Article directory
Hello everyone, my name is Ji Ning.
This article will introduce the Linux shell program and the content of Linux users switching Linux permissions.
Operating systems and shells
Strictly speaking, Linux is an operating system, which we call the "kernel", but we ordinary users cannot use the kernel directly.
But through the kernel's "shell" program, which is the so-called shell.
Linux user state and kernel state diagram
The operating system kernel and the shell are two different components, but they are closely related.
The operating system kernel is the core part of the operating system. It manages computer hardware and software resources and provides basic services of the computer system, such as process management, memory management, I/O management, file system, etc. The operating system kernel is the cornerstone of the operating system. Without it, the operating system cannot run properly.
Shell shell is used by users to interact with the operating system kernel主要接口
. Shell can be understood as 命令解释器
, which accepts commands entered by the user and calls the corresponding kernel service for execution. Shell provides a set of commands and scripting languages that allow users to easily access operating system kernel services and operate file systems and other resources.
In the operating system, Shell serves as an interactive interface between system users and the kernel, passing user requests and instructions through the command line or graphical interface. After receiving the instructions, the kernel performs corresponding operations and returns the results to the Shell. The interaction between the shell and the kernel can be achieved through system calls.
So to summarize the role of the shell shell:Translate the user's commands to the kernel for processing, and at the same time translate the kernel's processing results to the user.
shell外壳一定会对用户输入的指令做处理吗?
The answer is no. In order to consider the security and ease of use of the operating system, users must enter instructions through the shell program instead of directly accessing the operating system. But when the shell program is processing instructions, for risky instructions, the shell program will create a 子进程
to let the child process execute the risky instructions (usually 用户自定义的指令
).
Creating a sub-process can isolate the instruction execution process in an independent process space. In this way, even if an error or accident occurs in the execution, it will not affect the shell itself and other processes; secondly, the shell can By controlling the process status and resource usage of the child process, the scope of influence of instructions is limited, risks are reduced, and the security and stability of the system are greatly ensured.
Instructions to kill a process:
kill -9 进程编号
Linux users
Linux system users are divided into root
users and 非root
users. The root user is the super administrator and has the highest authority of the system; while ordinary users can To do most of the things we can do in our own system, what we can do using the Windows system can basically be done by ordinary users. However, only the root user can do things such as installing and deleting system software, modifying system configurations, etc.
Creation and deletion of ordinary users
In a Linux system, there can only be one root user, but there can be multiple ordinary users, and resources between ordinary users are not shared.
创建新用户
xxx is the username to be created
adduser xxx
为用户设置密码
xxxxx is the password (the terminal does not display the entered password, but will confirm it twice)
passwd xxxxx
删除用户名和密码
userdel xxx
删除用户数据
userdel rm -r xxx
User switching
切换为root用户
su - #以root身份再登录一次
su #切换为root身份
Both of the above switching methods require you to enter the root account password again.
logout # 退回到普通用户的账号
切换为普通用户
su xxx
You do not need to enter a password to switch the root account, but you need to enter the password to switch the account for a normal account.
exit
Exit the switched ordinary account
How to execute a command with the permissions of the root account without switching to the root account
sudo 指令
However, to use the sudo command, you need to add the ordinary user as root to the whitelist before you can use sudo.
sudo指令白名单教程
First, switch the user to the root account and run the following command under the root account
vim /etc/sudoers
Enter vim and find %whell ALL=(ALL) ALL
this command
Copy this command and change whell to the username you want to add to the whitelist.
After entering the bottom row mode, press w!
to force save, and q!
to force exit. In the future, when the Zyb account uses the sudo command, you only need to enter the password of the Zyb account once in a short period of time.
Linux permissions
Linux permission classification
Central conditional attribute:r
(读)w
(transcription) x
(执行)
Linux text limit angle color group: 拥有者
, 所属组
, other
文件所有者
: The file owner is the user specified when the file was created, usually the user who created the file. The file owner has ownership and full access to the file, including read, write, and delete operations.
文件所属组
: The group to which the file belongs specifies the group to which the file belongs. When creating a file, the group to which the file belongs is usually set to the primary group to which the creating user belongs ("create a group"). Users in the group to which the file belongs can access the file, but do not have ownership.
文件的other
: It represents all other users or groups, that is, users or groups that are not the owner or group of the file.
How to modify permissions?
Modifying the owner and group of a file requires root permissions or the current user is the original owner of the file. You can use the command chown
, newuser and newgroup are the new owner and new group of the file.
Change the owner of a file
chown newuser file.txt
Modify the group to which a file belongs
chgrp newgroup file.txt
Modify the owner and group of the file at the same time
chown newuser:newgroup file.txt
File access permissions
Enter ll on the command line to view file details.
What is in the red box is the detailed permission information of the file role.
Modify file permissions
chomd ugoa +/- rwx 文件名
explain:u represents the owner of the file, user, g represents the group to which the file belongs, o represents the other of the file, and a represents the owner of the file; + represents adding a certain permission, - represents removing a certain permission; r w x represents the file's Permission attributes: read, write, execute, supports continuous operation.
Example 1: If I want to remove the read permission of the owner of the file test.txt
chomd u-r test.txt
Example 2: If I want to remove the read permission of the owner of the file test.c, increase the write permission of the group it belongs to, and the read permission of other, the instructions are as follows:
chomd u-r,g+w,o+r test.c
Note: You must be the owner of the file or directory or the super user (root) to have modification permissions. To modify the file attributes, the owner must also have write permissions to the modified files. No matter what the permissions are, they are useless under the root account!
permission mask
The file mask can customize the default permissions when a file is created.
A directory file theoretically has read, write and execute rights when it is created (x permissions are required to enter a file), but sometimes not all of them have. In the same way, an ordinary file is When created, it should have at least read and write rights.
The permission will be counted as 1, and the absence of the permission will be counted as 0
The permissions of the file in the above picture are:
111111101
110110100
111111101
110110100
110110100
Permissions The order from left to right is read, write, and execute. Think of the three permissions of each role of the file as an octal number, as follows
Then the starting permissions of the directory should be It is 777. The actual permission of ordinary files is 777. But why not? This has to do with permission masks. Specifies that the default permissions of a file are the starting permissions of the file - the permissions appearing in umask (octal subtraction)
umask
The command can query the file mask of the current account and the current file mask. The code is 002
umask 权限编号
You can modify the file mask of the current account
For example: umask 003
Change the file mask of this account to 005 , create the files test.cc, code.cc, and the directory efootball. You can see that the permissions are reduced compared to the previously created files.
How is this calculated?
At the principle level, it is to compare the binary number of total permissions with the permission mask. If there are the same bits, they will be removed, and if there are not, they will not be processed. You can also use the following formula to calculate:
最终权限 = 起始权限&(~umask)
Note: Whether a file can be deleted does not depend on the file itself! And depending on the directory where the file is located, whether the owner has写
permissions. Of course, the root account can do whatever it wants.
sticky bit
In the shared file directory, without setting the group to which it belongs, we can add one粘滞位t
to other in this directory to replace the last permission x of other, and the period is specific x The meaning of this also further imposes special restrictions on the permissions of this directory: the directory has the w attribute for other, but only root or the owner of the file has the right to delete the files in this directory, and no one else is allowed!
The sticky bit can be used to add special permissions to directories.