Linux System Files Related to User Accounts - Introduction to Pseudo-User Technology
What is a fake user?
In the Linux system, in addition to real users (such as root, guest, etc.) and system users (such as daemon, sys, etc.), there is also a type of virtual user, namely pseudo user (pseudo user). As a special user identity, pseudo-user plays an important role in system resource access control and operating environment configuration. Different from ordinary users and system users, pseudo-users do not have permission to log in to the system and have effective shells. They are mainly used to meet the requirements of certain processes for information such as owners and groups of resources such as files, directories, and devices.
Syntax and Practical Operations of Linux Pseudo-Users
create fake user
In Linux, the command format for creating a pseudo-user is:
useradd [options] username
Among them, options
it is used to specify different option parameters, such as:
-r
: Create a system user;-d
: Specify the user's home directory;-g
: Specify the group to which the user belongs, etc.;
The following takes creating a nobody user as an example to demonstrate how to create a pseudo-user:
$ sudo useradd -r -d /home/nobody -s /usr/sbin/nologin nobody
In this command, -r
parameters are used to create a system user. -d
The parameter specifies the user’s home directory as /home/nobody
, and -s
the parameter specifies the user’s shell as /usr/sbin/nologin
, which means that the user cannot log in to the system. After the execution is complete, you can use the following command to view the created pseudo user information:
$ id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
It can be seen that the UID and GID of the created nobody user are both 65534 and belong to the nogroup group. These attributes are similar to a normal user and limit its file access.
Set permissions for pseudo-users
In addition to creating pseudo-users, you can also set different permissions for them to achieve more fine-grained access control. The Linux system provides setfacl
commands for setting file permissions. The specific syntax is as follows:
setfacl [options] filename/dirname
Among them, options
it is used to specify different option parameters, such as:
-m
:Modify permissions;-x
: delete permission;
The following is an example of setting the nobody user /data/user
to have the execution permission on the directory to demonstrate how to set the permission for the pseudo-user:
$ sudo setfacl -Rm u:nobody:x /data/user
In this command, -R
the parameter is used to indicate the recursive setting permission, and -m
the parameter is used to indicate the modification permission, u:nobody:x
which means that the nobody user has /data/user
the execution permission on the directory.
set password for fake user
Setting a password for a pseudo-user can enable it to have a certain identity when accessing system resources, thus ensuring the effectiveness of security control. You can set a password for the nobody user with the following command:
Copy Code$ sudo passwd nobody
After the execution is completed, enter the password twice to complete the password setting.
The Difference Between Linux Pseudo-Users
In the Linux system, there are multiple pseudo-users, and different pseudo-users have different identities and permissions, mainly as follows:
fake user | UID/GID | describe |
---|---|---|
nobody | 65534 | Do not have any file access permissions for process or service to run |
daemon | 1 | The system daemon uses |
lp | 7 | The printer daemon uses |
8 | The mail daemon uses | |
news | 9 | The news daemon uses |
sys | 3 | System program use |
bin | 2 | System file owners use |
In actual use, different pseudo-users can be selected for configuration and application as required. When setting pseudo-user permissions, special care needs to be taken to avoid confusion and security issues with access to system resources.
in conclusion
Pseudo-users in the Linux system are an important tool for access control. By setting different permissions, restrict the access permissions of certain users or programs to files, directories, processes, etc., so as to achieve more flexible and fine-grained security management. In addition, different pseudo-users have different identities and permissions, which can be configured and applied according to actual needs. Special attention should be paid to the use and configuration of pseudo-users, which need to be handled carefully to ensure the security and stability of system resource access.