This blog describes the attributes and privileges associated with the user group Liunx related to the operating system, and explains how to file / directory permissions, ownership settings. Next, I will explain in detail mainly from the following sections
Catalog Description:
- Overview of user accounts and group accounts
- User account and group account management
- Other relevant account information
- View the properties of a file or directory
- Set permissions a directory or file, attribution
I. Overview of user accounts and group accounts, management
1, user accounts and group accounts Overview
1-1 part
User accounts can be divided into the following sections
set of accounts is divided into the following sections
1-2 file location and account Comments
User Accounts:
storage location: all accounts files are stored in "/ etc / passwd", all password files are stored in "/ etc / shadow" in (not in the clear, you need to be decoded through the hash algorithm)
format: Here to root account as an example, where the user account ID, account ID group is the UID, GID
UID and GID both the account identifier is
super (root) is 0 user's UID, the user's UID program 1 to 499, the average user's UID is 500 to 60,000.
GID represents the group ID for the group
set of accounts:
All accounts files are stored in the "/ etc / group", all password files are stored in "/ etc / gshadow" (usually no password, if the password the same not in the clear)
format: with this additional set an example adm
2, user account and group account management
1-1 User Account Management
(1)useradd指令添加用户账户
格式:useradd [选项] 新建的用户名
常用选项:
-u 指定UID
-d 指定宿主目录(不能事先创建好相应的空目录)
-e 指定失效时间(YYYY-MM-DD或者明确的天数)
-G 指定附加组(附加组需要事先建好)
-g 指定基本组
-M 不创建宿主目录
-s 指定shell登录/bin/bash(登录)或者/sbin/nologin(禁止登录)
(2)passwd指令设置用户密码
格式:passwd [选项] 密码
常用选项:
-d 删除原有密码
-S 查看用户状态
-l 锁定用户密码
-u 解锁用户密码
不使用选项 修改当前用户密码
(3)usermod指令修改用户属性
格式:usermod [选项] 用户名
常用选项:
-L 锁定用户
-U 解锁用户
剩下的“-u、-d、-e、-g、-G、-s”含义与useradd指令中的含义完全相同。
(4)userdel指令删除用户
格式:userdel [-r] 用户名
选项:常用的就-r,连目标用户的家目录一齐删除(不用-r会留下一个空文件夹)
1-2组账户管理
组账户的管理基本相同于用户账户
(1)groupadd指令添加组账户
格式:groupadd [-G GID] 组账户名
实例:
(2)gpasswd指令添加、删除组成员(也有设置组密码的功能不过不常用)
格式:gpasswd [选项] 组账户名
常用选项:
-a 添加组成员(追加添加,一次一个)
-d 移除组成员(一次移除一个)
-M 定义组成员(每个组成员之间逗号分隔,会覆盖原有组成员)
(3)gpassdel指令删除组账户
格式:gpassdel [组账户名]
3、常用查询用户信息指令
group 组用户名——查询组信息
id 用户名——查询用户信息
finger 用户名——查询用户详细信息(Centos7预制没有该指令,需要通过yum库在线安装)
4、查看目录或文件的属性
通常文件/目录都或多或少具备以下三种属性:
读取r:允许查看内容
写入w:允许修改内容,允许新建、复制、移动文件/目录
可执行x:允许允许程序,允许跳转
想要查看着三种属性,可通过“ls -l”查看,这里我为大家举一个例子:
其中文件类型、权限中,第一个“-”代表文件类型:“d”——目录、“-”——文件、“l”——连接,而后面的“rw-r--r--”代表的是文件权限,分别代表着属主权限、属组权限、其他用户权限。日常中通常将权限表达为数字,例如上面的文件权限就可表达为“644”,详情可参照下表
之后的各项数字\字母分别表示:
“1”——目录下有几个子目录
“root root”——属主、属组
“34298”——文件\目录大小(单位:字节)
“04-02 00:23”——建立时间
“insetall.log”——文件\目录名称
5、设置目录或文件的权限、归属
5-1 chmod指令设置文件权限
Format: chmod [ugno] [+ - =] file or directory - complex, commonly
[ugno] are represented by the owner, is a group, other users, all users
[+ - =] respectively increase permission, permission is removed , set permissions
such as: chmod u + x abc.txt-- for the owner abc.txt executable file with the permission of x (? is not very complicated)
Next comes the second setting file method:
format: chmod [ nnn] file or directory
[nnn] represents the octal digits (section describes the permissions on the corresponding figure of the table draw)
For example: chmod 744 abc.txt-- set 744 permissions for abc.txt file (meaning before the digital watch)
in addition, for all the files in the directory permissions through unity "-r" way
5-2 chown command modifies owner, is a group
Format:
chown owner file \ directory ---- modify owner
chown: is a group of files \ directory ---- modification is a group
chown owner: is a group of files \ directory ---- also modify the owner, is a group of
the same , all files can be unified ownership by "-r" directory under way
5-3 umask permission mask
Meaning: control of the new file or directory permissions, umask permission to remove the default permissions for the permissions on the new file or directory to the
format:
umask setting: 022 umask
umask View: umask
Example:
The umsak set to 000, the new directory or file Check the permissions
will umsak set to 022, the new directory or file, and then view the permissions