Table of contents
root user (super administrator)
3.3 Modify permission control - chmod
3.4 Modify permission control - chown
3.1 Get to know the root user
root user (super administrator)
Whether it is Windows, MacOS, or Linux, they all use multi-user management mode for permission management. In the Linux system, the account with the most privileges is named: root (super administrator). In the early days, the account we always used was an ordinary user.
The root user has the greatest system operation permissions, while ordinary users have limited permissions in many places. For example: Ordinary users cannot create files in the root directory.
The permissions of ordinary users are generally unrestricted in their HOME directory. Once they leave the HOME directory, in most places, ordinary users only have read and execute permissions, and no modification permissions.
su and exit commands
The su command is a system command used for account switching. Its source is the English word: S witch U ser
grammar:
- - The symbol is optional and indicates whether to load environment variables after switching users (explained later). It is recommended to bring it.
- Parameters: username, indicating the user to be switched. The username can also be omitted. If omitted, it means switching to root.
- After switching users, you can use the exit command to return to the previous user , or you can use the shortcut key: ctrl + d
When using a normal user and switching to another user, you need to enter a password , such as switching to the root user.
Use root user to switch to other users, no password is required , you can switch directly
sudo command
When we know the root password, we can switch to root through the su command to obtain maximum permissions.
However, we do not recommend using the root user for a long time to avoid system damage.
We can use the sudo command to authorize ordinary commands and temporarily execute them as root .
grammar:
- Before other commands, bring sudo to temporarily grant root authorization to this command;
- But not all users have the right to use sudo. We need to configure sudo authentication for ordinary users.
Configure sudo authentication for ordinary users
- 1. Switch to the root user and execute the visudo command . It will automatically open through the vi editor: /etc/sudoers;
- 2. Add at the end of the file;
The last NOPASSWD:ALL means to use the sudo command without entering a password;
- 3. Finally save through wq;
- 4. Switch back to the normal user, add sudo before the executed command, and run it as root .
3.2 Users and user groups
In the Linux system, you can: configure multiple users, configure multiple user groups, and users can join multiple user groups.
There are two levels of permission control in Linux, namely: permission control for users and permission control for user groups.
For example, for a certain file, you can control the permissions of the user or the permissions of the user group.
Therefore, we need to learn the basic commands for user and user group management in Linux to lay the foundation for learning permission control later.
User group management
The following commands need to be executed by the root user
Create a user group: groupadd user group name
Delete user group: groupdel user group name
User Management
Create user: useradd [-g -d] username
- Option: -g specifies the user's group. If -g is not specified, a group with the same name will be created and automatically joined. Specifying -g requires that the group already exists. If a group with the same name already exists, -g must be used.
- Options: -d specifies the user HOME path. If not specified, the HOME directory defaults to: /home/username.
Delete a user: userdel [-r] username
- Options: -r, delete the user's HOME directory, do not use -r, delete the user, the HOME directory is retained
View the groups to which the user belongs: id [username]
Modify the group to which the user belongs: usermod -aG user group
- Username, add the specified user to the specified user group
getent:
Use the getent command to check which users are in the current system
Syntax: getent passwd
The information displayed is:
Username: Password (x): User ID: Group ID: Description information (useless): HOME directory: Execution terminal (default bash)
Using the getent command, you can also check which user groups are in the current system.
Syntax: getent group
Contains 3 pieces of information, group name: group authentication (displayed as x): group ID
3.3 Modify permission control - chmod
Cognitive permission information
Permission details are divided into 10 slots in total:
Example: drwxr-xr-x, means:
This is a folder, represented by the first letter d;
The permissions of the user (number 2 in the upper right corner) are: r, w, x, rwx;
The permissions of the user group it belongs to (number 3 in the upper right corner) are: r, no w, x, rx (- means no such permission);
The permissions of other users are: r, no w, x, rx;
rwx
So, what does rwx stand for?
- r means read permission
- w means write permission
- x represents execution permission
The meaning of rwx is slightly different for different files and folders:
- r, you can view the file content for the file
For folders, you can view the contents of the folder, such as the ls command
- w, for files, indicates that this file can be modified
For folders, you can create, delete, rename, etc. operations within the folder.
- x, for files, indicates that the file can be executed as a program
For a folder, it means you can change the working directory to this folder, that is, cd to enter
We can use the chmod command to modify the permission information of files and folders.
Note that only the user who owns the file or folder or the root user can modify it.
grammar:
- Options: -R, applies the same operation to the entire contents of the folder.
Example:
1. chmod u=rwx,g=rx,o=x hello.txt and change the file permissions to: rwxr-x--x
- Among them: u represents the user rights to which user belongs, g represents the group rights, and o represents other user rights.
2. chmod -R u=rwx,g=rx,o=x test, set the permissions of the folder test and all contents in the folder to: rwxr-x-- x
The numerical serial number of the permission
Permissions can be represented by 3-digit numbers. The first digit represents user permissions, the second digit represents user group permissions, and the third digit represents other user permissions. The details of the numbers are as follows: r is denoted as 4, w is denoted as 2, and x is denoted as 1. There can be:
- 0: No permissions, that is---
- 1: Only x permissions, i.e. --x
- 2: Only w permission is -w-
- 3: Have w and x permissions, that is -wx
- 4: Only r permission, that is, r--
- 5: Have r and x permissions, that is, rx
- 6: Have r and w permissions, that is, rw-
- 7: Has full permissions, namely rwx
751 means: rwx(7) rx(5) --x(1)
3.4 Modify permission control - chown
Using the chown command, you can modify the users and user groups to which files and folders belong.
Ordinary users cannot change the membership to other users or groups, so this command is only applicable to root users.
grammar:
- Option, -R, same as chmod, applies the same rules to all contents in the folder
- Options, users, modify the user
- Options, user groups, modify user groups to which they belong
- : used to separate users and user groups
Example:
- chown root hello.txt, change the user belonging to hello.txt to root.
- chown:root hello.txt, change the user group to which hello.txt belongs to root.
- chown root:itheima hello.txt, change the user to which hello.txt belongs to root and the user group to itheima.
- chown -R root test, change the user belonging to the folder test to root and apply the same rules to all contents in the folder.