Linux as the concept of a multi-user multi-tasking operating system, in daily use will inevitably be carved out a role for the management and use of computers, this role is associated with every computer user, call this role in Linux user. In every computer user in the process, and there must be restricted to limited use of computer resources, the operating system must provide a way to ensure that each user independent, rational use of computers.
First, the user and user group management
Basic concepts (a) users and groups
User: refers to the user's computer. Computer recognized user ID (UID, user id) logo.
User groups: users container for multiple users into a single logical components. Computer recognized user group ID (GID, group id) logo.
UID and GID: all 16-bit binary number in the range 0-65535, a total of 2 ^ 16 = 65536.
(1) administrator user: known as root, UID is 0.
(2) system users: to provide services for the system running non-login-based user, UID from the range 1-999 are allocated.
(3) login: The real use of ordinary computer users, UID allocated from 500-60000.
Group Category: Linux system user group can be divided in three ways:
1, similar to the user's classification
(1) Administrator Group: Administrator's group, GID is 0.
(2) System User Group: User's group, GID 1-999.
(3) user group login: login user's group, GID is 1000-60000.
2. From the user perspective Categories
(1) the user's basic groups: the primary group for each user.
(2) additional user group: each user to join other groups.
3, starting from the perspective of the user group classification
(1) Private groups: group name and user names, and only one user.
(2) Public groups: group name contains multiple users.
Authentication information: user name and password information and information provided by the user when landing than previously stored are the same to authenticate the user.
Linux then follow the "everything is a file," the philosophy, the authentication information is also saved in the file. We come to know three files are / etc / passwd, / etc / group and / etc / shadow, these three files are saved user information, group information and password information when a user login is through comparison these three file information to implement authentication Next, we explain the contents of these three file formats.
(1) / etc / passwd file Field Description
name: password: UID: GID: GECOS: directory: shell
. A name: user name
. B password: password can be encrypted, it can be a placeholder x:
. C UID: User ID
d GID:. Basic user belongs to the group ID
e GECOS:. Alternatively, the user's annotations
f directory:. the user's home directory
g shell:. The default shell user (landing)
(2) / etc / shadow file Field Description
. A name: the user name.
b $ encryption $ salt $ encrypted password:. salt called impurities, added encryption.
. C last modified password: Indicates the number of days from January 1, 1970 (unix year) begins; 0 indicates you should change the password at next logon; empty field indicates that the function is disabled.
d Minimum Term: From start to change your password, you can change the next number of days after the password.
. E maximum age: change the password from the beginning, the number of days may lawfully use this password.
f Warning Term: Before the maximum use period has expired, the number of days warning Passwords should be changed.
g inactive Term: After the longest period of use, this password can also be used for some time.
h Account expiration period: since 1970 the number of days the account can be used.
i. Reserved field
(3) / etc / group File Field Description
group_name: password: GID: user_list
. A group_name: User group name
. B passwd: group password
. C GID: user group ID
. D user_list: to the group for its users to attach a list of groups of users;
(B) users and user group management related commands
Command Overview: useradd, userdel, usermod, passwd, groupadd, groupdel, groupmod, gpasswd, chage, id, su, chown, chgrp
1, groupadd Add Group
Using the format: groupadd [options] group
-g, - gid GID specified GID; if not specified, the default is on an existing group GID plus 1
-r, --system create a system group
# Group add mygroup
# Groupadd -r mygroup
2, groupmod Modify Group Properties
Using the format: groupmod [options] GROUP
-g GID: Modify GID
-n new_name: Modify Group name
# Groupmod -g 1002 mygroup
# Groupmod -n mynewgroup mygroup
3, groupdel delete group
Using the format: groupdel [options] group
# Groupdel mynewgroup
4, useradd create user
Using the format: useradd [options] LOGIN
-u, - uid UID: Specifies the UID;
-g, - gid GROUP: Specifies basic group ID, this group requires a pre-existing
-G, --groupsGROUP1 [, GROUP2, ... [, GROUPN]]]: specify additional groups the user belongs to, the plurality of groups
Separated by commas between
-c, - comment COMMENT: Note the information specified
-d, - homeHOME_DIR: to specify a path for the user's home directory; by copying / etc / skel directory and this
Rename to achieve: the specified pre-existing home directory path, it will not copy the user environment configuration file;
-s, - shell SHELL: Specifies the user's default shell, shell and all available list is stored in / etc / shells file
-r, - system: Create a system user;
-M Do not create the user's home directory
The number of days after the password expiration using the -f, 0 disables, -1 means never disabled
-D Displays the default setting to create a user
Note: many created by default user settings file in /etc/login.defs
# Useradd myuser
5, usermod Change User Properties
Using the format: usermod [options] LOGIN
-u, - uid UID: Modify User ID
-g, - gid GROUP modify the basic group the user belongs,
-G, --groups GROUP1 [, GROUP2, ... [, GROUPN]]]: modify additional groups the user belongs to; the original
Additional groups will be overwritten
-a, - append: used with -G, for a user to add a new additional groups;
-c, - comment COMMENT: Modify annotations
-d, - home HOME_DIR: modify the user's home directory, the user's original file will not be transferred to a new position;
-m, - move-home: only be used with -d, for the user's home directory to a new location
-l, - login LOGIN: modify the user login name
-s, - shell SHELL: Modify the user's default shell
-L, - Lock: Lock user password
-U, - Unclock: unlock the user's password;
# Myuser user's home directory is changed to / tmp / home / user, and the original user profile change, and change the user's default shell to tcsh
# Usermod -s / bin / tcsh -d / tmp / home / user -m myuser
6, userdel Delete user
Using the format: userdel [option] login
When -r delete users, also delete their home directory
Note: When you delete a user, the basic group will be deleted.
