1, a user group
添加用户
useradd
-u UID
-o
-g 指定 GID或组名
-c 注释信息
-d 家目录
-s shell
-G 附加组
-r 系统用户
-m 家目录,系统用户
-M 不创建家目录,非系统用户
newusers file : 批量创建用户,需要事先准备好跟passwd格式一样的文件
chpasswd : 批量修改用户口令,文件格式:用户名:口令
passwd
-l : 锁定指定的用户
-u : 解锁指定的用户
-e :强制用户下次登录时修改密码
usermod
-u UID
-g GID
-G 新附加组 -a
-d HOME
-l 新家目录
-U 解锁
-L 锁定
-e YYYY-MM-DD: 指明用户账号过期日期
--f INACTIVE: 设定非活动期限
-d DIR : 修改家目录
-m : 配合-d,修改并且移动数据到新的家目录
userdel
-r 删除用户家目录
id [OPTION]... [USER]
-n: 显示名称,需配合ugG使用
-G: 显示用户所属的组的ID
-u UID
-g GID
切换用户方式
su :非登录式切换,即不会读取目标用户的配置文件,不改变当前工作目录
su - :登录式切换,会读取目标用户的配置文件,切换至家目录,完全切换
change 修改密码策略
-d LAST_DAY
-E --expiredate EXPIRE_DATE
-I --inactive INACTIVE
-m --mindays MIN_DAYS
-M --maxdays MAX_DAYS
-W --warndays WARN_DAYS
chage -d 0 tom 下一次登录强制重设密码
chage -m 0 –M 42 –W 14 –I 7 tom
chage -E 2016-09-10 tom
groupadd
-g GID
-r 系统组
groupmod [option] GROUP
-n group_name : 修改组名
-g GID : 修改GID
修改文件属性
chown -R 递归
umask
可以用来保留在创建文件权限
新建文件的默认权限: 666-umask,如果所得结果某位存在执行(奇数)权限,则将其权限+1
新建目录的默认权限: 777-umask
非特权用户umask是 002
root的umask 是 022
对于文件的权限:
r : 查看
w : 修改
x : 运行
对于目录的权限:
r : 查看目录内文件列表
w : 创建和删除文件(需要x权限)
x : cd进目录
特殊权限
SUID
SGID
默认情况下,用户创建文件时,其属组为此用户所属的主组
一旦某目录被设定了SGID,则对此目录有写权限的用户在此目录中创建的文件所属的组为此目录的属组
Sticky 位
具有写权限的目录通常用户可以删除该目录中的任何文件,无论该文件的权限或拥有权
在目录设置Sticky 位,只有文件的所有者或root可以删除该文件
SUID: user,占据属主的执行权限位
s:属主拥有x权限
S:属主没有x权限
SGID: group,占据属组的执行权限位
s: group拥有x权限
S:group没有x权限
Sticky: other,占据other的执行权限位
t:other拥有x权限
T:other没有x权限
文件特殊属性
chattr +i 不能删除,改名,更改
chattr +a 只能追加内容
lsattr 显示特定属性
acl 访问控制列表
ACL:Access Control List,实现灵活的权限管理
CentOS7 默认创建的xfs和ext4文件系统具有ACL功能
CentOS7 之前版本,默认手工创建的ext4文件系统无ACL功能,需手动增加
tune2fs –o acl /dev/sdb1
mount –o acl /dev/sdb1 /mnt/test
ACL生效顺序:所有者>(自定义用户>所属组,自定义组)>其他人
括号外的用户不收mask影响
mount -o acl /directory
getfacl file |directory
setfacl -m u:wang:rwx file|directory
setfacl -Rm g:sales:rwX directory
setfacl -M file.acl file|directory
setfacl -m g:salesgroup:rw file| directory
setfacl -m d:u:wang:rx directory
setfacl -x u:wang file |directory
setfacl -X file.acl directory
通过ACL赋予目录默认x权限,目录内文件也不会继承x权限
base ACL 不能删除
setfacl -k dir 删除默认ACL权限
setfacl –b file1清除所有ACL权限
getfacl file1 | setfacl --set-file=- file2 复制file1的acl权限给file2
mask只影响除所有者和other的之外的人和组的最大权限
Mask需要与用户的权限进行逻辑与运算后,才能变成有限的权限(EffectivePermission)
用户或组的设置必须存在于mask权限设定范围内才会生效
setfacl -mmask::rx file
--set选项会把原有的ACL项都删除,用新的替代,需要注意的是一定要包含UGO的设置,不能象-m一样只是添加ACL就可以
XFS文件系统默认支持ACL,其他低级的需要文件系统支持后,挂载时指定
2, basic script
Variables command
1、不能使程序中的保留字:例如if, for
2、只能使用数字、字母及下划线,且不能以数字开头
3、见名知义
4、统一命名规则:驼峰命名法
Shell中命名建议规则:
1、变量名大写
2、局部变量小写
3、函数名小写
4、用英文名字,并体现出实际作用
根据变量的生效范围等标准划分下面变量类型
局部变量:生效范围为当前shell进程;对当前shell之外的其它shell进程,
包括当前shell的子shell进程均无效
环境变量:生效范围为当前shell进程及其子进程
本地变量:生效范围为当前shell进程中某代码片断,通常指函数
位置变量:$1, $2, ...来表示,用于让脚本在脚本代码中调用通过命令行传
递给它的参数
特殊变量:$?, $0, $*, $@, $#,$$
$$ shell 本身的pid当前进程号
$! shell 最后运行的后台processs pid
set
-e : 如果一个命令返回一个非0退出状态值(失败),就退出。
-n : 不需要执行脚本只是检查语法结构,返回所有的语法错误信息。
-u : 置换时把未设置的变量看作出错。
-v : 当读入shell输入行时,把它们显示出来。
-x : 执行命令时,把命令和它们的参数显示出来Variable Assignment: name = 'value'
can use the reference value
(. 1) may be a direct string: name = "the root"
(2) variable reference: name = "$ the USER"
(. 3) command reference: name = COMMAND
name = $ ( COMMAND)
变量引用:${name} 或者 $name
" " 弱引用,其中的变量引用会被替换为变量值
' ' 强引用,其中的变量引用不会被替换为变量值,而保持原字符串
显示已定义的所有变量:set
删除变量:unset name
只读变量:只能声明,但不能修改和删除
声明只读变量:
readonly name
declare -r name
查看只读变量:
readonly -pVariable Scope
local
export 全局
新开子shell 运行脚本
source 脚本执行,在本sehllCommand line extension
$ () Or ``
Declare variables
Readonly name
DECLARE -r name
-i integer
-x environment variables
readonly -p
Undo variable
unset var
unset -f function name
Position variable
Exit code
bash custom exit status
exit [n]: Custom exit status codes
Note: In the event of the exit command script, the script will terminate immediately; terminate the exit command to exit the state depends on the latter figure
Note: If you do not specify to the script exit status, exit status entire script depends on the last command executed in the script status code
Arithmetic
only supports integer operations
let
expr
ab=expr $a + $b
$[ ]
$(( ))
bc supports fractional
echo "5 * 7 .3" | bc
Test conditions
Test conditions
Return true 0
false returns 1
Logical operation
with -a &&
or || -o
non!
