Table of contents
1. The relationship between application program commands and system commands
2. The directory structure of a typical application
3. Catalog files of typical applications
6. Manage user and group accounts
1. Permissions and ownership of files/directories
3. The underlying properties of the file
4. Additional permission SET bit
1. The relationship between application program commands and system commands
1. File location
System commands: generally in the /bin/sbin directory, or for Shell internal commands
Applications: usually in the /use/bin and /usr/sbin directories
2. Main purpose
System commands: complete the basic management of the system, such as IP configuration tools
Applications: Complete other auxiliary tasks relatively independently, such as web browsers
3. Use environment
System commands: generally only run in the character operation interface
Applications: Some programs can run in a graphical interface
run format
System commands: generally include command words, command options and command parameters
Application: usually does not have a fixed execution format
2. The directory structure of a typical application
file type | save directory |
---|---|
common executable file | /usr/bin |
Server Exec Files and Hypervisor Files | /usr/sbin |
application configuration file | /etc |
log file | /var/log |
Application Documentation File | /usr/share/doc |
Application man page files | /usr/share/man |
3. Catalog files of typical applications
package type | illustrate |
---|---|
rpm package | The extension is ".rpm" |
deb package | The extension is ".deb" |
source code package | Generally, compressed packages in the format of ".tar.gz", ".tar.bz2" etc. contain program source code |
Package with installer | Provided with installer programs such as install.sh and setup provided in the compressed package or as a single execution file in ".bin" format |
Green free installation software package | Use it directly after decompressing the compiled executable program file provided in the compressed package |
Four. rpm package
1、由Red Hat公司提出,被众多Linux发行版采用
2、建立统一的数据库文件
3、详细记录软件包安装、卸载等变化信息
4、自动分析软件包依赖关系(yum)
5、bash-4.1.2-15.e16_4.x86_64.rpm
bash:软件名称 4.1.2:版本号 15.e16_4发布次数 x86-64:适用平台
rpm 安装、升级、卸载RPM软件包;查询、验证PRM软件包信息;维护RPM数据库信息
命令格式
查询已安装的rpm软件
rpm -q 查找是否存在指定文件
rpm -qa 查看系统中已安装的所有RPM软件包列表
rpm -qi 查看指定软件的详细信息
rpm -ql 查询指定软件包所安装的目录、文件列表
rpm -qc 查寻指定软件包的配置文件
rpm -qd 文档指定软件包的文件
rpm -qf 查询rpm软件包的程序
查询未安装的RPM包文件
rpm -qpi 通过.rpm包文件查看该软件的详细信息
rpm -qpl 通过.rpm安装包内所包含的目录、文件列表
安装
rpm -i 安装一个新的rpm软件包
rpm -U 升级某个rpm软件,若未安装,则进行安装
rpm -F 更新某个rpm软件,若未安装,则放弃更新
卸载
rpm -e 卸载指定的rpm软件
rpm --nodeps 忽略依赖关系
辅助
rpm -h 以#号显示安装进度
rpm -v 显示安装过程中的详细信息
重建RPM数据库
rpm --rebuilddb
rpm --initdb
导入验证公钥
rpm --import
5. Compile and install
Advantages: obtain the latest software version, fix bugs in time; flexibly customize software functions according to user needs
Tarball package: .tar.gz and .tar.bz2 formats are mostly
Integrity verification: md5sum verification tool
Confirm the source code compilation environment: install a compiler that supports C/C++ programming language
Process: 1. Download the source code installation package file
2. Tar unpacking (unzip and release the source code package to the specified directory)
3. ./configure configuration (set the installation directory, install modules and other options)
4. Make compilation (generate executable binary files)
5. make install installation (copy binary files to the system, configure the application environment)
6. Testing and application and maintenance environment
In step 2, you need to configure --prefix=software installation directory
6. Manage user and group accounts
1. Basic instructions
UID: user identification number (default: 0 for super users, 1-499 for program users, 500-60000 for artificially created users)
GID: group identification number
User account: super user, common user, program user
Group account: basic group (private group, an account can only belong to one basic group)
Additional groups (public groups, an account can belong to multiple additional groups)
2. User account file
Location: /etc/passwd
Each row corresponds to a user's account record
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
/bin/bash:可登录 /sbin/nologin:不可登录
Location: /etc/shadow
Each row corresponds to a user's password record
root:$6$KkUpqaeGEivJlhxQ$Ujy1jrh.: :0:99999:7: : :
1 2 3 4 5 6 7 8 9
tcpdump:!!:19469: : : : : :
1 2 3 4 5 6 7 8 9
文件每一行内容包含九个用":"分割的配置字段
1.用户登录名 2.用户密码(!!为禁止登录;$为可以登录)
3.该账户上次修改密码日期距离1970.1.1(Linux元年)相隔多少天
4.密码最短使用期限,0代表无限制
5.密码最长使用期限,99999代表无限制
6.密码过期前N天,提醒更改密码
7.密码过期后宽限天数,超过宽限期限,账户不可用,需要管理员解锁
8.该账户密码过期时间日期距离1970.1.1(Linux元年)相隔多少天
9.保留未使用
useradd
格式:
useradd [选择] 用户名
常用选项:
useradd -d 指定宿主目录,缺省为/home/用户名
useradd -u 指定UID标记符
useradd -e 指定账户失效时间
useradd -g 指定用户的基本组名(或UID号)
useradd -G 指定用户的附加组名(或GID号)
useradd -M 不为用户建立并初始化宿主目录(一般被建设程序账户使用)
useradd -s 指定用户的登录Shell(一般普通用户指定为/bin/bash,程序用户为/sbin/nologin)
The source of files under the home directory of the newly created user account is copied from the /etc/skel directory.
