1. Users and groups
(1) User-related documents
1. Save user information: /etc/passwd
[ root@localhost~]# grep sumeng /etc/passwd
sumeng:x:1000:1000::/home/sumeng:/bin/bash#The meaning of each field--user name: password reserved field (no actual meaning): user id: basic group id: user description information: user home directory: user login shell
#User group id: unique identifier of the user
#Basic group id: indicates who the user’s basic group is
2. Save user password: /etc/shadow
[root@localhost ~]# grep sumeng1 /etc/shadow
sumeng1:!!:19436:0:99999:7:::#The second field is the password field
3. Group information file: /etc/group
4. Home directory: /home--the home directory of ordinary users is stored in this directory, and the home directory of root users is /root.
5. Template file of home directory: /etc/skel
[root@localhost ~]# cd /etc/skel
[root@localhost skel]# touch ceshi
[root@localhost skel]# useradd newuser
[root@localhost newuser]# cd /home/newuser
[root@localhost newuser]# ls
ceshi
6. User default attribute configuration file: /etc/login.defs
Super administrator user-id is 0
Program system user--id is generally 1-999
Ordinary user-id is above 1000
7. Mainly controls the configuration file initialized by the user
.bash_profile | Executed every time the user logs in |
.bashrc | Executed every time you enter a new Bash environment |
.bash_logout | Executed every time the user logs out |
.bash_history | Records the historical commands used before the last logout. |
8. Shell configuration files and differences
/etc/profile | Configure global environment variables to affect all users |
~/.bash_profile | Configure a personal environment to affect a user |
/etc/bashrc | Configure global aliases or shell options that affect all users |
~/.bashrc | Configure personal aliases or shell options that affect a user |
(2), useradd command
useradd command: create a new user
Common usage:
1. If no group is specified, a group with the same name as the user will be automatically created.
[root@localhost shell-test]# useradd sc1
[root@localhost shell-test]# id sc1 #The id command is used to display the user ID and group ID uid
=1019(sc1) gid=1019(sc1) group=1019 (sc1)
2. Specify the group--can have all permissions of the group
-g: Specify the basic group, there is only one basic group
-G: Specify additional groups, there can be multiple
[root@localhost shell-test]# useradd -g sc1 -G sc sc2 #Specify the basic group as sc1 and the additional group as sc
[root@localhost shell-test]# id sc2
uid=1020(sc2) gid=1019(sc1) 组=1019(sc1),1018(sc)[root@localhost newuser2]# useradd -G sumeng,sumeng1 su1 #Specify multiple additional groups
[root@localhost newuser2]# id su1
uid=2028(su1) gid=2028(su1) group=2028(su1),1000( sumeng),1006(sumeng1)
3. Specify the id when creating a user
-u: Specify the UID of the user
[root@localhost shell-test]# useradd -u 2000 sc3
[root@localhost shell-test]# id sc3
uid=2000(sc3) gid=2000(sc3) group=2000(sc3)
[root@localhost shell-test ]# useradd sc4 #By default, id is not specified, and 1 will be added to the previous one
[root@localhost shell-test]# id sc4
uid=2001(sc4) gid=2001(sc4) group=2001(sc4)
4. Specify user description information
-c: Add user description
[root@sanchuang shell-test]# useradd -c "test sc5" sc5
[root@sanchuang shell-test]# grep sc5 /etc/passwd
sc5:x:2002:2002:test sc5:/home/sc5:/bin /bash #The fifth field is the user’s description information
5. Specify the user’s home directory
-d: Specify the user's home directory, the default is /home/username, write the absolute path when specifying
Note: Under normal circumstances, an ordinary user can only create files in the system's default home directory and /tmp directory. If the home directory is specified as another directory, the user may fail due to insufficient permissions when creating files.
