1. Users and groups
The unique identification code of a user in a Linux system is a user ID, ie UID, and each user belongs to at least one group, which is a user group. There is a unique identification code for user groups, which is GID. Different users have different permissions.
1. Know the user account file /etc/passwd and the user shadow file /etc/shadow
cat /etc/passwd displays system user information
Each line contains information about a user, including seven domains, separated by: .
root:6x:0:0:root:/root:/bin/bash
First field: username
Second field: Password
The third field: UID
The fourth field: GID
The fifth field: the full name of the user name
The sixth field: the user's login directory
The seventh field: the shell type used by the user
cat /etc/shadow shows:
root:$1$HYFeV$E24GrTEYNjXQptoHpHOan.:16349:0:99999:7:::
Includes nine domains
(1) Account name: Since the password also needs to correspond to the account, it must be the same as the account in /etc/passwd.
(2) Password: This is the real password, and it is an encoded password. Only root can read and write. If the first character in the password column is '*' or '#', it means this account will not be used to log in.
(3) Date of last password change: This time is the time interval (number of days) from January 1, 1970 to the last password change.
(4) The minimum number of days between two password changes: The fourth field records how many days the account password needs to pass before it can be changed.
(5) The maximum number of days between two password changes
(6) How many days in advance to warn the user that the password will expire
(7) How many days after the password expires to disable this user
(8) Account expiration date: the number of days from January 1, 1970
(9) Reserved fields. Unused.
2. Know the group account file /etc/group and the user group shadow file /etc/gshadow
The setting of user groups is to facilitate checking and setting the access rights of files or directories. Example: In order for some users to have permission to view a certain file, such as a timetable, the person who writes the timetable must have the permission to read, write and execute. We want some users to know the content of the timetable and not allow them to modify it , so we can assign these users to a group (using the chgrp command), and then modify the permissions of this file (using the chmod command) to make the user group readable (using the chgrp command to attribute this file to this group), so Each user under the user group is readable, and other users cannot access it.
Cat /etc/group shows
group_name:passwd:GID:user_list
The gshadow directory does not introduce
2. User Management
To realize the management of user accounts, the work to be completed mainly includes the following aspects:
a. Add, delete and modify user accounts.
b. Management of user passwords.
Management of Linux user accounts
The management of user accounts mainly involves adding, deleting and modifying user accounts.
Adding a user account is to create a new account in the system, and then assign resources such as user number, user group, home directory, and login shell to the new account. The account just added is locked and cannot be used.
1. To add a new user account, use the useradd command, the syntax is as follows:
useradd option user name
The meanings of each option are as follows:
-c comment specifies a commentary description.
The -d directory specifies the user's home directory. If this directory does not exist, use the -m option at the same time to create the home directory.
-g usergroup Specifies the usergroup to which the user belongs .
-G usergroup,usergroup Specifies additional groups to which the user belongs. (Set new users to other groups)
-s Shell file specifies the user's login shell.
-u user number specifies the user number of the user . If there is the -o option at the same time, the identification number of other users can be reused.
-p This command is required to provide the encrypted password of md5 code, ordinary numbers are not acceptable.
Example 1:
# useradd -d /usr/sam -m sam
This command creates a user sam, where the -d and -m options are used to generate a home directory /usr/sam for the login name sam (/usr is the default user parent directory of the home directory).
Example 2:
# useradd -s /bin/sh -g group -G adm,root gem
This command creates a new user gem, the user's login shell is /bin/sh, he belongs to the group user group, and at the same time belongs to adm and The root user group, of which the group user group is its primary group.
A new group may be created here: groupadd group and groupadd adm
Adding a user account is to add a record for the new user in the /etc/passwd file, and update other system files, such as /etc/shadow, /etc/group, etc.
2. Delete account
If a user account is no longer used, it can be deleted from the system. Deleting a user account is to delete the user record in system files such as /etc/passwd, and delete the user's home directory if necessary. To delete an existing user account, use the userdel command, the format is as follows:
Code:
userdel option username
The commonly used option is -r, and its function is to delete the user's home directory together.
For example:
# userdel -r sam
This command deletes the records of user sam in system files (mainly /etc/passwd, /etc/shadow, /etc/group, etc.), and deletes the user's home directory at the same time.
3. Modifying the account
Modifying the user account is to change the relevant attributes of the user (chgrp is for files) according to the actual situation, such as user number, home directory, user group, login shell, etc.
Use the usermod command to modify the information of an existing user, the format is as follows:
code:
usermod option username [only the ultimate administrator has the authority to modify the account name, if you use the sudo command to authorize the ordinary account, it is also OK]
common options include -c, -d, -m, -g, -G, -s, -u, -o, etc., the meaning of these options is the same as in the useradd command, which can specify new resource values for users. In addition, some systems can use the following options:
Code:
-l new username
This option specifies a new account, that is, the original username is changed to a new username .
For example:
# usermod -s /bin/ksh -d /home/z -g developer sam
This command changes the login shell of user sam to ksh, the home directory to /home/z, and the user group to developer.
