Linux: Users and Permissions

News 2023-12-17 07:38:28 views: null

Linux: Users and Permissions

1. Know the root user

1.1 root user (super administrator)

Whether it is Windows, MacOS, or Linux, multi-usermanagement mode is used for permission management.

  • In the Linux system, the account with the greatest privileges is:root (super administrator)

The root user has the greatest system operation permissions, while ordinary users have limited permissions in many places.
Demo:

  • Create a folder in the root directory using a normal user

  • After switching to the root user, continue trying

The permissions of ordinary users are generally unrestricted in their HOME directory.
Once out of the HOME directory, in most places, ordinary users only have read and execute permissions, but no modification permissions.

1.2 su and exit commands

The su command is a system command used for account switching. Its source is the English word: Switch User
Syntax:
su [-] [用户名]

  • The symbol is optional and indicates whether to load environment variables after switching users. It is recommended to bring
  • Parameters: username, indicating the user to be switched. The username can also be omitted. If omitted, it means switching to root.
  • After switching users, you can use theexit command to return to the previous user, or you can use the shortcut key: ctrl + d

Use a normal user, you need to enter a password to switch to other users, such as switching to the root user
Use the root user to switch to other users, no password is required, you can switch directly

1.3 sudo command

When we know the root password, we can switch to root through the su command to obtain maximum permissions.
However, we do not recommend using the root user for a long time to avoid system damage.

We can use the sudo command to authorize common commands and temporarily execute them as root.
Syntax:
sudo 其他命令

Put sudo before other commands to temporarily grant rootauthorization to this command.

But not all users have the right to usesudo, we need to configure sudoauthentication for ordinary users

1.3.1 Configure sudo authentication for ordinary users

  • Switch to the root user and execute the visudo command. It will automatically open through the vi editor: /etc/sudoers
  • At the end of the file add:

The last NOPASSWD:ALL means using the sudo command without entering a password
Finally, save through wq

Process screenshot:

  • Switch back to normal user

  • All commands executed are run as root.

2. User and user group management

In Linux systems you can:

  • Configure multiple users
  • Configure multiple user groups
  • Users can join multiple user groups

There are two levels of permission control in Linux, which are:

  • User permission control
  • Permission control for user groups
    For example, for a certain file, you can control the permissions of the user or the permissions of the user group.

2.1 User group management

The following commands need to be executed by the root user

  • Create user group
    groupadd 用户组名

  • Delete user group
    groupdel 用户组名

For subsequent demonstrations, we create an itcast user group: groupadd itcast

2.2 User management

The following commands need to be executed by the root user

  • Create user
    useradd [-g -d] 用户名
  • Option: -g specifies the user's group. If -g is not specified, a group with the same name will be created and automatically joined. Specifying -g requires that the group already exists. If a group with the same name already exists, -g must be used.
  • Options: -d specifies the user HOME path. If not specified, the HOME directory defaults to: /home/username

  • delete users
    userdel [-r] 用户名
  • Option:-r, delete the user's HOME directory, do not use -r, when the user is deleted, the HOME directory is retained
    When -r is not used for deletion, the test222 folder under the original home folder is not deleted.
  • View the groups a user belongs to
    id [用户名]
  • Parameters: username, user being viewed, if not provided, view itself
  • Modify the group to which the user belongs
    usermod -aG 用户组 用户名, and add the specified user to the specified user group

2.3 getent command

Use the getent command to view which users are in the current system
Syntax:getent passwd

Use the getent command to view which groups are in the current system
Syntax:getent group

3. View permission control

3.1 Cognitive permission information

Use ls -l to view the content in list form and display permission details

  • Serial number 1 represents the permission control information of files and folders.
  • Serial number 2 indicates the user to whom the file and folder belongs.
  • Serial number 3 indicates the user group to which the file and folder belongs.

Let us analyze serial number 1, permission details
Permission details are divided into 10 slots in total
Insert image description here

Insert image description here

Example: drwxr-xr-x, means:

  • This is a folder, the first letter d means
  • The permissions of the user (number 2 in the upper right corner) are: r, w, x, rwx
  • The permissions of the user group to which it belongs (number 3 in the upper right corner) are: r, no w, x, r-x (- means no such permission)
  • The permissions of other users are: r, no w, x, r-x

So, what does rwx stand for?

  • r means read permission
  • w means write permission
  • x represents execution permission

The meaning of rwx is slightly different for different files and folders.

  • r, you can view the file content for the file
    • For folders, you can view the contents of the folder, such as the ls command
  • w, for files, indicates that this file can be modified
    • For folders, you can create, delete, rename, etc. operations within the folder.
  • x, for files, indicates that the file can be executed as a program
    • For a folder, it means that you can change the working directory to this folder, that is, cd to enter

3.1.1 Case

Insert image description here

The current user itheima is not the user and user group to which the file belongs. The last three permissions locked are: -, no read permission.

4. Modify permission control - chmod

4.1 chmod command

We can use the chmod command to modify the permission information of files and folders.
Note that only the user who owns the file or folder or the root user can modify it.

grammar:

Options: -R, applies the same operation to the entire contents of the folder

Example:

  • chmod u=rwx,g=rx,o=x hello.txt, change the file permissions to: rwxr-x–x
    • Among them: u represents the user permissions to which user belongs, g represents group group permissions, and o represents other user permissions.
  • chmod -R u=rwx,g=rx,o=x test, set the permissions of the folder test and all contents in the folder to: rwxr-x–x

In addition, there is a shortcut: chmod 751 hello.txt
Change the permissions of hello.txt to 751

4.2 Digital serial number of permissions

Permissions can be represented by 3-digit numbers. The first digit represents user permissions, the second digit represents user group permissions, and the third digit represents other user permissions.

The details of the numbers are as follows: r is denoted as 4, w is denoted as 2, and x is denoted as 1. There can be:

  • 0: No permissions, i.e. —
  • 1: Only x permissions, namely --x
  • 2: Only w permission is -w-
  • 3: Have w and x permissions, that is -wx
  • 4: Only r permission, that is, r–
  • 5: Have r and x permissions, that is, r-x
  • 6: Have r and w permissions, that is, rw-
  • 7: Has full permissions, that is, rwx
    , so 751 means: rwx(7) r-x(5) --x(1)

4.2.1 Case

  • Modify the permissions of hello.txt to: r-x–xr-x, and the numerical sequence is:
    chmod 515 hello.txt

  • Modify the permissions of hello.txt to: -wx-w-rw-, and the numerical sequence is:
    chmod 326 hello.txt

  • The permissions represented by serial number 123 are:
    --x-w--wx

5. Modify permission control - chown

Use the chown command to modify the users and user groups that files and folders belong to.

Ordinary users cannot change their membership to other users or groups, so this command is only applicable to root users.
Syntax:

  • Option, -R, same as chmod, applies the same rules to all contents in the folder
  • Options, users, modify the user
  • Options, user groups, modify user groups to which they belong
  • : Used to separate users and user groups
    Example:
  • chown root hello.txt, change the user belonging to hello.txt to root
  • chown:root hello.txt, change the user group to which hello.txt belongs to root
  • chown root:itheima hello.txt, change the user hello.txt belongs to root, and change the user group to itheima
  • chown -R root test, change the user belonging to the folder test to root and apply the same rules to all contents in the folder

Guess you like

Origin blog.csdn.net/Blue_Pepsi_Cola/article/details/133958415
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com