[root@localhost shell-test]# useradd -d /opt/home/sc6 sc6
[root@localhost shell-test]# grep sc6 /etc/passwd
sc6:x:2003:2003::/opt/home/sc6: /bin/bash #The sixth field is the user’s home directory
[root@localhost shell-test]# su - sc6
[sc6@localhost ~]$ pwd
/opt/home/sc6
[sc6@localhost ~]$ mkdir /opt/ test #Insufficient permissions to create a new
mkdir: Unable to create directory "/opt/test": Insufficient permissions
6. Specify the user's login shell - a shell that is executed as soon as you log in
-s: Specifies the user's login shell, the default is /bin/bash
[root@localhost ~]# useradd -s /bin/sh sc7
[root@localhost ~]# grep sc7 /etc/passwd
sc7:x:2004:2004::/home/sc7:/bin/sh #The last field Login shell for the user[root@localhost ~]# su - sc7
-sh-4.2$
When executing the useradd command, the work done in the background is as follows:
1. Modify /etc/passwd
zhourenjie123:x:6677:6677:wudangpai:/home/zhourenjie123:/bin/bash2. Modify /etc/shadow
zhourenjie123::19493:0:99999:7::: #Set the password to empty, that is, the password field is empty3. Modify /etc/group
wudangpai:x:6677:4. Create a new home directory
mkdir /home/zhourenjie1235. Copy the environment variable initialization script to the home directory
cp /etc/skel/.* /home/zhourenjie123/6. Create a new mailbox - the mailbox name is generally the same as the user name
touch /var/spool/mail/zhourenjie1237. Modify the permissions related to the home directory
[root@localhost skel]# chown zhourenjie123:wudangpai /home/zhourenjie123/
[root@localhost skel]# chmod 700 /home/zhourenjie1238. Modify email-related permissions
[root@localhost skel]# chmod 660 /var/spool/mail/zhourenjie123
[root@localhost skel]# chown zhourenjie123:mail /var/spool/mail/zhourenjie123
(3) Passwd command
passwd command: change user password
1. The root user can set passwords for other users without following the password setting rules; ordinary users can only change their own passwords and directly enter the passwd command. When changing passwords, they must follow the password setting rules.
[root@localhost ~]# passwd sumeng1Change
the password of user sumeng1.
New password:
Invalid password: Password is less than 8 characters
Re-enter new password:
passwd: All authentication tokens have been updated successfully.[root@localhost ~]# grep sumeng1 /etc/shadow
sumeng1:$6$zb7mza/g$1ALKsveCO4ktHXOt3o37opJMFIsttBYbfmgCQ.x.YKvwtgdvk.6FJICOukvLvzaqF0mxC9o8Glviz5mqaeyuI.:19468:0:99999:7:::
2. Set the password directly using the pipe symbol without manual input.
[root@localhost ~]# echo "abc123"|passwd sumeng1 --stdin
changes the password of user sumeng1.
passwd: All authentication tokens have been successfully updated.
3. Locked users do not have the right to change their passwords, which can only be changed by the root user
-l: Temporarily lock the user, which actually means changing the user's password. Add "!" before the user's password field in the /etc/shadow file to invalidate the password.
[root@localhost sc6]# passwd -l sc7
locks the password of user sc7.
passwd: Operation successful
[root@localhost sc6]# grep sc7 /etc/shadowsc7:!!$6$TaWQx3sp$Jp87zZXjwuFeta6sOP2nFUYtn1jxslKzR2xthsVvlIZyV9omVJx9WeCWFMh2D./fqdPZvYIlCQxq9aX6C36HQ0:19444:0:99999:7:::
(4) Usermod command
usermod command: Modify various user settings
Common options:
-s (shell) | Change a user's login shell |
-g (group) | Change base group |
-G (group) | Change add-on group |
-u (UID) | Change user id |
-d (login directory) | Change user's home directory |
-c (remarks) | Change user's description |
-L | Lock user password to invalidate password |
(5) Userdel command
userdel command: delete user account
usage:
userdel username | Delete the username user without deleting the home directory |
userdel -r username | Delete the username user and delete the home directory information |
(6), su command
su command: switch users, used to change to other user identities
usage:
su username | Switch directly to the username user, but do not switch the current environment |
su - username | Switch directly to the username user and switch to the username environment |
[root@localhost ~]# export USER_TEST="sumeng" #Set environment variables
[root@localhost ~]# env|grep sumeng #Filter out the newly set environment variables in the current environment
USER_TEST=sumeng
[root@localhost ~]# su sumeng
[sumeng@localhost root]$ env|grep sumeng #Use su to switch, you can findUSER_TEST=sumeng
[sumeng@localhost root]$ exit
exit
[root@localhost ~]# su - sumeng #Use su - switch, not found
Last login: Friday April 21 11:41:08 CST 2023pts/0 on
[sumeng@localhost ~ ]$ env|grep sumeng
(7) Other related orders
Order | effect |
last | View recent user logins to the system |
lastlog | Check whether the user in the system has logged in and the latest login time of the logged in user |
2. Permissions
(1) File-related permissions
1. File read, write and execute permissions
r --read | Numeric representation: 4 File: view content Folder: ls |
w --write | Numerical representation: 2 File: Modify file content Folders: create, delete, move |
x --execute | Numeric representation: 1 File: Allow running programs Folder: Only with execution permission can you use cd to switch |
By default, an ordinary user can only create files in the home directory or tmp directory.
