005 user permissions combination

Linux is a Multi-tasks, Multi-Users (multi-tasking, multi-user) computers

  • Each user has a user ID and password; and following authorization (3A certified)
    Authentication (authentication)
    the Authorization (authorization)
    Audition (audit)

User Category:

  1. administrator
  2. general user
    • system user
    • Login User
  • Each user has a user ID: UserID, UID
    16bits binary numbers: 0-65535
    administrator: 0
    average user: 1-65635
    system users: 1-499 (CentOS6), 1-999 ( CentOS7)
    login user: 500-60000 (CentOS6), 1000-60000 (CentOS7)
    name resolution: name translation
    Username <-> UID
    according library name resolution: / etc / passwd

Group Category

Group 1 category:
  • Administrators group
  • Ordinary User Group
    • Systems Group
    • Log Group

Group ID: GroupID, GID
Administrators group: 0
Normal Group: 1-65635
system user group: 1-499 (CentOS6), 1-999 ( CentOS7)
Login User Group: 500-60000 (CentOS6), 1000-60000 ( CentOS7)

Name Resolution: groupname <-> gid
parsing library: / etc / group

Group Category 2:

The basic set of users
an additional group of users

Group Category 3:

Private groups: group name with the user name, and contains only a user;
Public groups: the group contains a number of users;

Common Commands

Linux user and group management

Installation Context:
process runs in its capacity as the initiator;
the process of file access, depending on the user to initiate this process rights;

System users: In order to be able to make that kind of background processes or services processes running in a non-administrator's identity, usually requires that end users create more than ordinary; from these users do not log;

command

  • groupadd commands: Add Group
    groupadd [options] group_name
    -g GID: Specifies the GID; the default is set on a 1 + GID;
    -r: Create a system group;

  • groupmod command: Modify Group Properties
    groupmod [Options] the GROUP
    -g GID: Modify the GID;
    -n new_name: Modify the group name;

  • groupdel Command: delete group
    groupdel [Options] GROUP

  • useradd: Create a user
    useradd [options] login
    -u, --uid UID: Specifies the UID;
    -g, --gid the GROUP: Specifies the basic group ID, this was a pre-existing group;
    -G, --groups GROUP1 [, GROUP2, ... [, GROUPN]] ]: additional set specified user belongs, among a plurality of groups separated by a comma;
    -C, --comment the cOMMENT: Note specified information;
    -d, --home HOME_DIR: a path specified for the user's home directory; by copying the / etc / skel directory and rename this realization; specified home directory path in advance if there is, it is not replicated environment profile for the user;
    -s, --shell SHELL: Specifies the user's default shell , all shell a list of available storage in the / etc / shells file;
    -r, --system: create a system user;
    Note: many default settings when creating a user profile is ** / etc / login.defs **

  • useradd -D: show create the user's default configuration;
    useradd -D [options]: Modify the default value of the option;
    -e -f -s
    modified result is saved in ** / etc / default / useradd ** file;

Here Insert Picture Description
CREATE_MAIL_SPOOL = yes
generates places for incoming mail in / var / spool / mail / user created in the

  • usermod command: Modify User Attributes
    usermod [options] login
    -u, --uid UID: modify the user ID specified for new here UID;
    -g, --gid the GROUP: amend the basic group the user belongs;
    -G, - -groups GROUP1 [, GROUP2, ... [ , GROUPN]]]: additional modifying groups the user belongs; original additional groups will be covered;
    -a, --append: use with -G, for a user to add a new additional group;
    -c, --comment the cOMMENT: modify annotation information;
    -d, --home HOME_DIR: modify the user's home directory; user's original file will not be transferred to a new location;
    -m, --move-home : use only in conjunction with the -d option for the original home directory to move to a new home directory;
    the -l, --login NEW_LOGIN: modify the user name;
    -s, --shell SHELL: modify the default shell user; the shell is available in the file / etc / shells
    -L, --lock: lock user password; that is, add a user before the original password string; "!"
    -U, --unlock: unlock the user's password;

  • userdel command: Delete user
    userdel [options] login
    -r: be deleted when you delete a user whose home directory;

