Linux is a Multi-tasks, Multi-Users (multi-tasking, multi-user) computers
- Each user has a user ID and password; and following authorization (3A certified)
Authentication (authentication)
the Authorization (authorization)
Audition (audit)
User Category:
- administrator
- general user
- system user
- Login User
- Each user has a user ID: UserID, UID
16bits binary numbers: 0-65535
administrator: 0
average user: 1-65635
system users: 1-499 (CentOS6), 1-999 ( CentOS7)
login user: 500-60000 (CentOS6), 1000-60000 (CentOS7)
name resolution: name translation
Username <-> UID
according library name resolution: / etc / passwd
Group Category
Group 1 category:
- Administrators group
- Ordinary User Group
- Systems Group
- Log Group
Group ID: GroupID, GID
Administrators group: 0
Normal Group: 1-65635
system user group: 1-499 (CentOS6), 1-999 ( CentOS7)
Login User Group: 500-60000 (CentOS6), 1000-60000 ( CentOS7)
Name Resolution: groupname <-> gid
parsing library: / etc / group
Group Category 2:
The basic set of users
an additional group of users
Group Category 3:
Private groups: group name with the user name, and contains only a user;
Public groups: the group contains a number of users;
Common Commands
Linux user and group management
Installation Context:
process runs in its capacity as the initiator;
the process of file access, depending on the user to initiate this process rights;
System users: In order to be able to make that kind of background processes or services processes running in a non-administrator's identity, usually requires that end users create more than ordinary; from these users do not log;
command
-
groupadd commands: Add Group
groupadd [options] group_name
-g GID: Specifies the GID; the default is set on a 1 + GID;
-r: Create a system group; -
groupmod command: Modify Group Properties
groupmod [Options] the GROUP
-g GID: Modify the GID;
-n new_name: Modify the group name; -
groupdel Command: delete group
groupdel [Options] GROUP -
useradd: Create a user
useradd [options] login
-u, --uid UID: Specifies the UID;
-g, --gid the GROUP: Specifies the basic group ID, this was a pre-existing group;
-G, --groups GROUP1 [, GROUP2, ... [, GROUPN]] ]: additional set specified user belongs, among a plurality of groups separated by a comma;
-C, --comment the cOMMENT: Note specified information;
-d, --home HOME_DIR: a path specified for the user's home directory; by copying the / etc / skel directory and rename this realization; specified home directory path in advance if there is, it is not replicated environment profile for the user;
-s, --shell SHELL: Specifies the user's default shell , all shell a list of available storage in the / etc / shells file;
-r, --system: create a system user;
Note: many default settings when creating a user profile is ** / etc / login.defs ** -
useradd -D: show create the user's default configuration;
useradd -D [options]: Modify the default value of the option;
-e -f -s
modified result is saved in ** / etc / default / useradd ** file;
CREATE_MAIL_SPOOL = yes
generates places for incoming mail in / var / spool / mail / user created in the
-
usermod command: Modify User Attributes
usermod [options] login
-u, --uid UID: modify the user ID specified for new here UID;
-g, --gid the GROUP: amend the basic group the user belongs;
-G, - -groups GROUP1 [, GROUP2, ... [ , GROUPN]]]: additional modifying groups the user belongs; original additional groups will be covered;
-a, --append: use with -G, for a user to add a new additional group;
-c, --comment the cOMMENT: modify annotation information;
-d, --home HOME_DIR: modify the user's home directory; user's original file will not be transferred to a new location;
-m, --move-home : use only in conjunction with the -d option for the original home directory to move to a new home directory;
the -l, --login NEW_LOGIN: modify the user name;
-s, --shell SHELL: modify the default shell user; the shell is available in the file / etc / shells
-L, --lock: lock user password; that is, add a user before the original password string; "!"
