Users and Groups
User the User
Linux user: username / uid
administrator: root, 0
average user: 1-65535
system users: 1-499 (cetnos6)
1-999 (centos7)
Group Group
Linux group: groupname / gid
management group: root, 0
system group: 1-499 (centos6)
1-999 (centos7)
normal group: 500+ (centos6), 1000 + (centos7)
Category group of
major groups: a user allows only one main group
additional groups: a user can belong to zero or more additional groups of
commands: id followed by the user can view the user names and group id
User and group configuration file
/ etc / passwd: user and attribute information, a total of seven fields, including: user name: X: UID: GID: Description: Family directory path: shell type
/ etc / group: Group and Properties information
/ etc / shadow: user passwords and related attributes are: username: password encrypted: the last time the password change from time to January 1, 1970: the minimum password is valid: the maximum validity period: before it expires account validity: how many days notice: the number of days after the password expires to disable account
/ etc / gshadow: group password
/etc/login.defs: users and groups associated default parameter configuration file
/ etc / default / useradd: new account default configuration information
/ var / spool / mail user mail store directory
/ home / user's default home directory path
template / etc / skel store home directories
related commands :
switch user: su mage; not completely switched, after switching is still the current directory, su - mage; complete switch, which is equivalent to log in again;
CentOS late version passwd has not stored password, if needed before converting version: pwunconv; recovery: pwconv
displays the current time from the command January 1, 1970 is: e CHO date +%s/ 24-/ 3600 | bc
change the encryption algorithm: authconfig --passalgo = sha256 --updata
Users create, delete, modify
useradd, userdel, the usermoduseradd mage : to create a mage's command, the account you just created is locked, in the shadow password corresponding row position for two!
the useradd:
-u id can be specified (see User Information: getent passwd luo), according to the new ID in the range of the largest, with u -o use of unique id is not checked (repeat id not recommended)
-g can specify the primary group id -c -d description of the user's home directory path specified shell type -r -s developed to create a system user, do not create home directories, mailboxes or create
-m forced to create a home directory for users of the system (with the -r used in conjunction), -M -G create a user does not create a normal user home directory (mailbox creation) to add additional groups
the usermod
the usermod -U can unlock the account, minus one at a time! , Usermod -L account is locked (Note: centos 6 does not allow the command to unlock, you need to set a password to unlock) usermod -G bin wang, will be added to the bin wang group, if there are other additional wang group, will be overwritten bin usermod -aG bin wangplus -a with -G Add additional groups will not overwrite, delete additional group: usermod -G "" wang wang wang -G or the usermod
-c new annotations, usermod -c “mayongliang” mage, the chfn can change descriptive information; mage can view user information finger
the usermod the -l oldwang wang, change the user name: the usermod the -l MAGE MAGE 1;
-s SHELL: change the default SHELL: usermod -s / sbin / nologin mage; chsh -s can also change the type of shell
-d hOME: home directory is not automatically created, to create a home directory and mobile home original data while using the -m option
-e YYYY-MM-DD: user specified expiration date -f INACTINVE: set period of inactivity
userdel Delete user
userdel -r mage; delete the user's home directory and mailbox;
Create a password for the user magedu: echo magedu | passwd --stdin mage
force users to change password at next logon: passwd -e mage; or chage -d 0 mage;
see the status of user passwords: chage -l mage;
batch create new users: the first user information stored in accordance with the format passwd to uerlist.txt directory, and then execute the command newusers userlist.txt complete volume users to create
batch change user passwords: According username: password format will save the parameters to passwd.txt then execute the command: cat pass.txt | chpasswd complete batch. modify
Group to create, delete, modify :
groupadd, groupmod, groupdel, gpasswd, groupmems
groupmod groupmod -n mage: Marco change group group name;
gpasswd -r reorganization password; gpasswd -a mage wang: the mage added wang Group; gpasswd -d mage wang: the mage deleted from wang group; groupmems -l -g mage: Column the mage group members; groupmems -a wang -g mage: the wang added mage group groupmems -d wang -g mage; wang will be deleted from the mage group; groupmems -p -g mageclean up all the members of the group mage
Competence
Authority is based on the file system
directory: r: Can you see the list of files in a directory; w: can not create or delete, x: can not open;
basic directory permissions are rx, only x, can only enter the folder, w does not have permission to view the list of files, directories decide whether to delete the files in the directory;
file: r: can you view the file contents, w: can not modify the contents of the documents, x: can not perform;
umask
permissions new files and directories affected by the umask, equivalent to umask file permissions created mask (not block 0, 1 block)
umask displays the value of the current umask, umask -p and print umask value, umask -S at the rwx displayed value
umask value stored at: ~ / .bashrc (current user), / etc / bashrc (global)
Permissions formula: umsk + default = 777 (dir ) | 666 (file)
file default permissions: 666-umask encountered an odd number plus 1, the even constant, the resulting value is the file permissions
Special privileges: suid (4) .sgid (2 ), skicty (1) ( sticky bit)
the SUID: acting on the binary executable program, when the user performs this program, this program will temporarily inherit the permissions owner
sgid:
1, acting on a binary executable, when the user performs this program, this program will temporarily inherit the permissions of the owning group
2, acting on the directory, when a user creates a new file in this directory, the file belongs to the group will automatically inherit this directory belongs to the group of
stikcy: the role of the directory, users can delete their own files
chmod u + s file 4644 file or chmod
chmod G + S 2755 dir dir or chmod
chmod 1755 dir,, after execution if x O have permission last bits become t, if there is no x, after performing the last turn into T
ACL Access Control List
ACL is for a more flexible rights management, file permissions on the last one + represents the file permissions have acl
setfacl to set acl permissions: setfacl -m u:mage:- fileSet mage acl rights to the file is no authority; or -mu setfacl: MAGE: 0 file; setfacl -m u:wang:rwxfile set wang acl permissions on file for rwx; setfacl -m g:devops:- fileset devops group of acl permissions for the file without any permission;
the getfacl file | the setfacl --set-file = - file2, copy the file acl rights to file1
getfacl: View acl rights
setfacl -b acl delete all function, -R support for folders recursively
setfacl -m mask :: mask value set r file fac, equivalent authority limit high pole
mask affects only the largest human rights group in addition to the owner and other people of
the mask needs to be a logical AND operation with the user's permission to become limited privileges
Exercise 1: Delete the home directory mage, and how to restore the original state:
A: 1, copy the initialization file: cp -r / etc / skel / Home / mage;
2, change the owner and group: chmod -R luo: luo / Home / MAGE;
3, change folder permissions: chmod 700 / home / mage;
Exercise two: cp / etc / fstab / data / minimum required permissions dir:
A: 1, have permission to execute cp command;
2, etc directory permissions have x, r have permission to fatab;
. 3, Data Directory have x permission, dir have wx permissions;