  • Exercise 1: Create a user gentoo, UID is 4001, the basic group gentoo, an additional group distro (GID 5000) and peguin (GID 5001);
    Exercise 2: Creating User fedora, its annotation information as "Fedora Core", default shell to / bin / tcsh;
    exercise 3: modify gentoo user's home directory is / var / tmp / gentoo; it requires the original file can still be accessed by the user;
    exercise 4: in order to add additional gentoo group netadmin;

passwd command

  • passwd command:
    passwd [-k] [-l] [-u [-f]] [-d] [-e] [-n mindays] [the -X-maxdays] [-w warndays] [-i inactivedays] [- S] [-stdin] [username]
    (1) passwd: modify the user's own password;
    (2) passwd uSERNAME: modify the specified user's password, but only root has this right;
    the -l, -u: lock and unlock the user;
    -d: Clear user password string;
    -e dATE: expiration deadline date;
    -i DAYS: inactive period;
    -n DAYS: minimum password lifetime;
    -x DAYS: maximum age of passwords;
    -w DAYS: warning period;
    -stdin use redirection way to set a password
    echo "pASSWORD" | passwd --stdin USERNAME

  • gpasswd command:
    set password file: / etc / gshadow
    gpasswd [Options] group (group added to the password prevents other people easily to switch to its own in the group)
    -a USERNAME: add a user to a group
    -d USERNAME: shift from group In addition to user

  • newgrp command: temporarily switch group specified base set;
    newgrp [-] [Group]
    -: analog subscriber would log on again to effect reinitialize their work environment;

  • change (change the password expiration setting)
    the chage [options] login
    -d -E -W -m -M

  • id command: both true and valid user ID;
    id [the OPTION] ... [the USER]
    -u: Only valid in the UID;
    -g: Only basic group ID of a user;
    -G: Only all groups the user belongs ID;
    -n: display the name instead of ID;

  • su command: switch user
    login to switch type: will be re-initialized by reading the target user's profile
    su - USERNAME
    su the -l USERNAME

    Nonlogin type switch: do not read the target user's profile is initialized
    su USERNAME
    Note: The administrator password can not switch to any other user;
    -c 'the COMMAND': only specified as the specified user to run a command here;
    E.g:Here Insert Picture Description

Several other commands: chsh, chfn, finger, whoami, pwck, grpck

authority management:

-l LS
rwxrwxrwx:
Left three: Permissions define the user (owner) of
the three: the definition of group authority;
Right three: Permissions define the other

Process Security Context:

  • Process for access to files application model:
    • Owner of the file owner and the process is the same; if the same, then the application owner permissions;
    • Otherwise, the process of checking whether the owner is a group of files; if it is, is a set of permissions the application;
    • Otherwise, you can only use the authority other;
  • Permissions:
    r: readable, read
    w: writable, write
    x: excutable, perform
    file:
    r: available data files;
    w: modifiable data files;
    the X-: this file can be run as a process;
    directory:
    r: available a list of all the files using the ls command to get under it;
    w: can modify the list of files in this directory; that is, create or delete files;
    the X-: can cd to this directory, and can use ls -l to get detailed information about the properties of all files ;
    MODE: rwxrwxrwx
    Ownership: User, Group
  • Mechanism combination of rights:
    - 0 000
    the -X-001. 1
    -W- 010 2
    -wx 011. 3
    r--. 4 100
    RX 101. 5
    rw- 110. 6
    rwx 111. 7

练习: rw-rw-r-, rwxrwxr-x, rwxr-x-, rw ------, rwxr-xr-x
664, 640, 600, 775, 750, 755

Order management authority

  • chmod 命令:
    chmod [OPTION]… MODE[,MODE]… FILE…
    chmod [OPTION]… OCTAL-MODE FILE…
    chmod [OPTION]… --reference=RFILE FILE…
  • Three categories of users:
    U: Owner
    g: is a group
    o: Other
    a: All
  1. the chmod [the OPTION] ... the MODE [, the MODE] ... ... the FILE
    the MODE notation: Weighting notation: direct operation limit ownership of a class of users rwx;
    U =
    G =
    O =
    A =
  2. Authorization notation: direct operation of a user a permission bit class R & lt, W, X;
    U +, U-
    G +, G-
    O +, O-
    A +, A-
  3. chmod [OPTION]… OCTAL-MODE FILE…
    chmod 666
  4. chmod [OPTION] ... --reference = RFILE FILE ...
    in accordance with delegated authority to other files, modify their directory permissions,

Guess you like

Origin blog.csdn.net/hyf132456/article/details/93170067