A use []
[-a]
Use && [[]]
[[&&]]
[] && []
test command
test EXPRESSION
[ EXPRESSION ]
[[ EXPRESSION ]]
1, using -n -z determine whether a variable is empty
[] need to add "" [[]] on the outside of the variables do not have to
pay attention: There must be whitespace characters before and after EXPRESSION
Command combination
(Command; command) opener shell
{Command; Command;} performed under this shell
The value of the test bash
-v VAR
VAR variable is set
Numerical tests
whether not less than a -gt greater than -ge -eq is equal -lt -ne is not equal to or less is less than if -le
String shell variable
$ {Parameter}
$ {# Parameter} character length
$ {parameter: offset} after start extracting carriers from offset to the end of the string
$ {parameter: offset: length} started after extraction from the offset length length string
$ {parameter # word} beginning to start deleting from the shortest match $ {parameter} word string
$ {parameter ## word} beginning to start deleting from the longest matched string word Parameter} $ {
$ {Parameter% from word $ {} start parameter} removes the shortest end of the word string matching
$ {parameter %% word}} end to start deleting from the longest matched string word Parameter {$
$ {Parameter / pattern / string} instead of the first matching string pattern
$ {parameter // pattern / string} all the
character length of
conduit $ {char} echo | WC -L
expre length "$ {char}"
Special extended variable
$ {parameter: -word} If parameter is empty or variable assignment, and the word string is returned in place of the variable value
$ {parameter: = word} If parameter is empty or variable assignment, set in word and return, the variable and special variable NA
$ {parameter:? word} If parameter variable is null or not an assignment, word as the standard error output, otherwise the output value of the variable
$ {parameter: + word} If parameter is null variable assignment or nothing to do otherwise word value is returned
computation
!/bin/bash
No1 =. 4;
NO2 =. 5;
the let Result = No1 + NO2
echo $ Result
Result = $ [No1 + NO2]
Result = $ [$ No1 +. 5]
may also be used (()), but using (()), the need to add $ before the variable name:
Array
$ Ass_array = ([index1] = val1 [index2] = val2)
independent "index - value" assignment:
$ ass_array [index1,] = val1 is
$ ass_array'index2] = val2
array index
$ echo $ {array_var [*! ]}
$ echo $ {! array_var [@]
$ echo $ {! fruits_value [*]}
while read n ;do
echo " name is $n "
done < name #文本文件每行
cat student_name.txt | while read name ; do
useradd $name
echo $name is created
done
find
find /var -not ( -user root -o -user lp -o -user gdm )
In conjunction with xargs
compression
compress .Z
gzip .gz
bzip2 .bz2
xz .xz
zip .
tar
cpio
-j: bzip2, -z: gzip, -J: xz
Hard and soft symbolic link
df -i --print-type
The difference between a symbolic link and a hard link?
Symbolic links:
soft links have their file attributes and permissions;
you can create a soft link to non-existent file or directory;
soft link can cross file system;
a soft link to create a file or directory;
when you create a soft link, link count i_nlink will not increase;
delete soft link does not affect the file pointed to, but if the point of the original file is deleted, the associated soft connection is called a dead link (that is dangling link, if they are the path to the file is re-created, dead links revert to the normal soft link).
Hard link:
the file has the same inode and data block;
only to existing files created;
not cross file system to create hard links;
can not create directories, only files can be created;
deletes a hard link files and does not affect other files have the same inode number.
Each file exists two counters: i_count and i_nlink, i.e. hard link count and the reference count. I_count inode structure is used to track the number of files to be accessed, and is used above i_nlink like ls -l command to view the number of hard links to the file. Or i_count trace file the case in memory, and disk i_nlink is the counter. When a file is deleted, the first i_nlink is set to 0. The two counters makes Linux file system upgrades or updates become easier. System or program (ie file i_count not zero), the new file without closing the same file name substitution, the new document has its own inode and data block, the old file will be closed after the relevant processes in full deleted
When you create a soft link is a relative path is created, the link will look for files with the same name in the current directory, if you can not find the link failure. Link file has its own node data.