I. Overview of user accounts and group accounts
Second, the user account and group account management
Third, the query account information
Fourth, view the directory or file attributes
Fifth, set permissions for the directory or file
Sixth, set up a home directory or file
■ Linux resources based on user identity for access control
● User Account
Supervisor: human interaction user permissions highest
average user: commonly used documents, user files
program users: Do not use man-made, specialized management systems of certain services (1-- --499)
● group account
basic group (private group): with the creation of users and create your own with the user of the same name.
Additional group (Public Group): group created yourself.
● UID and GID
UID (the User lDentity, user identification number) :( 0)
GID (Group lDentify, group identification number) (500 --- 60000)
the TIP:
1.System highest authority for the system user
2 anonymous users: Windows ( the Guest); Linux (the nobody)
3.Passwd directory put the system account files, Microsoft is sam directory
■ save the user name, the basic information of the home directory, and other log Shell
● file location: / etc / passwd
Each row corresponds to a user account record
■ save the user's password, account expiration date information
● File Location: / etc / Shadow
● Each row corresponds to the password recording a user
[[the root @ localhost ~] # head -2 / etc / Shadow
the root: $. 1 $ 55HB4pbx $ acHqk4lZiHTZ9cw0ZJe8f0: 14374: 0: 99999:. 7 :.
bin: : 14374: 99999:. 7 :.
[the root @ localhost ~] # tail -1 / etc / Shadow
Teacher: BT7teaYX $ $ $. 1 s2sr6uFUwKhtU.8 / 8VpzB1: 14374:. 9: 999.7 :.
Each row corresponds to a user's password records: hash algorithm.
14374: No. 1 over from 1970. 1. How many days
0: password expiration minimum number of days
99999: password expires maximum time (in days)
7: password expires 7 days in advance will remind
bin: *: logo the account is locked, unable to land
Adding user accounts
■ useradd command
useradd [option] .. User name commonly used options
● -u, -d, -e, -g , -G, -M, -s
-u: user with UID specified directly
-d: creating user home
-e: dead time (YYYY-MM-dd 1990-10-11) form
-g: primitive groups
-G: Additional Group
Ø -M: do not create home directories
-s: shell landed: (/ bin / bas landing) (/ sbin / nologin can not login)
Set / change user password the passwd
Ø-L: locking the user
-S: Check user status (Status)
Ø-U: unlock the user
When paaword not specify a user name, modify the current account password.
Modify the user account attribute the usermod
1.usermod command: usermod [options] ... username
2. Common options:
² the -l: Lock User
-L: Lock User
-U: unlock the user
following the same meaning useradd command :
² -u: unlock the user
-d: create a user's home directory
-e: Specifies the expiration time MM-dd-YYYY
² -g: Specifies the basic group
-G: specify additional groups
-s: Specifies the login shell ( / bin / bash login; / sbin / nologin can not log in
Delete User command
1.userdel command
userdel [-r] username
2.-r recursive, it represents even the user's home directory be deleted
The initial user account profiles
1. source file
when creating a new user account from / etc / skel directory is copied
2. The main user is a profile
~ / .bash_profile: at the time of landing, effectively loading the file;
~ / .bashrc: when the login shell environment, the effective load, contains landing system;
~ / .bash_logout: loads profiles on logoff
more than three files to hide the file exists,
summary:
1. for (the current user) and Introduction landing, three load user environment variable file
environment variables 2.Etc / profile system configuration files, users will log in to any load.
Group account files
1. file with the user account is similar
/ etc / group: save the group account basic information
/ etc / gshadow: save the group account password information
group account passwords basically do not affect efficiency.
2. for example, in FIG.
Add Group Account the groupadd
1.Groupadd command: groupadd [-g GID] group account name
2. for example, in FIG.
Add Remove constituent members gpasswd
. .1 setting group account password (rarely used), add / remove group members: gpasswd [option] ... group account name
2. Common options
-a: Add a user to the group
-d: to delete a user from the group members
-M: define the list of group members, separated by commas
查询账号信息
1.group命令:查询用户所属的组:group [用户名]
2.id命令:查询用户身份标识:id [用户名]
3.finger命令:查询用户账号的详细信息:finger [用户名]
4.w、who、users命令:查询一登录到主机的用户信息
文件/目录的权限和归属
1.访问权限
读取r:允许查看文件内容、显示目录列表
写入w:允许修改文件内容,允许在目录中新建、移动、删除文
件或子目录
可执行x:允许运行程序、切换目录
2.归属(所有权)
属主:拥有该文件或目录的用户帐号
属组:拥有该文件或目录的组帐号 
查看文件/目录的权限和归属
如:d rwx r-x r-x. 2 root toot 6 8月 5 2017 tmpfiles.d
d:目录-;文件l:链接文件(只看第一个字符来判断)
rwx:属主 主人
r--x :属组 r-代表只可以查看 ---不具备权限
r--x :other 所有人(包括匿名用户)
2:包含的子目录
root : 属主
root : 属组
6:文件大小(单位字节)
8月 5 2017 :创建时间
Tmpfiles.d :文件名
以上均是权限的区域
TIP:一旦配置777权限,用户登陆不了(linux)
Setting file and directory permissions the chmod
² the chmod [ugoa] represent the owner, is a group, other users, all users [+ - =] respectively added, removed, set permissions [rwx] file or directory ...
² the chmod NNN (. 3 bit octal) file or directory (easy, recommended choice)
common options
-R: recursively modify the permissions of all children under the specified directory
Set file and directory permissions chown
1.chown command
chown owner file or directory
chown: is a group of files or directories
chown owner: is a group of files or directories
2. Common options
-R: recursively modify the specified directory and all files, subdirectories ownership
Umask umask
1.umask role
control of the newly created file or directory permissions
permission to remove the default permissions on the umask for the new file or directory permissions on the
set 2.umask: umask 022 (default 022)
3.umask View: umask
example:
will umsak set to 000, the new directory or file, viewing permissions
will umsak set to 022, the new directory or file, and then view the permissions