Linux③- remote management commands, and group permissions, user management
<<< CSDN poor layout problems, want to see the good typography into Linux③- remote management commands, and group permissions, user management >>>
1, remote management
① shutdown / restart
shutdown [option] [time] shutdown / restart
shutdown time options
Option Meaning
-r restart
-c cancel the shutdown action already in progress
-h off after shutdown
Note:
When you do not specify options and parameters, default execution 1 Turn off the computer after a minute
when the remote maintenance server, it is best not to shut down the system, the system should be restarted
Examples of commands:
the shutdown now -H right now off
shutdown -h 20:30 pm 8:30 sleep timer
shutdown -r now now immediately restart
shutdown -r 20:30 pm 8:30 re-starting timing of
shutdown +10 few more minutes after shutdown
② view or configure the card information
number command corresponding to the English action
01 ifconfig network interfaces configuring View / configure the computer's current network card configuration information
whether 02 connected ping ip ping detection target ip address of the normal
Ubuntu ip address can be viewed in the settings of the network
Note : each IP address can not the same, otherwise IP address conflict, not the normal network traffic
ifconfig command
If you do not install the relevant components, enter sudo apt install net-tools installation
tips: directly through ifconfig | grep inet (pipeline) directly screened ip address
Tip: A computer may have a physical NICs and multiple virtual NICs in the physical NIC name in Linux is usually expressed in ensXX
127.0.0.1 is called a local loopback address (or interface) / loopback address (loopbackaddress), typically used to test whether the unit normal card
ping command to
detect the target host is connected properly:
ping IP address
detection of a local network card is working properly:
ping 127.0.0.1
Principle: using the principle is as follows: IP address of the machine on the network using a unique, destination IP address to send a packet, and then ask for a return of the same size data packets to determine whether the machine is connected to two network communication, how much delay.
ping command to check network connectivity, may well help us determine and analyze network faults. Value the greater the slower speed.
Note: Linux, terminate the execution of a terminal program, use Ctrl + c, for example, did not stop the ping command, you can use this method to stop.
English noun:
the TTL Time To Live is the abbreviation, this field specifies the maximum number allowed by the network before the IP packet is discarded by the router. TTL is an 8 bit IPv4 header fields
mdev Mean Deviation is the acronym that represents the average degree of deviation from these RTT ICMP packets, the greater the value of your speed the more unstable the
ICMP is (Internet Control Message Protocol) Internet control message protocol. It is a sub-protocol TCP / IP protocol suite, for passing control messages between IP hosts, routers. Refers to the network control messages through the operation fails, the host is reachable, a message such as whether the available route network itself. These control messages, while not transmitting user data, but for the transfer of user data plays an important role.
RTT (Round-Trip Time): round-trip delay. In a computer network it is important performance index indicating the start of data transmission from the transmission side, the sender receives acknowledgment from the receiving side (receiving side receives the data transmitted immediately after confirmation), the total delay experienced.
③ssh (secure shell)
SSH Secure Shell is an abbreviation
SSH client →→→→→ connection →→→→→ SSH server
is generally based on the Linux kernel has loaded ssh ssh client and server side, including mac, if you system installed windows series, you must manually
ssh the two advantages:
First, the encrypted data transmission way, to prevent information being hijacked (DNS spoofing and IP spoofing) and other safety issues
two data transmission using the compression method, to speed up transmission
④ip and port number of
IP internet protocol address (English: Internet Protocol Address, and translated into Internet Protocol addresses), abbreviated as IP address (in English: IP Address), is assigned to the Internet Protocol used by Internet users (in English: Internet Protocol, IP ) digital label equipment. Common IPv4 and IPv6 IP address is divided into two categories, but there are other unusual small class
Port port, according to port number information can be transmitted to the appropriate program (process)
Domain Name (English: Domain Name), referred to as domain names, web domain name on the Internet is separated by a series of dots composed of the name of a computer or group of computers for identifying the orientation of the electronic data transmission computer (sometimes also referred to location)
the domain name system (DNS, domain Name System, sometimes also referred to as domain name) is a core Internet services, as a distributed database of domain names and IP addresses can be mapped each other, it can make people more convenient access to the Internet, without having to remember to be IP address of the machine directly read the number of strings.
