1. User Identity
For explanations of various information about users and user passwords, please refer to my article Detailed Explanation of /etc/passwd and /etc/shadow Configuration Files under Linux
1.1 id
Display user details.id 用户名
[root@hostname /]# id root
uid=0(root) gid=0(root) groups=0(root)
1.2 useradd
Create a new user account.useradd [参数] 用户名
[root@hostname /]# useradd -d /home/a_close -u 1002 -s /sbin/nologin a_close
[root@hostname /]# id a_close
uid=1002(a_close) gid=1002(a_close) groups=1002(a_close)
#创建用户a_close -d:指定目录 -u:指定UID -s:指定Shell解释器 /sbin/nologin禁止登录,默认bash解释器为/bin/bash
1.3 groupadd
Create a new user group.groupadd [参数] 群组名
[root@hostname /]# groupadd a_close_group
1.4 usermod
Modify user properties.usermod [参数] 用户名
[root@hostname /]# id a_close
uid=1002(a_close) gid=1002(a_close) groups=1002(a_close)
#将a_close的扩展组改为root用户组,-G
[root@hostname /]# usermod -G root a_close
[root@hostname /]# id a_close
uid=1002(a_close) gid=1002(a_close) groups=1002(a_close),0(root)
#更改a_close的UID,-u
[root@hostname /]# usermod -u 1001 a_close
[root@hostname /]# id a_close
uid=1001(a_close) gid=1002(a_close) groups=1002(a_close),0(root)
#将a_close的解释器从/sbin/nologin更改为/bin/bash,-s
[root@hostname /]# su a_close
This account is currently not available.
[root@hostname /]# usermod -s /bin/bash a_close
[root@hostname /]# su a_close
[a_close@hostname /]$
1.5 passwd
Modify user password, expiration time and other information.passwd [参数] 用户名
#修改自己
[root@hostname /]# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
#root改a_close
[root@hostname /]# passwd a_close
#root锁定用户a_close,-l
[root@hostname /]# passwd -l a_close
#root解锁用户a_close,-u
[root@hostname /]# passwd -u a_close
1.6 userdel
Delete user account.userdel [参数] 用户名
#删除用户a_close
[root@hostname ~]# userdel a_close
[root@hostname ~]# id a_close
id: ‘a_close’: no such user
#删除a_close所在目录数据 /home/a_close
[root@hostname ~]# cd /home
[root@hostname home]# ls
a_close hostname
[root@hostname home]# rm -rf a_close
[root@hostname home]# ls
hostname
[root@hostname home]#
2. File permissions
The difference between readable, writable and executable corresponding commands on files and directories
Readable, writable and executable characters and numbers. 731:rwx-wx–x
[linuxprobe@linuxprobe ~]$ ls -l a.txt
-rw-rw-r--. 1 linuxprobe linuxprobe 0 Jun 8 16:07 a.txt
#文件类型:普通文件(-),还有目录文件(d)、链接文件(l)、管道文件(p)、块设备文件(b)、字符设备文件(c)
#所有者(linuxprobe)权限:rw-
#所属组(linuxprobe)权限:rw-
#其他用户权限:r--
3. Special permissions for files
3.1 SOUTH
The special authority set for the binary program allows the executor of the binary program to temporarily have the owner authority.
[linuxprobe@hostname ~]$ ls -l /etc/shadow
----------. 1 root root 1317 May 23 19:43 /etc/shadow
[linuxprobe@hostname ~]$ ls -l /bin/passwd
-rwsr-xr-x. 1 root root 34512 Aug 13 2018 /bin/passwd
#查看passwd命令属性发现所有者权限(rws),即该文件被赋予SUID特殊权限,即普通用户也可以将变更信息写入/etc/shadow中。
3.2 SHOE
1. The special permission set for the binary program allows the executor of the binary program to temporarily have the permission of the group to which it belongs .
[linuxprobe@hostname ~]$ ls -l /bin/ps
-rwxr-xr-x. 1 root root 141240 Aug 13 2018 /bin/ps
[root@hostname home]# chmod g+s /bin/ps
[root@hostname home]# ls -l /bin/ps
-rwxr-sr-x. 1 root root 141240 Aug 13 2018 /bin/ps
#给ps命令增加SGID权限(r-s)
2. Files created in a directory automatically inherit the user group of the directory (only for directories). Take the department's shared directory as an example. After setting the SGID special permission for this directory, the files created by anyone in the department will belong to the group to which the directory belongs, instead of their own basic user group.
#在/tmp文件夹下新增文件夹testdir,设置好目录的777及SGID权限
[root@hostname /]# cd /tmp
[root@hostname tmp]# mkdir testdir
[root@hostname tmp]# ls -ald testdir
drwxr-xr-x. 2 root root 6 Jun 19 09:36 testdir
[root@hostname tmp]# chmod -R 777 testdir
[root@hostname tmp]# chmod -R g+s testdir
[root@hostname tmp]# ls -ald testdir
drwxrwsrwx. 2 root root 6 Jun 19 09:36 testdir
#切换普通用户linuxprobe,在目录testdir中新创建文件test,新创建的文件test即会继承testdir所在所属组名称root
[root@hostname tmp]# su linuxprobe
[linuxprobe@hostname tmp]$ cd /tmp/testdir
[linuxprobe@hostname testdir]$ echo "hello" >test
[linuxprobe@hostname testdir]$ ls -ald test
-rw-rw-r--. 1 linuxprobe root 6 Jun 19 09:43 test
3.2.1 compd
It is used to set the general permissions and special permissions of the file (-R recursively operates on the file directory).chmod [参数] 文件名
[root@hostname ~]# ls -l anaconda-ks.cfg
-rw-------. 1 root root 1385 Apr 12 00:42 anaconda-ks.cfg
[root@hostname ~]# chmod 760 anaconda-ks.cfg
[root@hostname ~]# ls -l anaconda-ks.cfg
-rwxrw----. 1 root root 1385 Apr 12 00:42 anaconda-ks.cfg
3.2.2 chown
Used to set the owner and all groups of the file (-R recursively operates on the file directory).
[root@linuxprobe ~]# chown linuxprobe:linuxprobe anaconda-ks.cfg
[root@linuxprobe ~]# ls -l anaconda-ks.cfg
-rwxrw----. 1 linuxprobe linuxprobe 1385 Apr 12 00:42 anaconda-ks.cfg
3.3 SBIT
Set the SBIT permission on a certain directory, and the files in this directory can only be deleted by its owner.
#/tmp文件夹默认为SBIT权限,切换到普通用户linuxprobe,且普通用户对testdir文件夹rwx均开,但不可删除/tmp下的testdir
[linuxprobe@linuxprobe tmp]$ ls -ald /tmp
drwxrwxrwt. 17 root root 4096 Jun 19 10:19 /tmp
[linuxprobe@linuxprobe tmp]$ ls -ald testdir
drwxrwsrwx. 2 root root 6 Jun 19 10:23 testdir
[linuxprobe@linuxprobe tmp]$ rm -rf testdir
rm: cannot remove 'testdir': Operation not permitted
3.4 Special permission setting
| parameter | effect |
|---|---|
| u+s | Set SUID permissions |
| u-s | Cancel SUID permission |
| g+s | Set SGID permissions |
| g-s | Cancel SGID permission |
| o+t | Set SBIT permissions |
| o-t | Cancellation of SBIT authority |
In operation, you can use the number to set the authority with one key. SUID, SGID, and SBIT correspond to permissions 4, 2, and 1.
references
"This is how Linux should be learned"