Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ User rights management system under Linux     - How do I upgrade to Ubuntu 15.04 (Beta) (Linux)

- Based on Python: OpenCV simple image manipulation (Programming)

- SQL Beginner Guide (Database)

- php for Linux the MySQL extension module installation and configuration (Database)

- Use Mop monitor stock prices at the Linux command line (Linux)

- Installation Android IDE development tools, Android Studio 1.5 under Ubuntu (Linux)

- Practical top command (Linux)

- CentOS 7.0 Close firewall is enabled by default iptables firewall (Linux)

- Ubuntu 15.10 / 14.04 install subtitling software Aegisub (Linux)

- Why use Docker (Programming)

- Java implementation chain store binary search tree (recursive method) (Programming)

- C ++ thread creates transmission parameters are changed (Programming)

- Binary search -Java achieve (Programming)

- OpenNMS separate database (Server)

- 20 open source / commercial Linux server management control panel (Server)

- Linux system security settings (Linux)

- Use Aptik Battery Monitor monitoring Ubuntu laptop battery usage (Linux)

- Iptables Instructions (Linux)

- JQuery implements the same content merge cells (Programming)

- Source install Python3.4 on CentOS (Linux)

  User rights management system under Linux
  Add Date : 2018-11-21      
  Linux as the concept of a multi-user multi-tasking operating system, in daily use will inevitably be carved out a role for the management and use of computers, this role is associated with every computer user, call this role in Linux user. In every computer user in the process, and there must be restricted to limited use of computer resources, the operating system must provide a way to ensure that each user independent, rational use of computers.

First, the user and user group management

Basic concepts (a) users and groups

User: refers to the user's computer. Computer recognized user ID (UID, user id) logo.

User groups: users container for multiple users into a single logical components. Computer recognized user group ID (GID, group id) logo.

UID and GID: all 16-bit binary number in the range 0-65535, a total of 2 ^ 16 = 65536.

User Category:

(1) administrator user: known as root, UID is 0.

(2) system users: to provide services for the system running non-login-based user, UID from the range 1-999 are allocated.

(3) login: The real use of ordinary computer users, UID allocated from 500-60000.

Group Category: Linux system user group can be divided in three ways:

1, similar to the user's classification

(1) Administrator Group: Administrator's group, GID is 0.

(2) System User Group: User's group, GID 1-999.

(3) user group login: login user's group, GID is 1000-60000.

2. From the user perspective Categories

(1) the user's basic groups: the primary group for each user.

(2) additional user group: each user to join other groups.

3, starting from the perspective of the user group classification

(1) Private groups: group name and user names, and only one user.

(2) Public groups: group name contains multiple users.

Authentication information: user name and password information and information provided by the user when landing than previously stored are the same to authenticate the user.

Linux then follow the "everything is a file," the philosophy, the authentication information is also saved in the file. We come to know three files are / etc / passwd, / etc / group and / etc / shadow, these three files are saved user information, group information and password information when a user login is through comparison these three file information to implement authentication Next, we explain the contents of these three file formats.

(1) / etc / passwd file Field Description

name: password: UID: GID: GECOS: directory: shell

. A name: user name

. B password: password can be encrypted, it can be a placeholder x:

. C UID: User ID

d GID:. Basic user belongs to the group ID

e GECOS:. Alternatively, the user's annotations

f directory:. the user's home directory

g shell:. The default shell user (landing)

(2) / etc / shadow file Field Description

. A name: the user name.

b $ encryption $ salt $ encrypted password:. salt called impurities, added encryption.

. C last modified password: Indicates the number of days from January 1, 1970 (unix year) begins; 0 indicates you should change the password at next logon; empty field indicates that the function is disabled.

d Minimum Term: From start to change your password, you can change the next number of days after the password.