Example: You can the ping www.baidu.com then receive the following IP reply, you access the IP browser, is to visit www.baidu.com
If the IP address for a house than the port is out of the house door. The real house only a few doors, but a port IP address can have 65536 (ie: 2 ^ 16) as many! Port is marked by port number, port number, only integer in the range from 0 to 65535 (2 ^ 16-1)
No. service port
01 SSH server 22
02 Web server 80
03 the FTP server 21
04 HTTPS 443
Example: General default browser The default for you will add http: // and the: 80 port
⑤SSH client
SSH [-p port] @ remote the User
the User refers to the user name of the remote server, if not specified, it defaults to the current user
remote refers to the address of the remote machine, which can be IP / domain name, or alias
port refers to the SSH Server is listening port, if not specified, the default is 22 port
Tip:
First, use the exit to exit the current user login
two, ssh command is only used in linux or Unix system
III under Windows you need to install PuTTY or Xshell client software
installed Putty for Windows or Xshell try to download the official website, to avoid unnecessary trouble, use the exit to exit
⑤-- additional expansion
.ssh directory SSH configuration information is usually stored in the user's home directory
Free secret login
steps: 1. Configure a public key
execute ssh-keygen to Mr. SSH key, then follow the prompts to press the appropriate key, keep pressing the Enter key to
2, upload the public key to the server
execute ssh-copy-id -p port user @ remote
understanding of the principles: local (id_ras.pub id_rsa public private) server (in the authorized_keys same local public key)
local data using a private key encryption / decryption, the data server using the public key to encrypt / decrypt
a non- symmetric encryption algorithms: two keys - public key (the publickey) and private key (privatekey). Public key and private key are a pair, if the data is encrypted with the public key, only with the corresponding private key can decrypt; if the private key used to encrypt the data, then only with the corresponding public key can decryption. Because the encryption and decryption using two different keys, so this algorithm is called asymmetric encryption algorithm.
Alias configuration
example: instead of XXX using ssh ssh -p port user @ remote
steps of: ~ / .ssh / config inside added:
the Host XXX
the HostName Remote (IP)
the User User
Port 22 is
disposed at an alias may be used not only ssh command, scp command can still use
⑥SCP
abbreviation of secure copy, scp for secure remote file copy based ssh login command linux system
format: ssh with basically the same, but use -P when specifying the port number instead of -p, requires a capital P
1, from the local copy to a remote command format:
scp local file remote username @ remote ip: remote folder
or
scp local file remote username @ remote ip: remote file
or
scp local file remote ip: remote folder
or
scp local remote file ip: remote file
1st, 2nd specifies the user name, and then you will be prompted to enter a password; first a remote directory is specified, the local file will be placed in the directory, file name change, 2 one can change the file name;
the first three or four do not specify a user name, and then you will be prompted to enter a user name and password; third specifies only a remote directory, the local file will be placed in the directory, file name unchanged The first four will change the file name;
2, from the local to the remote copy, the command format:
scp -r local folder username @ remote remote ip: remote folder
or
scp -r local folder remote ip: remote folder
of a user name is specified, then you will be prompted to enter a password;
the first two do not specify a user name, then you will be prompted to enter a user name and password;
3, copied from the remote to the local
copy from remote to local, as long as the copy from the local to the remote command to reverse the order of two parameters, the following examples
scp username @ remote remote ip: remote file local directory
scp remote user name @ remote ip: remote file local file
scp -r username @ remote remote ip: remote directory local directory
Note:
1. If the remote server firewall promising scp command sets the specified port, you need to use -P parameter to set the appropriate port number.
2. Use the scp command to ensure that the remote user has permission to read the file server, or scp command can not achieve the desired effect.
