linux user and user rights management
User Management:
1, useradd to create the user
-c description specified user
-d home directory specified default directory with the same name under the home directory / Home
-g specified primary group
-G to specify additional group
[a user can have only one primary group, and the group may have two additional a]
-s specifies the shell program
special: / sbin / nologin -> user is not allowed to log system
-u specifies the UID
-M do not create home directories
2, userdel
-r with a home directory delete block
3, usermod - modify
-cd -mgGsu -o (allow same UID, and -u- from use)
4, passwd
the -l Lock
-u UNLOCK
-d remove the password
echo "password" | passwd --stdin "username"
Group Management
1, groupadd
-g add group
-o delete Group
2, groupdel delete a group
, groupmod 3
-g
-O
-n modify the group name
-p password [additional set of specified group if the user inputs a file, and you want to access this document, others thought that the group can set a password]
Common file
/ etc / passwd
uname: the X-: uid: gid: Description home directory: shell program
superuser - root
system user 1-4991-999 ordinary users 1000-65535 500-65535
/ etc / Shadow
uname: uid: Password: various time ..
/ etc / group
: group password: group ID: additional group
/ etc / gshadow
/ etc / skel
this directory files will be copied to each of a normal user's home directory, generally used for caveat;
User rights
r w x
Read Write performed
. 4. 1 2
R & lt 100
W 010
X 001
the chmod [A | O | G | U] [+ | -] File
chown: user10 file
chown user10: File
chown user10: user10 file
acl license management:
through rights management, add the user to specify the designated authority;
the setfacl - add permissions
setfacl -mu: Username: added file // file permissions - If given the user's files
setfacl-x u: Username // file canceled file permissions
getfac
view acd add permissions
Special permission bits
temporary permission to borrow: temporary authority to borrow; for example: There are two user inputs AB and BB AA group group; A user creates a a.txt, B default access a.txt continue using other; however, if I want ultra vires, authority to borrow a visit to the a.txt, would need to
want to SUID bit is set to 1; also can borrow rights of SGID to access the file;
sticky bit roles: delegated to a directory, the directory of all users can delete their own files, others can not delete your files; - granted to the file directory;
SUID
chmod + s file name U // special privileges granted to the SUID
if the owner has permission to display x s
if the owner no permission to appear as x S
SGID
chmod + s file name U // special permission granted SGID's
main authority if the genus there is shown as x s
, if x is not the owner of rights to display s
Sticky
the chmod + O @ t file granted special privileges sticky bit
if the owner has rights t s shown as
if the owner permissions displayed no T s
sudu authorization
/ etc / sudoers // In this file add the permission to go inside;
SU-
sU
sudo