User accounts and group accounts
Linux system is controlled access to resources based on user identity, Linux user account into the following three categories:
- Supervisor : that is the root user, all users it has the largest authority, manages the ordinary user, you can say you have a root access to the server, then this server basically is yours.
- Average user : general user, its authority is limited use of the system, you can use the root account for its management.
- User program : also known as system users, to protect the user of system operation, generally not man-made log into the system.
Common set of accounts are generally divided into two types:
- Basic set : Also called private group, generally created when the default system account for each account creates a basic group with the same name as their own.
- Additional groups : also called public groups, are generally created by the administrator account to manage user rights.
UID and GID:
- The UID : user identification number (User IDentity)
- The GID : group ID, (Group IDentity)
User accounts associated with two files:
- User accounts file / etc / passwd: save user name, host directory, login shell and other basic information.
The above is the basic format I cut out of the / etc / passwd file, Here I introduce the contents of each part represented by:root:用户名称 x:密码占位符,密码保存在/etc/shadow文件内 0:用户id,UID 0:组id,GID root:注释信息 /root:用户家目录 /bin/bash:用户默认使用shell
The root UID / GID is 0; the program user UID / GID is 1 to 499; normal user UID / GID from 500 to 60,000.
- User accounts file / etc / shadow: save the user's password, account expiration date information.
The above is the basic format I cut out of the / etc / shadow file, Here I introduce the contents of each part represented by:
jiang:用户名称
$6$lA9A.3a/aE$5V.E3sipR6H1bcdNg.5uQOGeS0M6NDcoqinrfMI9f3g\
>rWYXZHZgGyCRYZ1cRifI1/5tIy5hcX3UtGsncq2jYr1:用哈希(Hash)算法加密过的密码
18117:用户创建的日期距离1970-01-01多少天(1970-01-01是官方的Unix启动时间)
0:表示密码的最短使用期限(天)
99999:表示密码的失效时间(天)
7:表示失效前多少天提醒用户
User Action: add users, change passwords, modify and remove users
- Adding user accounts: useradd command (Format: useradd ... [option] ... username)
[选项]: -u-----------------UID -d-----------------用户的家目录 -e-----------------失效时间(天) 格式:YYYY-MM-DD(如:1990-10-11) -g-----------------基本组 -G-----------------附加组 -M----------------不创建家目录 -s-----------------shell登录(可以登录:/bin/bash;无法登录:/sbin/nologin)
Set / change the user password: passwd command (Format: passwd ... [option] ... username)
[选项]:
-d----------------------------删除密码
-l-----------------------------停止账号使用
-S(大写)---------------显示密码信息
-u---------------------------启用已被停止的账户
不加选项直接跟用户,是更改用户密码
Modify user account properties: the usermod command (Format: usermod ... [option] ... username)
[选项]:
-l(小写)-----------------------修改账号名称
-L(大写)----------------------锁定用户账号
-U(大写)---------------------解锁用户账号
There are other -u, -d, -e, -g, -G, -s option of the useradd command the same meaning
To delete a user account: userdel command (Format: userdel ... [- r] ... username)
when you add the -r option, even with the means to delete the user's home directory.
Added: switch user command: su [-] user name. Plus "-" indicates to maintain the current path access to other users, without "-" switch user to enter the user's home directory.
Group accounts related documents
Group account file with the user account file is similar to:
- / etc / group: save the group account basic information
- : / etc / gshadow password information stored group account
Add a group account: groupadd command (Format: group ... [- g GID] ... group account name)
add / delete group members: gpasswd command (Format: gpasswd ... [option] ... group account name)
this command can also be used to set the group account password, but with very little.
选项:
-a------------------向组内添加一个用户
-d------------------从组内删除一个用户
-M-----------------定义组成员列表,以逗号“,”分隔(同时向组内添加多个成员,但会覆盖之前添加的成员)
To delete a group account: groupdel command (Format: groupdel ... group account name)
Query account information:
groups命令:查询用户所属的组(格式:groups...[用户名])
id命令:查询用户身份标识(格式:id...[用户名])
finger命令:查询用户账号的详细信息(格式:finger...[用户名])
w、who、users命令:查询已登录到主机的用户信息
文件目录的权限和归属:
访问权限:
- 读取r:允许查看文件内容、显示目录列表(对应数字4)
- 写入w:允许修改文件内容,允许在目录中新建、移动、删除文件或子目录(对应数字2)
- 可执行x:允许运行程序、切换目录(对应数字1)
归属(所有权): - 属主:拥有该文件或目录的用户账号
- 属组:拥有该文件或目录的组账号
查看文件、目录的权限和归属:
一般用ls -l 命令去查看文件、目录的权限和归属,可以在目录下直接输入“ls -l”命令查看当前目录下的子目录与文件的权限和归属,也可以直接用“ls -l 目录名/文件名”直接查看你想看的目录或文件的权限与归属。
下面我截取一个文件的信息来仔细解释每个部分所代表的含义:
-rw-------. 1 root root 1801 8月 9 19:32 anaconda-ks.cfg
将这个文件的信息进行分解:
- ; rw- ; --- ; ---. ; 1 ; root ; root ; 1801 ; 8月 9 19:32 ; anaconda-ks.cfg
-:表示文件的类型(-表示普通文件、d表示目录文件、l表示链接文件、b设备文件)
rw-:表示文件属主对该文件拥有的权限(r表示读取权限、w表示写入权限、x表示执行权限、rwx三个权限的顺序固定,-在哪个位置就表示不具备该权限)
---:表示属组对该文件拥有的权限
---:表示所有人对该文件的拥有权限
1:表示硬链接的数量
root:表示文件的属主
root:表示文件的属组
1801:表示文件大小,单位字节
8月 9 19:32 :表示文件创建时间
anaconda-ks.cfg:表示文件名
设置文件和目录的权限:
chmod命令(有两种格式,加上“-R”表示递归修改目录下所有子项的权限)
- Format 1: chmod ... [u, g , o, a] [+, -, =] [r, w, x] .... file / directory
u, g, o, a, respectively owner, is group, other users, all users
+, -, =, respectively added, removed, set permissions
r, w, x represent read, write, execute permissions - Format 2: chmod ... nnn .... file / directory ( this format is more convenient than the first, this format is recommended )
n, n, n is three octets, n represents the first genus owner permissions, group permissions second represents genera, third means permission of all
n corresponds to the number for each permission and only read authority is n = 4, has read and write access is n = 6, has all privileges then n = 7, n = 0 then do not have permission
set file ownership and directories:
chown command (add "-R" recursively modifying the home directory of all children)
format: chown owner ... [: is a group] ... file or directory
Umask permissions mask:
the role of umask: the
control of the newly created file or directory permissions
default permissions umask permission to remove the permissions on the new file or directory
is set umask: command "umask ... nnn", and three n chmod command the same
umask View: command "umask", directly enter the "umask" you can view the current permission mask