Option Meaning
-r If the source file is a directory given file, scp will copy recursively all directories and files in the directory, and the target file must be a directory name, similar to the cp command
-P port specified for the SSH server No, default is 22, it is necessary to specify capital letters P
⑥FileZilla
transfer files using FTP FileZilla That
can go to the official website: https://www.filezilla.cn/download/client
FTP using an FTP service is not above the SSH service, service port 21
2, rights management
① basic concepts of
Linux permissions is a very important part of the Linux system, want to a file or directory, you must have the appropriate privileges to successfully execute
permissions under Linux file types generally include read, write, execute, correspondence letters r, w, x
size under Linux permissions are owner, the owner of your group and other groups three kinds of
user management including user and group management
Linux file / directory permissions:
No. acronym for digital rights code
01 4 r read the read
02 write W 2 Write
03 performs X. 1 excute the
04 non-privileged - 0
② group
if different users but the same privilege, you can set group permissions, and then the needs of different users the same privileges are added to the group, do not have one by one to set permissions for each user of.
③ls -l displays detailed information about
the command ls -l to see details, left to right:
file type file permissions number of hard links to the file owner name of the user group name File size Time Name
Detailed figure below
Detailed permissions as shown below
④ hard links
popular talk, that is, how many different ways can access to the file / directory
hard links to the file number is generally 1, the number of hard links directory depends on the number of subdirectories, directory hard links a minimum of 2, an access mode is accessed by absolute path to the directory (the root of a level), the second access is through subdirectories run the command cd.,. on behalf of or in the catalog
⑤ modify permissions
chmod can modify the user / group permissions to the file / directory
command format: chmod +/- rwx filename | directory name
Note: Linux system, if the file is an executable file or script file, as long as it executable permissions you can perform direct
format: ./ filename
(Rwx) permissions ⑥ Detailed files and directories
for files in terms of:
® read permissions to allow users to read only the file content
(w) write permission allows the user to modify the file
(x) execute permission allows the user to execute the file identification:
A. for a non-executable files, has (x) execute permission is no sense of
b have if (x) executable permissions on a file, then it is enforceable.
for the purposes of the directory:
® read permission allowed users to read the file name in the directory, the directory can only read the contents of the
(w) write permission allows users to modify the directory (add, delete, move and copy, etc.)
(the X-) execute permission allows the user to find this directory content, and can use the cd into the directory
⑦ super user root
Linux system root is equivalent to the Windows administrator, for system maintenance and management, with all access to all resources of the operating system
is not recommended for direct use root account login system
sudo
su is the abbreviation for substitute user, replacing user identity mean
sudo allows a system administrator to allow ordinary users to perform a tool of some or all of the root command of
the user after using sudo, you must first enter the password, and then have a limited period of 5 minutes, more than you will need to re-enter the password
Note: If an unauthorized user tries to use the sudo command will issue a warning message to the administrator
⑧ Group Management
Tip: Create / Delete group needs to be performed through sudo, do not you do not have permission via sudo to perform
serial command role
01 groupadd group name to add group
02 groupdel group name Delete group
03 cat / etc / group confirmed group information
04 chgrp group file name / directory name belonging group to modify the file / directory
05 chgrp -R group name file / directory name recursively modify the file / directory belonging group (all subdirectories and files in the directory belongs to group all modifications)
⑨ user management
create users, delete users and modify other users' passwords terminal commands require sudo can execute successfully
No. Command Function Description
Adding new group of 01 useradd -m -g users new users automatically create the user's home directory to specify -m -g user's group, otherwise it will default to establish a group of the same name
02 passwd user name user password if an ordinary user, passwd can directly modify their account password
03 userdel -r username the -r option to delete the user will automatically delete the user's home Catalog
04 cat / etc / passwd | grep username after the user confirm the new user information, user information is stored in / etc / passwd file
Note: 1, remember to create a user password to the user
2, create a user if you forget -m add to the user's home directory, you can delete and re-create user
/ etc / passwd file is stored in the user information, cat / etc / passwd | grep username to view information from six colon-separated into seven information, namely,
1, 2 user name, password (x, represents the encrypted password ) 3, UID (user ID) 4, GID (group ID) 5, the local user's full name or account number
6, home directory 7, Shell used to log, i.e. after the login, the terminal command, ubuntu default dash
⑩ view user information
number command role
01 id [user name] View user UID and GID information
02 who view a list of all the currently logged on user
03 whoami view the currently logged on user account name
UID: User ID GID: Group ID
By cat -n / etc / group | grep username can view their own set of permissions which
for example
You can see the account belonging to the group erawalker are above these: adm, cdrom, sudo, dip, plugdev, lpadmin, erawalker, sambashare.