Main user initial profile:
~/.bash_profile: executed every time the user logs in
~/.bashrc: Execute every time you enter a new Bash environment
~/.bash_logout: executed every time the user logs out
passwd
格式:
passwd [选项] 用户名
常用选项:
passwd -d 清空用户密码,使之无需密码即可登录
passwd -l 锁定用户账号
passwd -S 查看用户账号状态(是否被锁定)
passwd -u 解锁用户账号
2.3.3 Modify account attributes
usermod
格式:
usermod [选项] 用户名
常用选项:
usermod -l 更改用户账号的登录名称
usermod -L 锁定用户账户
usermod -U 锁定用户账户
usermod -d 更改账户的家目录
以下选项与useradd命令中的含义相同
-u -d -e -g -G -s
Note: If you want to modify the home directory of the account, you need the mv command to move the file after using the usermod command
userdel
格式:
userdel [-r] 用户名
选项:
有-r全部删除
无-r留有目录
3. Group account file
3.1 Basic information of group account
File location: /etc/group
3.2 Group account password information
File location: /etc/gshadow
groupadd
格式:
groupadd [-g GID] 组账号名
gpasswd 设置组账号密码(极少用)、添加/删除组成员
格式:
gpasswd [选项] 组账号名
常用选项:
-a 向组内添加一个用户
-d 从组内删除一个用户
-M 定义组成员列表,以逗号分隔(在列表内的加入组,没在表内的删除)
groupdel
格式:
group 组账号名
4. Account query command
id命令
id [用户名] 查询用户身份表示
group命令
groups [用户名] 查询用户所属的组
finger命令
finger [用户名] 查询用户账号的详细信息
users\w\who命令 查询已登录到注意的用户信息
7. Permissions
1. Permissions and ownership of files/directories
访问权限
读取r:允许查看文件内容、显示目录列表
写入w:允许修改文件内容,允许在目录中新建、移动、删除文件或子目录
可执行x:允许运行程序、切换目录
r/w/x可以使用数字表示,分别为4,2,1
r+w 6
r+x 5
w+x 3
r+w+x 7
目录有执行权没读取权:可切换到目录下,但目录下无文件
目录无执行权有读取权:可查看目录下文件,但切换不到目录下
归属(所有权)
属主:拥有该文件或目录的用户账号
属组:拥有该文件或目录的组文件
The last r – represents the permissions of users who are neither the root user nor the root group
2. Command
chmod
格式一:
chmod [ugoa] [+-=] [rwx] 文件或目录
u:属主 g:属组 o:其他用户 a:所有用户
+:增加 -:去除 =:设置
格式二:
chmod nnn 文件或目录
nnn:3位八进制数
例如:
r-- --- r-x
4 0 5
rwx rwx rwx
7 7 7
选项:
-R 递归修改指定目录下所有子目录
chown
格式:
chown 属主 文件或目录
chown :属组 文件或目录
chown 属主:属组 文件或目录
选项:
-R 递归修改指定目录下所有子目录
3. The underlying properties of the file
The underlying attribute of the object above the permission control, the permission is higher than rwx
lsattr 查看底层属性
"-"代表次控制位没有附加任何底层属性
chattr 修改底层属性
格式:
chattr [+/-/= i/a] 文件或目录
选项:
+,-,=用法等同于chmod
-i: 全锁
目录:可修改已有对象,不可建立删除子对象
文件:不可删除,改名,追加,修改
-a: 修改锁
目录:可以建立修改子对象,不可以删除子对象
文件:可以追加内容,不可以修改删除。(多用于日志)
4. Additional permission SET bit
SET bit: Allows unprivileged users to get the highest authority of the program
SET bit permission: set for executable files, the permission character is "s" (s is the same as r\w\x)
When other users execute the file, they will have owner or group permissions
SET bit permission type:
Suid: Add SET bits to the owner user
Sgid: Add SET permission to users in the group
chomd +s 文件或目录
5. Sticky bit
Allow multiple users to modify only their own files in the same directory with open permissions set
chomd o+t 文件或目录
Eight. Supplements
卸载光盘:umount /dev/sr0
挂载到/media目录:mount /dev/sr0 /media