. E maximum age: change the password from the beginning, the number of days may lawfully use this password.

f Warning Term: Before the maximum use period has expired, the number of days warning Passwords should be changed.

g inactive Term: After the longest period of use, this password can also be used for some time.

h Account expiration period: since 1970 the number of days the account can be used.

i. Reserved field

(3) / etc / group File Field Description

group_name: password: GID: user_list

. A group_name: User group name

. B passwd: group password

. C GID: user group ID

. D user_list: to the group for its users to attach a list of groups of users;

(B) users and user group management related commands

Command Overview: useradd, userdel, usermod, passwd, groupadd, groupdel, groupmod, gpasswd, chage, id, su, chown, chgrp

1, groupadd Add Group

Using the format: groupadd [options] group

-g, - gid GID specified GID; if not specified, the default is on an existing group GID plus 1

-r, --system create a system group

# Group add mygroup

# Groupadd -r mygroup

2, groupmod Modify Group Properties

Using the format: groupmod [options] GROUP

-g GID: Modify GID

-n new_name: Modify Group name

# Groupmod -g 1002 mygroup

# Groupmod -n mynewgroup mygroup

3, groupdel delete group

Using the format: groupdel [options] group

# Groupdel mynewgroup

4, useradd create user

Using the format: useradd [options] LOGIN

-u, - uid UID: Specifies the UID;

-g, - gid GROUP: Specifies basic group ID, this group requires a pre-existing

-G, --groupsGROUP1 [, GROUP2, ... [, GROUPN]]]: specify additional groups the user belongs to, the plurality of groups

Separated by commas between

-c, - comment COMMENT: Note the information specified

-d, - homeHOME_DIR: to specify a path for the user's home directory; by copying / etc / skel directory and this

Rename to achieve: the specified pre-existing home directory path, it will not copy the user environment configuration file;

-s, - shell SHELL: Specifies the user's default shell, shell and all available list is stored in / etc / shells file

Among member;

-r, - system: Create a system user;

-M Do not create the user's home directory

The number of days after the password expiration using the -f, 0 disables, -1 means never disabled

-D Displays the default setting to create a user

Note: many created by default user settings file in /etc/login.defs

# Useradd myuser

5, usermod Change User Properties

Using the format: usermod [options] LOGIN

-u, - uid UID: Modify User ID

-g, - gid GROUP modify the basic group the user belongs,

-G, --groups GROUP1 [, GROUP2, ... [, GROUPN]]]: modify additional groups the user belongs to; the original

Additional groups will be overwritten

-a, - append: used with -G, for a user to add a new additional groups;

-c, - comment COMMENT: Modify annotations

-d, - home HOME_DIR: modify the user's home directory, the user's original file will not be transferred to a new position;

-m, - move-home: only be used with -d, for the user's home directory to a new location

-l, - login LOGIN: modify the user login name

-s, - shell SHELL: Modify the user's default shell

-L, - Lock: Lock user password

-U, - Unclock: unlock the user's password;

# Myuser user's home directory is changed to / tmp / home / user, and the original user profile change, and change the user's default shell to tcsh

# Usermod -s / bin / tcsh -d / tmp / home / user -m myuser

6, userdel Delete user

Using the format: userdel [option] login

When -r delete users, also delete their home directory

Note: When you delete a user, the basic group will be deleted.

# Delete user myuser

# Userdel myuser

7, passwd password management

Using the format: passwd [-k] [-l] [- u [-f]] [-d] [-e] [-n mindays] [-x maxdays] [-w warndays] [-i

inactivedays] [-S] [- stdin] [username]

(1) passwd: Modify the user's own password

(2) passwd USERNAME: Modify the specified user's password, but only the root user has this right, and do not need to know

old password;

-l, -u: Lock and unlock users

-d: clear the user password string

-e DATE: set the expiration period;

-i DAYS: inactive period;

-n DAYS: minimum password lifetime

Maximum age password: -x DAYS

-w DAYS: Warning Term

--stdin: Enter the password to read from standard.

Usually so used in the script: echo "PASSWORD" | passwd - stdin USENAME

# Change User user password

# Passwd myuser

8, gpasswd: Change a group password

Using the format: gpasswd [option] group

-a USERNAME: add a user to a group

-d USERNAME: Remove users from a group

# Change user group password

# Gpasswd mygroup

# User myuser add mygroup groups that make mygroup become myuser additional groups.

# Gpasswd myuser

9, chage change the password expiration information

Using the format: chage [options] LOGIN

-d: Change the password last modified duration

-E: Change the account expiration period

-I: Change Password inactivity period

-W: Change warning period

-m: Change the minimum password age

-M: Change the maximum password age

10, id show real and effective user id information

Using the format: id [OPTION] ... [USER]

id: to show their ID information

-u: Show only active UID

-g: Show only active basic group ID

-G: Displays all groups the user belongs to ID

-n: Do not show ID and display name (with option ID shown above together with)

11, su switch user

Switching landing: rereads the target user's configuration file to re-initialize



Non-landing type switch: Target does not read the user's configuration file to initialize


-c 'COMMAND': only the specified user to run the command specified here

Note: The administrator password can not switch to any other users; non-administrators must be given the target user's login password

12, chown change file owner or group of the genus or the owner and group

Using the format: chown [OPTION] ... [OWNER] [: |. [GROUP]] FILE ...

