Table of contents
1.1 root user (super administrator)
1. Configure sudo authentication for ordinary users
2. User and user group management
3.1 Cognitive permission information
1. Serial number 1 represents the permission control information of files and folders.
2. Serial number 2 indicates the user to whom the file and folder belongs.
3. Serial number 3 indicates the user group to which the file and folder belong.
3.2 Modify permission control -chmod
3.3 Digital serial number of permissions
3.4 Modify permission control-chown
2. Notes and practical examples:
1. Linux root user
1.1 root user (super administrator)
Whether it is Windows, MacOS, or Linux, they all adopt a multi-user management mode for permission management. ●In Linux systems, the account with the greatest authority is: root (super administrator)
In the early stage, the account we have been using is an ordinary user: wzy
The permissions of ordinary users are generally unrestricted in their HOME directory.
Once out of the HOME directory, in most places, ordinary users only have read and execute permissions and no modification permissions.
1.2 su and exit commands
Previously, we have come across the su command to switch to the root account.
The su command is a system command used for account switching. Its source is the English word: Switch User
Syntax: su [-][username]
- The symbol is optional and indicates whether to load environment variables after switching users (explained later). It is recommended to bring it. Parameter: username, indicating the user to be switched. The username can also be omitted. Omitting it means switching to root
After switching users, you can use the exit command to return to the previous user, or you can use the shortcut key: ctrl + d
When using a normal user, you need to enter a password to switch to other users, such as switching To the root user
Use root user to switch to other users,No password required, you can switch directly
1.3 sudo command
When we know the root password, we can switch to root through the su command to obtain maximum permissions.
However, we do not recommend using the root user for a long time to avoid system damage.
We can use the sudo command to authorize ordinary commands and temporarily execute them as root.
Syntax: sudo other commands
Put sudo before other commands to temporarily grant root authorization to this command
However, not all users have the right to use sudo, weNeed to configure sudo authentication for ordinary users
1. Configure sudo authentication for ordinary users
Switch to the root user and execute the visudo command. It will automatically open through the vi editor. /etc/sudoers
Add at the end of the file:
The last NOPASSWD: ALL means using the sudo command without entering a password
NOPASSWD: ALL
2. User and user group management
2.1 User, user group
Linux system can:
●Configure multiple users
●Configure multiple user groups
●User Can join multiple user groups
There are 2 levels of permission control in Linux, which are:
●Permission control for users
●Permissions for user groups Control
For example, for a certain file, you can control the permissions of the user or the permissions of the user group.
Therefore, we need to learn the basic commands for user and user group management in Linux to lay the foundation for learning permission control later.
2.2 Management of user groups
The following commands need to be executed by root user
●Create user groupgroupadd user group name ●Delete user group groupdel user group name
2.3 User management
The following commands need to be executed by root user
●Create user
useradd [- g - d ] username
Option: - g specifies the user's group. If - g is not specified, a group with the same name will be created and automatically joined. Specifying - g requires the group to already exist. If a group with the same name already exists, the - g
option must be used. :- d specifies the user HOME path, if not specified, the HOME directory defaults to: / home / username
●Delete user
userdel [- r ]Username< /span>●View the groups to which the user belongs
Options: - r, delete the user's HOME directory, do not use - r, when deleting the user, the HOME directory is retained Parameters: username, the user being viewed, if not provided, view itself●Modify the group to which the user belongs● a> User group username, add the specified user to the specified user groupusermod - aG
2.4.getent
Use the getent command, to view which users and groups are in the current system
Syntax: getent passwd
Syntax: getent group
Contains three pieces of information, group name, group authentication (displayed as X), group ID
3. View permission control
3.1 Cognitive permission information
You can view the contents in list form and display permission details through ls -l
1. Serial number 1 represents the permission control information of files and folders.
Let us analyze the serial number 1. The permission details are divided into 10 slots in total.
Example: drwxr - xr - x, means:
This is a folder, the first letter d means
The permissions of the user are: Yes r Yes w Yes x , rwx
The permissions of the user group it belongs to are: yes r No w Yes x , r - x (- means no such permission)
Permissions of other users, r, w, x, r-x
So, what does rwx stand for?
r Represents read permission
w Represents write permission
x Represents execution permission
For files , different folders, the meaning of rwx is slightly different.
r For files, you can view the file content
For folders, you can view the folder contents, such as the 1s command
w For files, you can modify this File
For folders, you can create, delete, rename, etc. within the folder
x For files, it means that the file can be executed as a program
For folders, it means that you can change the working directory to this folder, that is, cd to enter
2. Serial number 2 indicates the user to whom the file and folder belongs.
3. Serial number 3 indicates the user group to which the file and folder belong.
3.2 Modify permission control -chmod
1. chmod command
We can use the chmod command to modify the permission information of files and folders.
Note that only the user who owns the file or folder or the root user can modify it.
Syntax: chmod [- R ] [User] permission file or folder
Option - R , applies the same operation to the entire contents of the folder
Example:
chmod u = rwx , g = rx , o=x hello . txt , change the file permissions to: rwxr- x -- x
Among them: u represents user permissions to which user belongs, g represents group group permissions, o represents other user permissions
chmod - R u = rwx , g = rx , o = x test , set the permissions of the folder test and all contents in the folder to: rwxr - x -- x
3.3 Digital serial number of permissions
Number of permissions
Permissions can be represented by 3 digits. The first digit represents user permissions, the second digit represents user group permissions, and the third digit represents other user permissions. .
The details of the numbers are as follows: r is recorded as 4, w is recorded as 2, x is recorded as 1, there can be:
0: No permissions, i.e. ---
1: Only x permissions, i.e.--x
2: Only w permission is - w -.
3: There are w and x permissions, that is - wx.
4: Only r permission is r --.
5: There are r and x permissions, that is, r - x
6: Have r and w permissions, that is, rw -
7: All permissions are rwx , so 751 means: rwx (7) r - x (5)-- x (1)
3.4 Modify permission control-chown
1.chown command
Use the chown command to modify the user and user group that files and folders belong to
Ordinary users cannot modify the ownership to other users or groups, so this command is only applicable to root users.
Syntax: chown [- R ] [User] [:] [User Group] file or file owner
Option - R, same as chmod, apply the same rules to all contents in the folder
Option User, modify the user
Option User group, modify User group
: Used to separate users and user groups
Example:
| chown root hello . txt | Change the user belonging to hello .txt to root |
| chown : root hello . txt | Change the user group to which hello . bxt belongs to root. |
| chown root : wzy hello . txt | Change the user to which hello .txt belongs to root and the user group to wzy |
| chown - R root test | Change the user who owns the folder test to root and apply the same rules to all contents in the folder |
2. Notes and practical examples:
At this time, there is no permission. The file belongs to wzy but it needs to be modified to root. The file must be thrown to root. The ownership of the file cannot be placed on others out of thin air.