-U, --unlock: unlock the user's password; -
userdel command: Delete user
userdel [options] login
-r: be deleted when you delete a user whose home directory; -
Exercise 1: Create a user gentoo, UID is 4001, the basic group gentoo, an additional group distro (GID 5000) and peguin (GID 5001);
Exercise 2: Creating User fedora, its annotation information as "Fedora Core", default shell to / bin / tcsh;
exercise 3: modify gentoo user's home directory is / var / tmp / gentoo; it requires the original file can still be accessed by the user;
exercise 4: in order to add additional gentoo group netadmin;
passwd command
-
passwd command:
passwd [-k] [-l] [-u [-f]] [-d] [-e] [-n mindays] [the -X-maxdays] [-w warndays] [-i inactivedays] [- S] [-stdin] [username]
(1) passwd: modify the user's own password;
(2) passwd uSERNAME: modify the specified user's password, but only root has this right;
the -l, -u: lock and unlock the user;
-d: Clear user password string;
-e dATE: expiration deadline date;
-i DAYS: inactive period;
-n DAYS: minimum password lifetime;
-x DAYS: maximum age of passwords;
-w DAYS: warning period;
-stdin use redirection way to set a password
echo "pASSWORD" | passwd --stdin USERNAME -
gpasswd command:
set password file: / etc / gshadow
gpasswd [Options] group (group added to the password prevents other people easily to switch to its own in the group)
-a USERNAME: add a user to a group
-d USERNAME: shift from group In addition to user -
newgrp command: temporarily switch group specified base set;
newgrp [-] [Group]
-: analog subscriber would log on again to effect reinitialize their work environment; -
change (change the password expiration setting)
the chage [options] login
-d -E -W -m -M -
id command: both true and valid user ID;
id [the OPTION] ... [the USER]
-u: Only valid in the UID;
-g: Only basic group ID of a user;
-G: Only all groups the user belongs ID;
-n: display the name instead of ID; -
su command: switch user
login to switch type: will be re-initialized by reading the target user's profile
su - USERNAME
su the -l USERNAMENonlogin type switch: do not read the target user's profile is initialized
su USERNAME
Note: The administrator password can not switch to any other user;
-c 'the COMMAND': only specified as the specified user to run a command here;
E.g:
Several other commands: chsh, chfn, finger, whoami, pwck, grpck
authority management:
-l LS
rwxrwxrwx:
Left three: Permissions define the user (owner) of
the three: the definition of group authority;
Right three: Permissions define the other
Process Security Context:
- Process for access to files application model:
- Owner of the file owner and the process is the same; if the same, then the application owner permissions;
- Otherwise, the process of checking whether the owner is a group of files; if it is, is a set of permissions the application;
- Otherwise, you can only use the authority other;
- Permissions:
r: readable, read
w: writable, write
x: excutable, perform
file:
r: available data files;
w: modifiable data files;
the X-: this file can be run as a process;
directory:
r: available a list of all the files using the ls command to get under it;
w: can modify the list of files in this directory; that is, create or delete files;
the X-: can cd to this directory, and can use ls -l to get detailed information about the properties of all files ;
MODE: rwxrwxrwx
Ownership: User, Group - Mechanism combination of rights:
- 0 000
the -X-001. 1
-W- 010 2
-wx 011. 3
r--. 4 100
RX 101. 5
rw- 110. 6
rwx 111. 7
练习: rw-rw-r-, rwxrwxr-x, rwxr-x-, rw ------, rwxr-xr-x
664, 640, 600, 775, 750, 755
Order management authority
- chmod 命令:
chmod [OPTION]… MODE[,MODE]… FILE…
chmod [OPTION]… OCTAL-MODE FILE…
chmod [OPTION]… --reference=RFILE FILE… - Three categories of users:
U: Owner
g: is a group
o: Other
a: All
- the chmod [the OPTION] ... the MODE [, the MODE] ... ... the FILE
the MODE notation: Weighting notation: direct operation limit ownership of a class of users rwx;
U =
G =
O =
A = - Authorization notation: direct operation of a user a permission bit class R & lt, W, X;
U +, U-
G +, G-
O +, O-
A +, A- - chmod [OPTION]… OCTAL-MODE FILE…
chmod 666 - chmod [OPTION] ... --reference = RFILE FILE ...
in accordance with delegated authority to other files, modify their directory permissions,