Shulou(Shulou.com)06/03 Report--

Attributes and permissions of Linux users and groups

The structure of this chapter

1. Overview of user accounts and group accounts

two。 User account and group account management

3. Query account information

4. View the properties of a directory or file

5. Set permissions for a directory or file

6. Set the attribution of a directory or file

Preface

Everything is a file in linux (folders and hardware devices are special files), and try to use text files if possible. Text files are documents that people and machines can understand, and they also become the best way for people and machines to communicate. Since all configuration files are text, you only need the simplest editor to modify them. Because it is so easy to modify text files, the Linux system itself must be standardized. This leads to the concepts of users (groups) and permissions. The introduction of these two concepts ensures the security of Linux perfectly without adding complexity. Because everything is a file. So Linux introduces three files to manage users (groups), / etc/passwd stores user information, / etc/shadow stores user password information, / etc/group stores group information, and then adds the relationship information between users and files in the header of each file in the file system.

I. View the information of users and groups

1. Users: under Linux, users are divided into three categories: superusers (root), ordinary users and program users.

Super user: UID=0

Program user: Rhel5/6,UID=1-499; Rhel7,UID=1-999

Ordinary users: Rhel5/6,UID=500-65535; Rhel7,UID=1000-60000

There is only one superuser, and it cannot be replaced!

Anonymous user (nobody): the one with the least privileges among ordinary users

two。 Groups: a collection of user permissions is called a group

Private group: created with the creation of the user, with the same name as the user

Common group: the additional group creates an empty group directly. You can add existing users and set permissions to the group. All users in this group have this permission.

3.UID and GID: identification numbers of users and groups, with uniqueness

4. User account file / etc/passwd: save basic information such as user name, host directory, login shell, etc.

User account file / etc/shadow: save the user's password, account validity and other information

Add user account useradd

-u: specify UID

-d: create a home directory to specify a location

-e: specify failure time

-g: specify the basic group

-G: specify a common group

-M: do not create a home directory

-s: specifies that you can log in from a shell terminal

Users cannot log in directly and be switched to login in sbin/nologin status

Users cannot log in directly when they are locked out. You can switch logins from root users.

Passwd command

-l: lock the account

-u: unlock the account

-d: clear the account

-S: check whether the account is locked

If you do not specify a user name, it is the password of the current account!

Usermod modifies the attributes of a user account

-u: specify UID

-d: create a home directory to specify a location

-e: specify failure time

-g: specify the basic group

-G: specify a common group

-M: do not create a home directory

-s: specifies that you can log in from a shell terminal

-L: lock

-U: unlock

Userdel deletes a user account

-r delete the user's host directory as well

The initial configuration file of the user account

When creating a new account, copy it from the / etc/skel directory

Primary user initial profile

~ / .bash_prolile

~ / .bashrc

~ / .bash_logout

Hide Fil

The profile environment variable is loaded when it enters bash.

Bashrc will be loaded without entering bash

Group account file

/ etc/group: save the basic information of group account

/ etc/gshadow: save the password information of the group account

Groupadd: add a group account

Gpasswd: add and remove group members command

Gpasswd-a: add a user to the group

Gpasswd-d: removes a user from the group

Gpasswd-M: defines a list of members within a group, separated by commas

Groupdel: delete group account

Query account information

Groups queries the group to which the user belongs

Id queries user identity

W, who, user commands: query the information of users logged in to the host

II. Authority and attribution of files and directories

1. Access permission

1) read r: allow you to view file contents and display directory lists

2) write w: allows you to modify the contents of the file and to create, move or delete files or subdirectories in the directory

3) Executable x: allows you to run programs and change directories

two。 Ownership (ownership)

1) owner: a user account with a modified file or directory

2) Group: the group account that owns the file or directory

-rwxr-xr-x. 1 root root 5343 August 2 2017 znew

Data file

D directory

L connection file

C device file (character)

B block device file

Rwx RMIX RMIX permissions

Rwx belongs to primary permissions (can read, write and execute)

Rmurx belongs to the group permission (can read or write can be executed)

RMurx owner permission other other (can read or write can be executed)

Root owner

Root genus group

5343 size units: bytes

August 2 2017 creation time

Ordinary data files cannot be executed, the highest permission is 666, the highest permission of the folder is 777

Set permissions for files and directories chmod

Chmod command

Chmod [ugoa] [+-=] [rwx] file or directory or chmod nnn file or directory

U, g, o, a represent owner, group, other users and all users, respectively.

+, -, and = indicate how to home, remove, and set permissions, respectively.

Nnn represents a 3-digit octal number

Common option

-R: recursively modify the permissions of all subitems under the specified directory

Set the home chown of files and directories

Chown command

Chown command

Chown master file or directory

Chown: a group file or directory

Chown owner: group file or directory or chown owner. Group file or directory

Common option

-R: recursively modify the attribution of all files and subdirectories under the specified directory

Permission mask umask

Umask action

Control permissions for newly created files or directories

The default permission removes the permission of umask to the permission of the newly created file or directory

Umask setting: umask 022

Umask View: umask

Example

Set umask to 000, create a new directory or file, and view permissions

Set umask to 022, create a new directory or file, and then check the permissions

Summary

Linux user and group permissions to manage, the content is not much, but there are a few new commands that we need to remember. It is important to note that when you use the gpasswd-M command to add users to a group, it will overwrite the users in the original group, so it is best to use this command under an empty group. Generally, we use gpasswd-a to add users one by one to avoid some unnecessary trouble. The second point is to pay attention to the use of chomd nnn in the permissions and attribution of files and directories.

Set permissions for users and groups in an easy way.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.