linux user and user rights management
User Management:
1, create a user useradd
-c description specified user
-d home directory specified default directory with the same name under the home directory / Home
-g specified primary group
-G to specify additional group
[Note: A user can have only one primary group, and additional groups can have multiple]
-s to specify the shell program
special: / sbin / nologin -> does not allow user login system
-u specifies the UID
-M do not create home directories
2, userdel
-r delete a directory with family
3, usermod - Modify
-c -d -m -g -G -s -u -o ( allowing the same UID, and used with -u)
. 4, the passwd
-l Lock
-u UNLOCK
-d delete password
* Echo "password" | passwd --stdin "User Name" * step to create a user name and password
Group Management:
groupadd
-g Modify Group ID
-o allowed to repeat
groupdel delete group properties
groupmod modify group attributes
-g
-o
-n modify the group name
-p password specified group
[Note: If a file input the user's additional groups, and you to access this file, others thought that the group can set a password;]
Common file
/ etc / passwd
uname: the X-: uid: gid: Description: home directory: shell program
superuser - root
system user 1-4991-999 ordinary users 500 - 65535 1000-65535
/ etc / Shadow
uname: uid: Password : various time ...
. . .
Script file
/ etc / group
: Group Password: Group ID: Additional group
/ etc / gshadow
. . .
/ etc / skel
this file in the directory will be copied to each ordinary user's home directory, generally used for warning;
==============================================================
User rights:
rwx
write performed
. 4. 1 2
R & lt 100
W 010
X 001
the chmod [A | O | G | U] [+ | -] File
chown: user10 file
chown user10: File
chown user10: user10 file
===================================================
acl license management:
through rights management, add the specified permissions to the specified user;
the setfacl - add permissions
setfacl -mu: Username: // file permissions added to the user's file must be a file
setfacl -xu: Username file / / cancel file permissions
getfacl
view acl permission to add
Special privileges:
temporary borrowed authority; for example: There are two user inputs AB and BB AA group group; A user creates a a.txt, B default access a.txt continue using other; however, if I want to override, a visit to the borrowing authority of a.txt, you need to SUID bit set to 1; also can borrow rights of SGID to access the file;
sticky bit roles: delegated to a directory, all users in the directory only can delete your files, others can not delete your files; - granted to directory files;
SUID
special permission chmod u + s file // awarded the SUID
if the owner has permission to display x s
if the owner no permission to display x for the S
[how to borrow? ]
SGID
chmod + G file // s special privileges granted to the GUID
If the owner has permission to display x s
if the owner no permission to appear as x S
[How to borrow? ]
Sticky
chmod + t O file // granted special privileges sticky bit
if the owner has permission to display t s
if the owner no permission to appear as T S
[How to borrow? ]
=============================================
su authorized
/ etc / sudoers // In this file add the permission to go inside;
su - / su
sudo