Shulou(Shulou.com)06/02 Report--

[TOC]

Introduction: account and rights management theory 1: Overview of user accounts and group accounts 1.1:linux controls resource access based on user identity

User account number

Superuser (root, irreplaceable) ordinary user (create by yourself, take a user name) program user (people cannot log in, it is for the program to work properly) anonymous user (nobody of windows's guest,linux, the lowest privilege user among ordinary users)

Group account (collection of user permissions)

Basic group (private group, created with the user's creation, with the same name as the user) additional group (public group, create an empty group directly, you can add existing users and set relevant permissions to the group, all users in this group have this right)

UID and GID (label, identification number)

UID (User IDentity, user identification number)

GID (group IDentify, group identification number)

Second, user account and group account management 2.1: user account file / etc/passwd

Save basic information such as user name, host directory, login Shell, etc.

File location: / tec/passwd, each line corresponds to a user's account record

Account records are separated by colons

User account: user name

Password placeholder: an attribute that indicates that there is a password and does not play a role in the number and content of passwords

User account ID: UID

Group account ID:GID,GID basically refers to private group, and its name is basically the same as UID.

User description: descriptive information

Host directory: home directory

Login to shell: can you log in to the system? / bin/bash / sbin/bash is possible / sbin/nologin cannot log in artificially.

User account file / etc/shadow

Shadow files, shadow, password records are interpreted in corresponding format, separated by colons

User name: password is encrypted: 14374 days have elapsed since the birthday of 1970.1.1: 0 represents the shortest term of use of the password, and represents that the password can be changed at any time: 99999 represents the longest term of use of the password: 7 represents that you will be reminded to change the password 7 days in advance: there is also an expiration time. After 99999 days, how many days will the account expire?

BINRRIN: BINGRAPHY ,!! It means unable to log in.

2.2: add user account useradd

-u specify UID

-d specify home directory

-e specify the failure time. You can use the year-month-day format.

-g specifies the basic group

-G specifies an additional group (the group must already exist)

-M specifies that the home directory is not created

-s specifies whether login from shell is allowed

2.3 set / change user password passwd

-d clear password

-l refers to the password for locking accounts.

-u means to unlock the account password

-S to see if the user's current status is locked

Vim / etc/passwd

Uid serial number:

Serial number user 0root1-999 Program user 1000-60000 ordinary user 99nobody Anonymous user

Modify the parameters in passwd and lisi can log in.

Passwd-l locks the user password, the login side of the local graphical interface cannot log in, but the character interface can log in, (high-authority users switch to Li Si user)

/ sbin/nologin users cannot log in directly and be switched to login

System is the most privileged user, but cannot log in artificially

If the user name is not specified after the passwd, the current password is changed, that is, the default user name is the current user.

2.4 modify the attributes of a user's account usermod

-u: modify the user's UID number

-d: modify the user's home directory

-e: modify the expiration time of the user's account

-s: specifies the login shell of the user

-l change the login name of the user account

-L lock user account

-U unlock user account

2.5 Delete user account userdel

-l details-d path to this directory

2.6 initial configuration file for user account

To hide the existence of the file

~ / .bash_profile specifies the environment variable, and the parameters are loaded every time you log in to shell

~ / .bashrc will be loaded when the user logs in

~ / .bash_logout means that it will work when you log out

2.8 groups of account files

2.9 add group account groupadd

-g specify groups GID groups are also sorted from 1000

2.10 add and delete group member gpasswd

-M Multi-user add

-- stdin standard input, no interaction

If you add a member with M, the group will be overwritten, covering all the previous users

-a will not be covered, which is equivalent to an additional meaning

Delete can only be deleted one by one.

2.A: delete the group account groupdel

Three: query account information 3.1:groups command

Query the group to which the user belongs

Groups [user name] 3.2:id command

Query user identity

Id [user name] 3.3:finger

Query the details of user accounts

Finger [user name] 3.4 users command

Query user information that is logged in to the host

W who users3.5: lastb

Query historical user login records

Lastb

IV: view the attributes of a directory or file 4.1: permissions and attribution of a file / directory

Under the file type file, it also contains a subfile, size, date, type

The first character represents the file type (- data file) d directory l link file c character device file (control input and output) b block device file (control storage)

Authority, three groups, divided into three parts, respectively, the owner, the group, the owner

The first piece that represents the most permissions of the owner is rwx.

The second block is the group permission rw- can read and write can not execute rmurx can write can not execute

The third piece rmuri-owner permissions, other other rmures-read-only permissions

1 sub-file, oneself

Root owner

Root genus group

513 size units: bytes

11yue 5 2016 creation time

This item as a whole is called meta-information.

Five: permission to view directories or files

Maximum permissions for data files 666

Directory maximum permission 777

Create 755 or 644 or 700.600 by default.

Set permissions for files and directories chmod

Six: check the ownership settings of directories or files and the ownership chown of files and directories

Change to be used by the main group. Separation is also possible.

Permission mask umask

Focus on understanding

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.