Article directory
question:
Description: When logging in to another server, it is found that the root user cannot operate the docker command, and only the docker group can operate it. The following commands are used to solve the problem. The follow-up is some learning summary.
groups //查看当前用户所属组 发现组是
sudo gpasswd -a root docker // 把root用户加到docker组中
Preface: User and Usergroup Concepts
Preface 1. Users
There are three types of users in Linux: super users, system users, and ordinary users.
Super user:
root has all operating rights, so don't easily operate files under the root account. In the character interface of the Linux operating system, the prompt of the root account is #, and by default, the UID of the root user is 0.System user:
The system user is a built-in user necessary for the normal operation of the Linux system, and is generally used for management services. System users cannot be used to log in, such as bin, daemon, lp and other users. The UIDs of system users are generally 1~499, and their shells are /sbin/nologin.Ordinary users:
Ordinary users are established to allow users to use Linux system resources, and the accounts created by users are generally ordinary accounts. On the character interface of the Linux operating system, the prompt for ordinary users is $, and the UID of ordinary users is 1000 to 60000 by default.
Preface 2. User Group
Basic group (private group):
When creating a user, a group with the same name as the user will be automatically created. For example, creating a mike user will create a mike group at the same time, and the mike user belongs to the mike group.
Additional group (shared group): other groups other than the basic group that the user belongs to
1. Add users and user groups
1. To add a user, first add a common user with the adduser command, the command is as follows:
adduser tommy //添加用户
passwd tommy //修改密码
groupadd tom //创建用户组
Second, view the user group command,
whoami //查看当前用户
id //查看当前用户信息
[root@www wei]# id wei
uid=1000(wei) gid=1000(wei) 组=1000(wei),10(wheel)
groups tom//查看用户所属组
cat /etc/groups //查看所有用户组
/
3. Manage user groups
Method 1, gpasswd command
用法:gpasswd[-a user][-d user][-A user,...][-M user,...][-r][-R]groupname
参数:
-a:添加用户到组
-d:从组删除用户
-A:指定管理员
-M:指定组成员和-A的用途差不多
-r:删除密码
-R:限制用户登入组,只有组中的成员才可以用newgrp加入该组
Example 1: How to add a user to a group?
gpasswd -a user1 group1
cat /etc/group //查看
group1:x:1011:user1,user2
Example 2: How to replace all members of a group?
gpasswd -M user2,user3 group1
cat /etc/group //查看,组中的用户全部被替换
group1:x:1011:user2,user3
Example 3: Delete a user in the group
gpasswd -d user1 group1
Method 2, newgrp command
newgrp: Temporarily switch the user group of the current user (the modified effective user group only works in a temporary environment, and it will become invalid after closing the shell, which is equivalent to a temporary environment variable)
Method 3, usermod command
usermod -g root tommy //Modify user tommy to belong to the root group
User group combat: granting root privileges to users
2. Give root permission
Method 1:
Modify the /etc/sudoers file, find the following line, and remove the previous comment (#)
%wheel ALL=(ALL) ALL
Then modify the user to belong to the root group (wheel), the command is as follows:
usermod -g root tommy
After modification, you can now log in with the tommy account, and then use the command su - to obtain root privileges for operations.
Method 2:
Modify the /etc/sudoers file, find the following line, and add a line under root, as follows:
root ALL=(ALL) ALL
tommy ALL=(ALL) ALL
After modification, you can now log in with the tommy account, and then use the command su - to obtain root privileges for operations.
Method 3: Modify the /etc/passwd file, find the following line, and change the user ID to 0, as shown below:
tommy:x:500:500:tommy:/home/tommy:/bin/bash
修改后如下
tommy:x:0:500:tommy:/home/tommy:/bin/bash
Save it, and after logging in with the tommy account, you will directly obtain the permissions of the root account.
Note: Although method 3 seems simple and convenient, it is generally not recommended, and method 2 is recommended.