⑪usermod
the usermod can be used to set the user's primary group / Shell additional groups and login
main groups: general when specified at the time the account is created, you do not specify the default group with the same name as the account name in the etc / passwd see the personal user information, the four is the group GID corresponding
additional groups: in the etc / group to view the group information, and finally a list of users expressed the group, additional permissions for the specified user
Note: after setting up an additional group of users, will need to login again take effect!
Format:
Modify the user's primary group (the passwd of GID)
usermod -g group username
Modify additional user groups
usermod -G username
Modify the user login Shell
usermod -s / bin / bash
for example: just want to create a user can use the sudo command can be executed as root, the user name usermod -G sudo
Shell
In computer science, commonly known as Shell shell (to distinguish core), refers to the software (command parser) "provide the user with user interface". It is similar to command.com and cmd.exe later under DOS. It receives user commands, and then calls the appropriate application.
Shell to create a default user default dash, dash high efficiency, faster, and more in line with the POSIX specification; bash it and there are some differences, there are color-coded in bash displays the directory and file, and press ↑ to switch to bash on the command runs, does not support the dash, bash and dash are some differences both have other functions supported
Note: usermod change the user Shell, need to re-login to take effect!
⑫which View user location command
prompt: / etc / passwd file to save user information in
/ usr / bin / passwd program to modify the user's password
For example: which ls ls command to view the directory
bin and sbin
most of the executable file Linux system are stored in / bin, / sbin, / usr / bin, / usr / sbin
/ bin (binary) binaries directory, mainly for specific applications
/ sbin (system binary ) is a system administrator dedicated binary code storage directory, is mainly used for system management
of some programs / usr / bin (user commands for applications) installed in the late
some administrative procedures / usr / sbin (super user commands for applications) super user's
attention : cd command terminal is built into the system kernel, there is no separate file, which therefore can not find
⑬ Switch User
No. Command Function Description
01 su - username to switch users, and change directory - you can switch home directory, without - the current position unchanged
02 exit to exit the current user login
su do not pick a username, you can switch to the root, not recommended because there are security problems
Note: exit at this time will only exit to the user's last login before the user, until there is no 'before the user' up, exit when leaving Shell, for example: I currently account a, I based account a on the execution su to the account B, on the basis of B and performs su to C accounts, perform the exit command at the C account, this time only the exit to the account B, and then execute the exit command, exits the on account A, A account in the implementation of the exit command will exit Shell
⑭ modify the file permissions
number command role
01 chown modify owner
02 chgrp to modify group
03 chmod permissions to modify
the command format:
# modify the file | directory owner
chown username filename | directory names
of directories | # recursively modify file
chgrp -R group filename | directory name
# recursively modify file permissions
chmod -R 755 filename | directory name
When chmod to set permissions, it can be used as the above three figures represent respectively the owner / group and permissions for other users
to read directly modify file / directory / write / execute permissions, but not accurate to the owner / group / other users
chmod + / - rwx filename / directory names
Authority digital correspondence relationship with the following:
Combined with the most common number (u represents a user / g for group / o represent other users),
777 ==> U = rwx, G = rwx, rwx O =
755 ==> U = rwx, G = RX, RX O =
644 ==> u = rw, g = r, o = r