# Delete user myuser
# Userdel myuser
7, passwd password management
Using the format: passwd [-k] [-l] [- u [-f]] [-d] [-e] [-n mindays] [-x maxdays] [-w warndays] [-i
inactivedays] [-S] [- stdin] [username]
(1) passwd: Modify the user's own password
(2) passwd USERNAME: Modify the specified user's password, but only the root user has this right, and do not need to know
-l, -u: Lock and unlock users
-d: clear the user password string
-e DATE: set the expiration period;
-i DAYS: inactive period;
-n DAYS: minimum password lifetime
Maximum age password: -x DAYS
-w DAYS: Warning Term
--stdin: Enter the password to read from standard.
Usually so used in the script: echo "PASSWORD" | passwd - stdin USENAME
# Change User user password
# Passwd myuser
8, gpasswd: Change a group password
Using the format: gpasswd [option] group
-a USERNAME: add a user to a group
-d USERNAME: Remove users from a group
# Change user group password
# Gpasswd mygroup
# User myuser add mygroup groups that make mygroup become myuser additional groups.
# Gpasswd myuser
9, chage change the password expiration information
Using the format: chage [options] LOGIN
-d: Change the password last modified duration
-E: Change the account expiration period
-I: Change Password inactivity period
-W: Change warning period
-m: Change the minimum password age
-M: Change the maximum password age
10, id show real and effective user id information
Using the format: id [OPTION] ... [USER]
id: to show their ID information
-u: Show only active UID
-g: Show only active basic group ID
-G: Displays all groups the user belongs to ID
-n: Do not show ID and display name (with option ID shown above together with)
11, su switch user
Switching landing: rereads the target user's configuration file to re-initialize
Non-landing type switch: Target does not read the user's configuration file to initialize
-c 'COMMAND': only the specified user to run the command specified here
Note: The administrator password can not switch to any other users; non-administrators must be given the target user's login password
12, chown change file owner or group of the genus or the owner and group
Using the format: chown [OPTION] ... [OWNER] [: |. [GROUP]] FILE ...
You can use the OWNER: GROUP or OWNER.GROUP
chown [OPTION] ... --reference = RFILE FILE ...
-R, - Recursive: recursive modification
Note: You can only modify the owner for his permission to those
# File file1 is a group and change the owner and myuser mygroup
# Chown myuser: mygroup file1
13, chgrp only changes is a group
Using the format: chgrp [OPTION] ... GROUP FILE ...
chgrp [OPTION] ... --reference = RFILE FILE ...
Second, rights management
Basic concepts (a) permission
We can use the ls -l command to view a file to understand the authority embodied in Linux
# Ls -l / etc / passwd
-rw-r -. r-- 1 root root 2093 12 Yue 16 17:36 / etc / passwd
Note the front there are ten, the first is the file type, and the remaining nine is the permission bits, each for a group of three, respectively, file owner, is a group, and other permissions.
(2) the process of access to the file application model:
Whether the inspection process is the main owner of the file is the same; if the same, then the application owner permissions; otherwise, it checks whether the process
Whether belonging to the genus group is the main document; if it is, the application is a group permissions Otherwise, you can only apply other permissions;
(3) Category permissions:
r, w, x (read read, write write, execute excute)
(4) rights management command
Using the format:
chmod [OPTION] ... MODE [, MODE] ... FILE ...
chmod [OPTION] ... OCTAL-MODE FILE ...
chmod [OPTION] ... --reference = RFILE FILE ...
Three types of users
g: is a group
a. chmod [OPTION] ... MODE [, MODE] ... FILE ...
Empowering notation: flexible combination, a class of users operating a direct ownership limit
u = MODE, g = MODE, o = MODE, a = MODE, also can ug = MODE
Authorized representation: Direct operating a class permission bits and multiple users, to a fine
u +, u-
g +, g-
o +, o-
a +, a-
Note: + w global write very dangerous, so this command is only valid for the owner
b. chmod [OPTION] ... OCTAL-MODE FILE ...
Octal permission bits give the whole (at least three octal)
Note: If it is three or less, the right position is valid, the result is likely not what you expect
c. chmod [OPTION] ... --reference = RFILE FILE ...
References modifications, based on a reference file to modify the file permissions
-R, - Recursive: recursive modification
Note: This caution (particular attention is given execute permissions to the files in the directory will be very dangerous
risk! ! ! )
# File1 to the owner and group together with write permissions
# Chmod u + w, g + w file1
# Chmod ug + w file1
# File1 to the owner and group are given permission to write
# Chmod 220 file1