User Management:
1, create a user useradd
-c description specified user
-d home directory is specified, the default home directory / home directory with the same name
-g specified primary group
-G to specify additional group
[a user group can have only one master, and additional You can have multiple groups]
-s to specify the shell program
special: / sbin / nologin -> user is not allowed to log system
-u specifies the UID
-m not create home directory
2, userdel
-r together with a home directory delete
3, usermod modify
-c -d -m (move home directory) -g -G -s -u -o (UID allowed the same, and is used with -u)
Use the same with useradd
4, passwd
the -l lock password
-u unlock
-d remove the password
echo "password" | passwd --stdin "username"
Group Management:
1, create a group groupadd
-g modify group ID
-o allowed to repeat
2, groupdel delete group 3, groupmod -g -o -n modify the group name -p password [additional set of specified group if a file belongs to the user, and you want to access the file, the file that others can set a password]
Common file
/ etc / passwd
uname: the X-: uid: gid: Description: home directory: shell program
superuser -root
system users 1-4991-999 ordinary users 1000-65535 500-65535
/ etc / shaddow
uname: uid: Password : various time ...
/ etc / group
: group password: group ID: additional group
/ etc / gshadow
/ etc / skel files in this directory will be copied to each ordinary user's home directory, usually with to do warning;
cd / etc / skel
LS -a view
User rights:
R & lt read 100. 4
W Write 010 2
X 1001 Executive
acl的授权管理:
通过权限管理,给指定用户添加指定权限;
setfacl:添加权限
setfacl -m u:用户名:添加的权限 文件 //文件一定要是该用户的文件
setfacl -x u:用户名 文件 //取消文件
getfacl
查看acl添加到的权限
特殊权限:
临时借权限;例:有A B两个用户分别输入AA组合BB组;A创建了一个用户a.txt,B默认情况下去访问a.txt使用other,但是想要越权,借用A的权限来访问a.txt,就需要将SUID位置改为1,;同时也可以,去借SGID的权限去访问这个文件;
粘粘位作用:授权给一个目录,在该目录下所有用户只能删除自己的文件,别人不能删除自己的文件;--给目录文件授权的
SUID
chmod u+s 文件 //授予SUID的特殊权限
如果属主权限有x 显示为s
如果属主权限没有x 显示为S
SGID
chmod g+s 文件 //授予SGID的特殊权限
如果属主权限有x 显示为s
如果属主权限没有x 显示为S
Sticky 粘粘位
chmod o+t 文件 //授予粘粘位的特殊权限
如果属主权限有x 显示为t
如果属主权限没有x 显示为T
su授权
/etc/sudoers //在这个文件里面去添加权限即可;
su - / su
su - / sudo