[TOC]
Preface: accounts and privilege management theory to explain
One: Overview of user accounts and group accounts
1.1: linux to control access to resources based on user identity
user account
- Superuser (root, can not be replaced)
- Ordinary users (own creation, access to username)
- Program users (who can not log in to the program is used to enable the program to normal operation)
- Anonymous user (windows of the guest, linux is nobody, least privilege general of subscribers)
Group accounts (collection of user rights)
- The basic group (private group, along with the creation of user created, and the user of the same name)
- Additional group (group public directly create an empty group, you can add an existing user, set permissions to the group, all users in the group have this permission)
UID and the GID (tag identification number)
UID (User IDentity, user identification number)
GID (group IDentify, group ID)
II: user account and group account management
2.1: user accounts file / etc / passwd
Save the basic information the user name, host directory, login Shell, etc.
- File Location: / TEC / passwd
- Each row corresponds to a user account records
Account records are separated by colons
User: username
Password placeholder: Representative password, and the content does not play a number of Password attribute
User Account ID: UID
Group Account ID: GID, GID means substantially private group names are basically the same UID
User Description: descriptive information
Home directory: home directory
Login shell: Can I log in, / bin / bash / sbin / bash is / sbin / nologin can not artificially Login
User accounts file / etc / shadow
Shadow file, shadow, password corresponding to the record format to explain, separated by colons
Username: Password is encrypted: born, 1970, on the 11th date over 14,374 days: 0 for minimum password age, representative may at any time modify the password: 99999 represents the maximum password age: 7 represents the seven days in advance to remind you to change password: there expiration time, after over 99,999 days, how many days the account will expire
bin: * ,! ,! ! Representatives could not land
2.2: Adding a user account useradd
-u UID specify
-d specifies the home directory
-e specify an expiration time, you can use year - month - day format
-g Specify the basic group
-G 指定附加组 (组必须要已存在)
-M 指定不创建家目录
-s 指定是否允许从shell 登录
2.3 设置/更改用户口令passwd
-d 清除密码
-l 指锁定账号密码
-u 指解锁账号密码
-S 查看用户当前状态是否被锁定
vim /etc/passwd
uid序号:
序号 | 用户 |
---|---|
0 | root |
1-999 | 程序用户 |
1000-60000 | 普通用户 |
99 | nobody匿名用户 |
在passwd中修改参数,lisi就可以登录
passwd -l 锁定用户密码,本地图形界面登录端不能登陆,但字符界面可以登录,(高权限用户切换到李四用户)
/sbin/nologin 用户无法直接登陆和被切换登录
system用户权限最大,但是无法人为登录
passwd 后面不指定用户名,就是修改当前密码,即默认用户名为当前用户
2.4修改用户账号的属性usermod
-u:修改用户的UID号
-d:修改用户的家目录
-e:修改用户的账户失效时间
-s:指定用户的登录shell
-l 更改用户账号的登录名称
-L 锁定用户账户
-U 解锁用户账户
2.5 删除用户账号userdel
-l 详细信息 -d本目录路径
2.6 用户账号的初始配置文件
以隐藏文件存在
~/.bash_profile 指定环境变量,在每次登陆shell时,就会加载其中的参数
~/.bashrc 在用户登录时就会被加载
~/.bash_logout 指注销时会起作用
2.8 组账号文件
2.9添加组账号groupadd
-g 指定组GID 组也是从1000开始排序
2.10 添加删除组成员gpasswd
-M 多用户添加
--stdin 标准性输入,免交互
如果用M添加成员,就会对这个组进行覆盖,把之前所在用户全部覆盖
-a 不会覆盖,相当于追加含义
删除也只能一个一个删
2.A:删除组账号groupdel
三:查询账号信息
3.1:groups命令
查询用户所属的组
- groups 【用户名】
3.2:id命令
查询用户身份标识
- id 【用户名】
3.3:finger
查询用户账户的详细信息
- finger 【用户名】
3.4:w、who、users命令
Queries are logged in to a host of user information
- w who users
3.5 :lastb
Query history record user login
- lastb
Four: Check the directory or file attributes
4.1: permissions and ownership of files / directory
Under file type, and it includes a sub-file, size, date, type
First character indicates the file type (- data files) directory l D c character device file link file (input and output control) b block device file (storage control)
Authority, a group of three, divided into three, namely the owner, is a group, everyone
The first one is a representative of the largest is the main authority rwx
The second block is the case of group permissions rw- can read and write can not be performed rx can write can not be executed
The third block r-- owner permissions, other read-only access other r--
1 sub-file, himself
root owner
root is a group
513 Size Unit: bytes
Created 11yue 5 2016
This whole entry is called meta-information
Five: Check the directory or file permissions
The highest authority data file 666
777 directory the highest authority
The default create 755 or 644 or 700.600.
Set file and directory permissions chmod
Attributable to view the directory or file: Six
Ownership chown set of files and directories
Is a group with change owner. Partition may be
Permission mask umask
Important to understand