#usermod zte1 -g cheng
#This command is to change the group of user zte1 to cheng
4. View account properties
Format: id user1 displays the uid and gid of user1, and the default is the id information of the current user.
groups user1 Display the groups of user user1, the default is the group information of the current user.
Management of Linux user passwords
An important part of user management is the management of user accounts. The user account has no password when it is first created, and is locked by the system and cannot be used. It must be assigned a password before it can be used, even if it is an empty password.
The Shell command to specify and modify user password is passwd. End users can specify passwords for themselves and other users, and ordinary users can only modify their own passwords. The format of the command is:
Code:
passwd option username
Available options:
-l Lock the password, that is, disable the account.
-u Password to unlock.
-d makes the account without a password.
-f Forces the user to change the password at next login.
If the default username, modify the current user's password.
For example: Assuming that the current user is sam, the following command modifies the user's own password:
passwd
Old password:******
New password:********
Re-enter new password:***** **
If it is an end user, the password of any user can be specified in the following form:
passwd sam
New password:********
Re-enter new password:********
When ordinary users modify their own passwords, the passwd command will first ask the original password, and then require the user to enter the new password twice. If the passwords entered twice are the same, the password will be assigned to the user; and the final user will assign the password to the user. , you don't need to know the original password. For security reasons, users should choose complex passwords, preferably not less than 8-digit passwords, which contain uppercase and lowercase letters and numbers, and should be different from names, birthdays, etc.
When specifying an empty password for a user, execute a command of the form:
Code:
# passwd -d sam
The next time you log in, you can log in without entering a password.
This command deletes the password of user sam, so that the system will not ask for the password when user sam logs in next time.
The passwd command can also use the -l (lock) option to lock a user so that he cannot log in, for example:
code:
# passwd -l sam (when logging in again after shutting down, an authentication failure will occur)
3. Group management
Linux user group management
The management of user groups involves adding, deleting and modifying user groups. The addition, deletion and modification of groups actually update the /etc/group file.
1. Add a new user group using the groupadd command. The format is as follows:
Code:
groupadd option user group [After the user group is added, assign the user to the group with the chown and chgrp commands]
The options that can be used are:
-g GID Specifies the group identification number (GID) of the new user group.
-o is generally used together with the -g option, indicating that the GID of the new user group can be the same as the GID of the existing user group in the system.
Example 1:
# groupadd group1
This command adds a new group group1 to the system, and the group identification number of the new group is based on the current largest group identification number plus 1.
Example 2:
# groupadd -g 101 group2
This command adds a new group group2 to the system, and at the same time specifies that the group identification number of the new group is 101.
2. If you want to delete an existing user group, use the groupdel command, the format is as follows:
Code:
groupdel user group
For example:
# groupdel group1
This command deletes the group group1 from the system.
3. Modify the attributes of user groups using the groupmod command. Its syntax is as follows:
Code:
groupmod option user group
Commonly used options are:
-g GID specifies a new group identification number for the user group.
When the -o and -g options are used at the same time, the new GID of the user group can be the same as the GID of the existing user group in the system.
-n new user group Change the name of the user group to a new name
Example 1:
# groupmod -g 102 group2
This command changes the group identification number of the group group2 to 102.
Example 2:
# groupmod -g 10000 -n group3 group2
This command changes the identification number of group2 to 10000 and the group name to group3.
4. If a user belongs to multiple user groups at the same time, the user can switch between user groups in order to have the permissions of other user groups. After logging in, users can use the command newgrp to switch to other user groups. The parameter of this command is the target user group.
For example:
$ newgrp root
This command converts the current user to the root user group, provided that the root user group is indeed the user's main group or additional group. Similar to the management of user accounts, the management of user groups can also be done through integrated system management tools.
File attributes and permissions:
File permissions and attributes are a very important part of Linux. Today we will mainly look at the attributes of linux files.
- Linux operating system
- Basically, you need to use the root identity to view the Linux properties, so the first step is to log in as the root identity.
su root
- First of all, understand an important and commonly used command to view files, ls, ls means list, and the focus is to display the file name and related attributes of the file.
After logging in to Linux as root, execute ls -al to view the content;
Bring the parameter -al to list all the detailed permissions and attributes of the file, including hidden files (the file whose first character is "." in the file name is a hidden file)
- See the schematic diagram of file attributes in the results displayed by ls -al
The first character in the column indicates that the file is a "directory, file, or linked file, etc."
If it is [d], it means that the record is a directory;
If it is [-], it means it is a file;
If it is [ l ], it is expressed as a link file (linkfile);
If it is [b], it means the interface device available for storage in the device file;
If it is [c], it means the serial port device in the device file, such as keyboard and mouse.