2. File ownership permissions
Owner (ower): The user who owns the file or directory--u
Group: the group account that owns the file or directory--g
其他人(other):除了属主和属组的其他人--o
3.文件类型 -- 文件详细信息的第一个字符
- | 普通文件 |
d | 目录 |
l | 链接文件--link |
s | socket文件 |
p | pipe管道 |
c | 字符设备文件 |
b | 块设备文件 |
文件详细信息的第一列表示权限,第1个字符为文件类型,第2-10个字符,三个字符一组,分别表示属主、属组、其他人的权限
(二)、chmod命令--修改权限
常见用法
例:
[root@localhost shell-test]# ll test #查看当前文件的详细信息
-rw-r--r--. 1 root root 0 3月 27 22:12 test#给test的属主添加执行权限
chmod u+x test
#给test的属主去除执行权限
chmod u-x test
#直接写明属主的权限
chmod u=rwx test
#对属主与属组的权限进行修改--属主去除执行权限,属组添加执行权限
chmod u-x,g+x test
#使用数字修改权限--属主拥有读写权限,属组与其他人拥有读的权限
chmod 644 test
#修改目录权限,即递归修改下面文件以及子文件夹的权限,使用-R选项递归修改
chmod 777 shell-test/ -R
(三)、chown命令--修改属主和属组
1.修改属主
#test.sh文件的属主原本为root,修改为sc1
[root@localhost shell-test]# ll test.sh
-rwxr--r--. 1 root root 32 4月 10 23:50 test.sh
[root@localhost shell-test]# chown sc1 test.sh
[root@localhost shell-test]# ll test.sh
-rwxr--r--. 1 sc1 root 32 4月 10 23:50 test.sh #第3列表示文件的属主
2.修改属组
#将test.sh文件的属组修改为sc3
[root@localhost shell-test]# chown :sc3 test.sh
[root@localhost shell-test]# ll test.sh
-rwxr--r--. 1 sc1 sc3 32 4月 10 23:50 test.sh #第4列表示文件的属组
3.修改属主与属组
#将test.sh文件的属主修改为sc3,属组修改为sc6
[root@localhost shell-test]# chown sc3:sc6 test.sh
[root@localhost shell-test]# ll test.sh
-rwxr--r--. 1 sc3 sc6 32 4月 10 23:50 test.sh
(四)、sudo权限
sudo命令:授权给普通用户去执行很多重要命令(代替root用户去执行)。debian、Ubuntu系统都会有一个超级普通用户,使用sudo就可以执行任何命令。sudo敲的每一个命令都会记录在日志文件里。
sudo -l:可以查看当前用户有哪些sudo的权限
sudo的配置文件:/etc/sudoers,如何编写该配置文件?
sc1 ALL=(ALL) NOPASSWD:ALL
#第一列写想要授权的用户名
#第一个ALL表示允许任何终端、机器访问sudo,一般就表示本机
#第二个ALL表示sudo命令可以允许以任何用户身份去执行
#第三个ALL表示可以执行任何命令
#NOPASSWD表示使用sudo命令执行时无需输入用户密码
例:
1、sumeng ALL=(ALL) ALL #表示sumeng用户可以在这台主机上执行任何用户的任何命令,但是使用sudo执行时需要输入sumeng用户的密码
2、sumeng ALL=(ALL) NOPASSWD:ALL #表示sumeng用户,可以在这台主机上执行任何用户的任何命令,无需输入sumeng用户的密码
3、%sanchuang05 ALL=(ALL) NOPASSWD:ALL #表示sanchuang05这个组的用户在这台主机上可以执行任何用户的任何命令,组名前面要加%,无需输入密码
4、sumeng ALL=(ALL) /bin/chown,/bin/passwd #表示sumeng用户在这台主机上,拥有chown,passwd命令执行授权--针对命令授权,命令路径写绝对路径。