4. Detailed explanation of file modification permission commands chmod, chgrp, chown
4.1, chmod command
chmod [who] [+ | – | =] [mode] file name//modify file operation permissions
4.1.1. Command options
命令中各选项的含义为:
操作对象who可是下述字母中的任一个或者它们的组合:
u 表示“用户(user)”,即文件或目录的所有者。
g 表示“同组(group)用户”,即与文件属主有相同组ID的所有用户。
o 表示“其他(others)用户”。
a 表示“所有(all)用户”。它是系统默认值。
操作符号可以是:
+ 添加某个权限。
– 取消某个权限。
= 赋予给定权限并取消其他所有权限(如果有的话)。
设置mode所表示的权限可用下述字母的任意组合:
r 可读。
w 可写。
x 可执行。
X 只有目标文件对某些用户是可执行的或该目标文件是目录时才追加x 属性。
s 在文件执行时把进程的属主或组ID置为该文件的文件属主。方式“u+s”设置文件的用户ID位,“g+s”设置组ID位。
t 保存程序的文本到交换设备上。
u 与文件属主拥有一样的权限。
g 与和文件属主同组的用户拥有一样的权限。
o 与其他用户拥有一样的权限。
-c : 若该档案权限确实已经更改,才显示其更改动作
-f : 若该档案权限无法被更改也不要显示错误讯息
-v : 显示权限变更的详细资料
-R : 对目前目录下的所有档案与子目录进行相同的权限变更(即以递回的方式逐个变更)
–help : 显示辅助说明
–version : 显示版本
文件名:以空格分开的要改变权限的文件列表,支持通配符。在一个命令行中可给出多个权限方式,其间用逗号隔开。例如:chmod g+r,o+r example使同组和其他用户对文件example 有读权限。
4.1.2. Text setting method
Example 1:
$ chmod a+x sort
即设定文件sort的属性为:
文件属主(u) 增加执行权限
与文件属主同组用户(g) 增加执行权限
其他用户(o) 增加执行权限
Example 2:
$ chmod ug+w,o-x text
即设定文件text的属性为:
文件属主(u) 增加写权限
与文件属主同组用户(g) 增加写权限
其他用户(o) 删除执行权限
Example 3:
$ chmod u+s a.out
假设执行chmod后a.out的权限为(可以用ls – l a.out命令来看):
–rws--x--x 1 inin users 7192 Nov 4 14:22 a.out
并且这个执行文件要用到一个文本文件shiyan1.c,其文件存取权限为“–rw——-”,即该文件只有其属主具有读写权限。
4.1.3. Digital setting method
We must first understand the meaning of the attributes represented by numbers: 0 means no permission, 1 means executable permission, 2 means writable permission, 4 means readable permission, and then add them up. So the format of the numeric attribute should be 3 octal numbers from 0 to 7 in the order (u)(g)(o).
For example, if you want the owner of a file to have "read/write" permissions, you need to set 4 (readable) + 2 (writable) = 6 (read/write).
The general form of the digital setting method is: chmod [mode] file name ¼
Example 1:
$ chmod 644 mm.txt
$ ls –l
即设定文件mm.txt的属性为:
-rw-r--r-- 1 inin users 1155 Nov 5 11:22 mm.txt
文件属主(u)inin 拥有读、写权限
与文件属主同组人用户(g) 拥有读权限
其他人(o) 拥有读权限
Example 2:
$ chmod 750 wch.txt
$ ls –l
-rwxr-x--- 1 inin users 44137 Nov 12 9:22 wchtxt
即设定wchtxt这个文件的属性为:
文件主本人(u)inin 可读/可写/可执行权
与文件主同组人(g) 可读/可执行权
其他人(o) 没有任何权限
4.2, chown command
Function: Change the owner and group of a file or directory. This command is also very commonly used. For example, user root copies a file of his own to user yusi. In order to allow user yusi to access this file, user root should set the owner of this file to yusi, otherwise, user yusi cannot access this file.
Syntax: chown [options] user or group file
4.2.1. Parameter description:
user : 新的档案拥有者的使用者 ID
group : 新的档案拥有者的使用者群体(group)
-c : 若该档案拥有者确实已经更改,才显示其更改动作
-f : 若该档案拥有者无法被更改也不要显示错误讯息
-h : 只对于连结(link)进行变更,而非该 link 真正指向的档案
-v : 显示拥有者变更的详细资料
-R : 对目前目录下的所有档案与子目录进行相同的拥有者变更(即以递回的方式逐个变更)
–help : 显示辅助说明
–version : 显示版本
4.2.1. Examples:
例1:把文件yusi123.com的所有者改为yusi。
$ chown yusi yusi123.com
例2:把目录/demo及其下的所有文件和子目录的属主改成yusi,属组改成users。
$ chown - R yusi.users /demo
例如:chown qq /home/qq (把home目录下的qq目录的拥有者改为qq用户)
例如:chown -R qq /home/qq (把home目录下的qq目录下的所有子文件的拥有者改为qq用户)
4.3, chgrp command
Function: Change the group to which a file or directory belongs.
Syntax: chgrp [options] group filename¼
4.3.1. Parameter description:
-c或–changes 效果类似”-v”参数,但仅回报更改的部分。
-f或–quiet或–silent 不显示错误信息。
-h或–no-dereference 只对符号连接的文件作修改,而不更动其他任何相关文件。
-R或–recursive 递归处理,将指定目录下的所有文件及子目录一并处理。
-v或–verbose 显示指令执行过程。
–help 在线帮助。
–reference=<参考文件或目录> 把指定文件或目录的所属群组全部设成和参考文件或目录的所属群组相同。
–version 显示版本信息。
该命令改变指定指定文件所属的用户组。其中group可以是用户组ID,也可以是/etc/group文件中用户组的组名。文件名是以空格分开的要改变属组的文件列表,支持通配符。如果用户不是该文件的属主或超级用户,则不能改变该文件的组。
该命令的各选项含义为:
– R 递归式地改变指定目录及其下的所有子目录和文件的属组。
4.3.2. Instructions for usage:
例1:
$ chgrp - R book /opt/local /book
改变/opt/local /book/及其子目录下的所有文件的属组为book。
4.4. Conclusion
A summary of relevant permissions will be added later. . . . To be continued. .