is not the focus of this course, and soft links are equivalent to shortcuts on Windows, you must remember this enough).
- File Permissions
Read permission, which means that you can use cat <file name> commands such as to read the contents of a file; write permission, which means you can edit and modify a file; Execute permission, usually refers to binary program files or script files that can be run, just like Windows The exe suffix on the file, but Linux does not distinguish the type of file by the file suffix. One thing you need to pay attention to is that a directory must have both read and execute permissions to open and view internal files, and a directory must have write permissions to allow other files to be created in it, because the directory files are actually stored in the directory. list of files, etc.
Owner permissions, I believe you should understand this point. As for the permissions of the user group you belong to, it refers to the permissions of all other users in the user group you are in to the file. For example, if you have an Apad, then the permissions of this user group It determines whether your siblings have the right to use it to destroy it and possess it.
- number of links
The number of file names linked to the inode node where the file is located (this concept involves the relevant conceptual knowledge of the Linux file system, which is beyond the scope of this course, and interested users can learn it by themselves).
- File size
The file size is expressed in units of inode node size. You can add
-lhparameters to ls to view the file size more intuitively.
Understand some concepts of file permissions, let's add ls some other common usages of commands by the way:
- Displays all files except
.(current directory) and..(previous directory), including hidden files (files.starting with Linux are hidden files).
$ ls -A
Of course, you can use both -A and -l parameters:
$ ls -Al
View the full properties of a directory, instead of displaying the properties of the files in the directory:
$ ls -dl <directory name>
- Display all file sizes and render them in a way that normal humans can understand:
$ ls -AsSh
The small s is to display the file size, and the large S is to sort by file size. If you need to know how to sort in other ways, please use the "man" command to query.
Assuming that the lilei user is currently logged in, create a new file and name it "iphone6":
$ touch iphone6
Visible file owner is lilei:
Now, switch back to user shiyanlou and change the file owner to shiyanlou with the following command:
$ cd /home/ lilei
$ ls iphone6
$ sudo chown shiyanlou iphone6
Now check and find that the file owner has been successfully changed to shiyanlou:
If you have a file of your own that you do not want to be read, written, or executed by other users, then you need to modify the file permissions. There are two ways:
- Method 1: Binary digital representation
The three sets of permissions for each file (owner, user group, other users, remember this order is certain) corresponds to a " rwx ", which is a " 7 ", so if I want to have the permissions of the file " iphone6 " Change it to only I can use it then just like this:
To demonstrate, I'll add something to the file first:
$ echo "echo \"hello shiyanlou\"" > iphone6
Then modify the permissions:
$ chmod 700 iphone6
Now, other users can no longer read this "iphone6" file:
- Method 2: Addition and subtraction assignment operations
To accomplish the same effect as above, you can:
$ chmod go-rw iphone6
g, o and u respectively represent group, others and user, + and - respectively represent adding and removing corresponding permissions.
adduser What is the difference between and useradd ?
Answer: useradd only creates a user, and after creating it, use passwd lilei to set the password of the new user. adduser will create a user, create a directory, create a password (prompt you to set it), and do this series of operations. In fact, operations such as useradd and userdel are more like commands, which return after execution. And adduser is more like a program that requires you to enter, confirm and a series of operations.
Linux also has some content about hidden permissions and special permissions, users who want to fully understand this part of Linux permissions management can learn in other ways.