You can use the OWNER: GROUP or OWNER.GROUP

chown [OPTION] ... --reference = RFILE FILE ...


-R, - Recursive: recursive modification

Note: You can only modify the owner for his permission to those

# File file1 is a group and change the owner and myuser mygroup

# Chown myuser: mygroup file1

13, chgrp only changes is a group

Using the format: chgrp [OPTION] ... GROUP FILE ...

chgrp [OPTION] ... --reference = RFILE FILE ...

Second, rights management

Basic concepts (a) permission

(1 Introduction

We can use the ls -l command to view a file to understand the authority embodied in Linux

# Ls -l / etc / passwd

-rw-r -. r-- 1 root root 2093 12 Yue 16 17:36 / etc / passwd

Note the front there are ten, the first is the file type, and the remaining nine is the permission bits, each for a group of three, respectively, file owner, is a group, and other permissions.

(2) the process of access to the file application model:

Whether the inspection process is the main owner of the file is the same; if the same, then the application owner permissions; otherwise, it checks whether the process

Whether belonging to the genus group is the main document; if it is, the application is a group permissions Otherwise, you can only apply other permissions;

(3) Category permissions:

r, w, x (read read, write write, execute excute)

(4) rights management command


Using the format:

chmod [OPTION] ... MODE [, MODE] ... FILE ...

chmod [OPTION] ... OCTAL-MODE FILE ...

chmod [OPTION] ... --reference = RFILE FILE ...

Three types of users

u: owner

g: is a group

o: Other

a: All

a. chmod [OPTION] ... MODE [, MODE] ... FILE ...

MODE notation:

Empowering notation: flexible combination, a class of users operating a direct ownership limit

u = MODE, g = MODE, o = MODE, a = MODE, also can ug = MODE

Authorized representation: Direct operating a class permission bits and multiple users, to a fine

u +, u-

g +, g-

o +, o-

a +, a-

Note: + w global write very dangerous, so this command is only valid for the owner

b. chmod [OPTION] ... OCTAL-MODE FILE ...

Octal permission bits give the whole (at least three octal)

Note: If it is three or less, the right position is valid, the result is likely not what you expect


c. chmod [OPTION] ... --reference = RFILE FILE ...

References modifications, based on a reference file to modify the file permissions


-R, - Recursive: recursive modification

Note: This caution (particular attention is given execute permissions to the files in the directory will be very dangerous

risk! ! ! )

# File1 to the owner and group together with write permissions

# Chmod u + w, g + w file1

# Chmod ug + w file1

# File1 to the owner and group are given permission to write

# Chmod 220 file1
- Subsequent binary search tree traversal sequence (Programming)
- CentOS Linux build SVN server (Server)
- RPM package creation Getting Started (Linux)
- GAMIT learning materials finishing (Linux)
- VMWare virtual machine without rebooting way to add virtual disk (Linux)
- The best tools and techniques to find data on a Unix system (Linux)
- Learning OpenCV: (VS2010-openCV2.4.3-win7 configuration instructions) (Linux)
- How to install Eclipse Luna IDE on CentOS 7 / RHEL 7 (Linux)
- The text formatting tools awk Linux system (Linux)
- Using Linux command line and execute PHP code (Programming)
- To create a problem by the statement date comparison of the difference between MySQL and Oracle (Database)
- How to override the plain text files and directories soft connection in linux (Linux)
- SA weak password security system of the security risks posed (Linux)
- Linux install Eclipse for C / C ++ Development (Linux)
- Linux System Getting Started Learning: Linux common log file (Linux)
- Linux Platform Oracle 11g Single Instance Installation Deployment Configuration Quick Reference (Database)
- Scope of variables in Object-C (Programming)
- Security matters and practical Linux System (Linux)
- Get basic information about Linux server script (Server)
- MySQL IO SSD attempt at optimization (Database)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.