Small partners give us this is the Linux account and rights management, we must first clear here is that the authority is authority file or directory. Then we will understand from the following sections:
- Overview of user accounts and group accounts
- User account and group account management
- Query account information
- View the properties of a file or directory
- Directory or file permissions
- Set the directory or file ownership
Overview of user accounts and group accounts
Linux user identity-based access control to resources
1. The user account:
superuser
ordinary users
anonymous users (the Everyone)
program users (people can not be used, there is a separate management system in an application services)
2. group accounts: group is a collection of system user rights
basic group (private group): with the user to create and create your own with the same user name
additional groups (public group)
3.UID and GID: Find logo:
UID (user iDentity, user identification number)
² the GID (group iDENTIFY, group identification number)
here added: root user is 0, the program type user is 1-499, ordinary users 500-60000
User account file / etc / the passwd
1. save the user name, the basic information of the home directory, and other log Shell:
file location: / etc / the passwd
2. Each row corresponds to a user account record:
[the root @ localhost ~] # head -2 / etc / passwd
root: x: 0: 0: root: / root: / bin / bash
bin: the X-: 1: 1: bin: / bin: / sbin / nologin
us to root: x: 0: 0: root: / root: / bin / bash for example detailed inside look at what each representative of each of the specific
User accounts file / etc / shadow
save the user's password, account expiration date information
file location: etc / Shadow
each row corresponds to a user's password records: hashing algorithm
Next, we analyzed in detail, for example:
Adding user accounts
1.useradd command: sueradd [option] ... username
2. Common options:
² -u: UID
² -d: create a user's home directory
-e: Specifies the expiration time MM-dd-YYYY
² -g: specify the basic group
-G: specify additional groups
-M: do not create home directories
-s: Specifies the login shell (/ bin / bash login; / sbin / nologin can not log in)
设置/更改用户口令passwd
1.passwd命令:passwd [选项]… 用户名
2.常用选项:
-l:锁定用户
-u:解锁用户
-S:查看用户状态
修改用户账号的属性usermod
1.usermod命令:usermod [选项]… 用户名
2.常用选项:
-l:锁定用户
-L:锁定用户
-U:解锁用户
以下选项与useradd命令中的含义相同:
-u:解锁用户
-d:创建用户的家目录
-e:指定失效时间 YYYY-MM-dd
-g:指定基本组
-G:指定附加组
-s:指定shell登录(/bin/bash 登录;/sbin/nologin 无法登录)
删除用户账号
1.Userdel命令:userdel [-r] 用户名
2.添加-r选项时,表示连用户的宿主目录一并删除
3.举例如下:
[root@localhost~]#useradd stu01
[root@localhost~]#ls -ld /home/stu01/
drwx------ 2stu01 stu02 4096 09-09 12:38 /home/stu01
[root@localhost~]#userdel -r stu01(这一步为删除用户账号stu01)
[root@localhost~]#ls -ld /home/stu01/
ls: /home/stu01/: 没有那个文件或目录
用户账号的初始配置文件
1.文件来源
新建用户账号时,从/etc/skel目录中复制而来
2.主要的用户出是配置文件
~/.bash_profile:加载系统登录的时候会进行有效的加载
~/.bashrc:在登陆shell环境时进行有效加载,同时包含登录系统
~/.bash_logout:注销的时候进行加载
上面三个是当前系统登录用户的环境变量文件
/etc/profile:系统的环境变量文件
组账号文件
1.与用户账号文件相类似
/etc/group:保存组账号基本信息
/etc/gshadow:保存组账号的密码信息
2.示例:
添加组账号groupadd
1.Groupadd命令:groupadd [-g GID] 组账号名
2.示例:
添加删除组成员gpasswd
1.设置组账号密码(极少用)、添加/删除组成员:gpasswd [选项]… 组账号名
2.常用选项
-a:向组内添加一个用户
-d:从组内删除一个用户成员
-M:定义组成员列表,以逗号分隔
查询账号信息
group命令:查询用户所属的组:group [用户名]
id命令:查询用户身份标识:id [用户名]
finger命令:查询用户账号的详细信息:finger [用户名]
w、who、users命令:查询一登录到主机的用户信息
文件/目录的权限和归属
1.访问权限
读取r:允许查看文件内容、显示目录列表
写入w:允许修改文件内容,允许在目录中新建、移动。删除文件或子目录
可执行x:允许运行程序、切换目录
2.归属(所有权)
属主:拥有该文件或目录的用户账号
属组:拥有该文件或目录的组账号
查看文件/目录的权限和归属
d rwx r-x r-x. 2 root root 6 8月 5 2107 tmpfiles.d
d:目录 -:文件 l:链接文件
rwx:属主 主人
r-x:属组 -代表不具备权限 r-只可以查看 ---没有任何权限
r-x:other 所有人包括匿名用户
root:属主
root:属组
6:单位字节,文件大小
8月 5 2107:创建时间
tempfiles.d:文件名
设置文件和目录的权限chmod
1.chmod命令
chmod [ugoa]分别表示属主、属组、其他用户、所有用户 [+-=]分别表示增加、去除、设置权限 [rwx] 文件或目录…
chmod nnn(3位八进制数)文件或目录
2.常用选项
-R:递归修改指定目录下所有子项的权限
设置文件和目录的归属chown
1.chown命令
chown 属主 文件或目录
chown :属组 文件或目录
chown 属主:属组 文件或目录
2.常用选项
-R:递归修改指定目录下所有文件、子目录的归属
Umask umask
1.umask role
control of the newly created file or directory permissions
permission to remove the default permissions on the umask for the new file or directory permissions on the
2.umask settings: umask 022
3.umask View: umask
example:
the umsak set to 000, the new directory or file, viewing permissions
will umsak set to 022, the new directory or file, and then view the permissions
The above content is related to the theoretical part of the account and rights management in Linux, there'll be relevant experimental operations for the theory of supplement to you, then you can follow the entire process step by step the experimental part of the operation, thank you!