Detailed Linux accounts and permissions management

First, manage user accounts
1, user accounts
on Linux systems, according to the system user account management will be divided into different types, which has the authority, as the role is also different, including the superuser, ordinary users and programs user.
(1) Super User: root user is the Linux system default super user account with the highest authority of the host, similar to the Administrator user on Windows systems. Only when the system management, maintenance tasks, it is recommended to use the root user login system, use only the recommended daily transaction average user account.
(2) the average user: regular user account needs to be created by the root user or other administrator user has permission subject to certain restrictions, generally only have full access to the user's own home directory.
(3) User program: When you install a Linux system and some applications will add some special low-rights user account, these users are generally not allowed to log on to the system, but only to maintain the system or running a program, such as bin, daemon, ftp, mail and so on.
2, UID number
for each user account Linux system has a digital form of identification markers, called UID (ser IDentity user identification number) for the core of the system is, UID as the fundamental basis for distinguishing users, each principle user UID numbers should be unique. UID root user account number is a fixed value 0, and the program the user account UID number as the UID number defaults to 60000 1 ~ 999,1000 assigned by default to ordinary users.
3, user account files
(1) / etc / passwd used to store user names, host directory, login Shell and other basic information. passwd file configuration line format.

(2) / etc / shadow to save the user's password, account expiration date information. shadow file configuration fields have the following meanings.

4, add user accounts -usradd command

Common options are as follows.
(1) -u: Specifies the number of user's UID, the UID number is not required by other users.
(2) -d: Specifies the location of the user's home directory (when used with -M, does not take effect).
(3) -e: specifies the user's account expiration time, date formats can be used YYYY-MM-DD's.
(4) -M: home directory is not established, even / etcc / login defs system configuration is set to establish the home directory.
(5) -s: Specifies the user's login Shell.
(6) -g: to amend the basic group of users.
(7) -G: Modify the feeling of the group name of the user.
Figure we add a user to the next zhangsan opt directory, and specify that the user can not log in with Shell.

5, set / change user password -passwd

common options are as follows.
(1) -d: Clear the specified user's password to log into the system using only the user name.
(2) -l: lock the user account.
(3) -S: view the status of user account (if locked).
(4) -u: unlock the user account.
Figure we execute "passwd -l + user name" lock the user, and execute "passwd -S + user name" View User account status.

6, modify user account properties -usermod command

common options as follows.
(1) -u: modify the user's UID number.
(2) -d: Modify the position of the user's home directory.
(3) -e: modify the user's account expiration time, using the date format in YYYY-M-DD.
(4) -s: Specifies the user's login Shell.
(5) -l: change the login name of the user account (Login Name).
(6) -L: lock the user account.
(7) -U: unlock the user account.
(8) -g: to amend the basic group of users.
(9) -G: Modify the feeling of the group name of the user.
Figure we execute "usermod -L + username" also can lock the user.

7, delete user accounts -userdel command

userdel command in conjunction with "-r" option to delete the host directory at the same time.
Figure we execute "userdel -r + user name" delete user accounts.

8, the initial configuration file in the user account
file Source: "/ etc / slkel"

(. 1) "~ / .bashrc_profile" file command which will be executed at each login user.
When (2) "~ / .bashrc" file command in each load "/ bin / Bash" program (of course, including sign-on system) execution.
(3) "~ / .bash_logout" commands in the file will be executed each time the user logs out. Understand the role of these files, you can help us arrange some administrative tasks to run automatically in the background.
Figure we execute "cd / opt / username | ls -a" command to check a user account profiles.

Second, the account management group
1, group accounts
(1) basic group (private group): This group is called a basic group of the user (private or group)
(2) additional groups (Public Group): a user account belonging to each of the at least one group, if the user is also included in the other group, these groups are called the additional group of users (or public groups).
2, group accounts file
(1) / etc / group: group accounts stored basic information.
(2) / etc / gshadow: save the group account password information.
(3) GID numbers: Group ID (Group IDentify).
3. Add Group accounts - command

when using the groupadd command to add a group account, you need to specify the GID number, you can use the "-g" option.
Figure we execute "groupadd + group account name" to add a group, in the implementation of "more / etc / group | tail -5" to check out our new group.

4, add and delete group members -gpasswd command

common options are as follows.
(1) -a: Add a user to the group.
(2) -d: delete a user from a member of the group.
(3) -M: defined list of group members, separated by a comma.

5, the query account information
(1) query groups the user belongs to

(2) to query the user identity

(3) read detailed information about user accounts

(4) query is logged on to a host of user information
using w, who, users query command.
Figure we execute the "id + username" query user identity or "groups + user name" View user's group.

6, permissions, and ownership of view files / directories
(1) Access
① read r: allows you to view the contents of a file, directory listing
② write w: allows you to modify the contents of the file, allowing the new directory, move, delete files or sub directory
③ executable x: allowed to run the program, switch the directory
(2) home (ownership)
① owner: owns the file or directory user account
② is a group: owns the group accounts file or directory
describes the fields shown below.

r, w, x permission characters can also be used separately as octal numbers 4,2,1 representation.

7, set the file permissions and commands authority -chmod command

8, attributable -chown command sets of files and directories
can also be combined with "-R" option to recursively modify all files, subdirectories ownership of the specified directory.

9, permission mask -umask
the umask is currently specified default user permissions default value when creating a new file or directory.
(1) umask role in
control of the new file or directory permissions
default permissions on the removal of permissions umask permissions for the new file or directory
(2) umask setting: umask022
(3) View umask: umask
Example: The umask is set to 000, New directory or file, viewing permissions. The umask is set to 022, the new directory or file, and then view the permissions.
The next chapter we will learn the same disk management Linux file, then please to cheer Oh, thank you!