The following characters are in groups of 3 and are all "rwx":
Where [r] stands for readable (read);
Where [w] stands for writable (write);
Where [x] stands for executable (execute);
The positions of these 3 permissions will not change. If there is no corresponding permission, a minus sign [-] will appear
- The second column indicates how many filenames are connected to this node (i-node)
The third list indicates the "owner account" of this file (or directory)
The fourth list indicates the user group to which this file belongs
The fifth column is the size of this file, the default unit is B
The sixth column is the file creation date or the latest modification date of this file
The seventh column is the file name
- For the detailed usage of ls, you can also use man ls to learn more
In Linux, a lot of attributes are added to each file, especially the user group, whose biggest use is in "data security". If you have a development team, in your team, you want everyone to be able to use the files in certain directories, but other people who are not on your team can't use it, then you can write the file permissions required by the team as 【-rwxrwx---】
2. Change file attributes and permissions
Here we introduce several commands that are commonly used for permissions of groups, owners, and various identities. As follows
chgrp: Change the group to which the file belongs
chown: change the file owner
chmod: change the permissions of the file ,
1. chmod command
The chmod command is very important and is used to change the access permissions of a file or directory. Users use it to control access to files or directories. There are two uses for this command. One is a text setting method including letters and operator expressions; the other is a number setting method including numbers.
Text setting method
chmod [who] [+ | - | =] [mode]
The meaning of each option in the file name command is:
the operation object who can be any one of the following letters or a combination of them:
u means "user (user )", the owner of the file or directory.
g means "users of the same group", that is, all users with the same group ID as the file owner.
o means "others".
a means "all (all) users". It is the system default.
Action symbols can be:
+ Adds a permission.
- Cancel a permission.
= grants the given permission and revokes all others (if any).
Any combination of the following letters can be used to set the permission indicated by mode:
r readable.
w is writable.
x is executable.
X The x attribute is appended only if the object file is executable for some users or if the object file is a directory.
s sets the owner or group ID of the process as the file owner of the file when the file is executed. The mode "u+s" sets the user ID bit of the file, and "g+s" sets the group ID bit.
t Save the text of the program to the swap device.
u has the same permissions as the file owner.
g has the same permissions as users in the same group as the file owner.
o Have the same permissions as other users.
File name: A list of files to change permissions separated by spaces, wildcards are supported.
Multiple permission methods can be given in one command line, separated by commas. For example: chmod g+r, o+r example
enables the same group and other users to have read permission on the file example.
Number setting method
We must first understand the meaning of the attributes represented by numbers: 0 means no permission, 1 means executable permission, 2 means writable permission, 4 means readable permission, and then add them up. So the format of the numeric attribute should be 3 octal numbers from 0 to 7 in the order (u)(g)(o).
For example, if you want the owner of a file to have "read/write" permissions, you need to set 4 (readable) + 2 (writable) = 6 (read/write). The general form of the digital setting method is:
chmod [mode] filename
2. chgrp command
Function: Change the group to which a file or directory belongs.
Syntax: chgrp [option] group filename
This command changes the user group to which the specified file belongs. Among them, group can be the ID of the user group, or the group name of the user group in the /etc/group file. The file name is a list of files separated by spaces to change the belonging group, and wildcards are supported. If the user is not the owner or superuser of the file, the group of the file cannot be changed.
The meanings of each option of this command are:
- R Recursively change the attribute group of the specified directory and all subdirectories and files under it.
Example 1: $ chgrp - R book /opt/local /book
Change the property group of all files in /opt/local /book/ and its subdirectories to book.
3. chown command
function: change the owner and group of a file or directory. This command is also very commonly used. For example, user root copies a file of his own to user xu. In order to allow user xu to access this file, root user should set the owner of this file to xu, otherwise, user xu cannot access this file.
Syntax: chown [Options] User or group file
description: chown changes the owner of the specified file to the specified user or group. user can be username or userid. Group can be a group name or a group ID. Files is a space-separated list of files to change permissions, wildcards are supported.
The meanings of the options of this command are as follows:
- R Recursively change the owner of the specified directory and all subdirectories and files under it.
-v Displays the work done by the chown command.
Example 1: Change the owner of the file shiyan.c to wang.
$ chown wang shiyan.c
Example 2: Change the owner of the directory /his and all files and subdirectories under it to wang, and the group to users.
$ chown -R wang:users /his
practise:
Output the numbers divisible by 3 in 1-30 :
Display the current user identity, view the logged-in user, and switch to root :
Read in the variable n ame, and display the prompt message "Please enter your name:" before entering the name (the input name is in pinyin format), and the length of the input name is limited to 9.
Read in the variable mima, and display the prompt message "Please enter your password:" before entering mima (the entered mima is in digital format), limit the length of the entered mima to 6, and it will not be displayed on the screen when entering the password.
Read in the variable x ingbie and set x ingbie to be empty if no value is assigned to x ingbie within 10 seconds . :
Create three users zte_a, zte_b, zte_c all belong to the users group:
Change the user name of zte_c to zte_c_remend, and change the group of zte_c_remend to root:
Set passwords for the three users respectively, which are the same as the user names:
Create a time directory under the root user, and create time.txt and time2.txt files in the time directory
Let the root user be able to wrx the time.txt in the time directory, and at the same time, other users are read-only.
Change the owner of time2.txt to zte_a, and only allow users belonging to the users user group to read the time2.txt file. Other users do not have any permissions. What is the permission of zte_a to time2.txt at this time:
The permission of zte_a to time2.txt is : rwx