Account and permission management of Linux

catalogue

1, System member composition

        1.1 super user

        1.2 ordinary users

        1.3 program users

        1.4 user account file

        1.5 save user information

        1.6 adding users

          1.7 changing user password

        1.8 modify existing user attributes

        2, Group account configuration  

        2.1 concept of group

        two point two   Add group account

        2.3 add group account

        2.4 delete group account

        2.5 query account information

        2.6 file permissions

        3, Summary

1, System member composition

        1.1 super user

         Root exists in UNIX systems (such as AIX and BSD) and UNIX like systems (such as Debian, Redhat, Ubuntu and other Linux systems and Android systems). The super user is generally named root, which is equivalent to the system user in Windows system. Root is the only super user in the system and has all permissions in the system, such as starting or stopping a process, deleting or adding users, adding or disabling hardware, etc. The uid number can be used to distinguish permissions, and the super user uid number   0

        1.2 ordinary users

         As opposed to super users, ordinary users have certain permissions.

         System user uid No.:
        CentOS5, 6 : 1 ~ 499
        CentOS7 : 1 ~ 999

        1.3 program users

        The authority is lower than that of ordinary users. They can only operate in the program and cannot access users outside the program.

         Common user uid No.:
        CentOS5,6 : 500 ~ 65535
        CentOS7 : 1000 ~ 65535

        1.4 user account file

        File location: / etc/passwd

          For example: root:x:0:0:root:/root:/bin/bash

        Explanation corresponding to each paragraph: user account name + password placeholder + UID number of account + account of basic group + user name + host name + default environment (/ sbin/nologin, / bin/false are unable to log in)

        1.5 save user information

        File location: / etc/shadow           For example: root: $6 $gawjxnqogwpddiwa $lw6dsepqsnyphodl6piq.g3d5/vrooxsdxv64fe78n0mrndtfbrrlrnzxpp1q1rbplhkii4paxahfexrovjff.:: 0:99999:7:::

         Explanation corresponding to each paragraph: user name + string information encrypted by hash algorithm, when it is * and!! If the field is blank, the user cannot log in without a password + time of last password modification + minimum effective days of password + maximum effective days of password + reminder of password expiration in a few days + number of days after password expiration to disable the account + account expiration time + reserved field

        1.6 adding users

        Command format: useradd [options]... User name

-u: Specify uid number
-d: Specify home directory

-e: Specify expiration time

-g: Join a specified group
-G: Additional group
-M: Do not create home directory
-s: Change environment

          For example:

[root@localhost ~]# useradd wei create wei user
[root@localhost ~]# tail -3 /etc/passwd view the users in the last three lines to see if the wei user was created successfully
tcpdump:x:72:72::/:/sbin/nologin
liu:x:1000:1000:liu:/home/liu:/bin/bash
wei:x:1001:1001::/home/wei:/bin/bash
[root@localhost ~]# su wei successfully logged in to wei's account
[wei@localhost root]$ 
[root@localhost ~]# useradd -u 2020 yiyi create yiyi's account uid2020 
[root@localhost ~]# ID ABCD viewing uid
uid=2020(yiyi) gid=2020(yiyi) group=2020(yiyi)
[root@localhost ~]# useradd -d /ky15/ss a2020 create user
[root@localhost ~]# tail -3 /etc/passwd view users in the last three lines
wei:x:1001:1001::/home/wei:/bin/bash
yiyi:x:2020:2020::/home/yiyi:/bin/bash
a2020:x:2021:2021::/ky15/ss:/bin/bash
[root@localhost ~]# useradd -e 2021-9-8 b2021 create an account with the last name b2021 and set the expiration time
[root@localhost ~]# tail -1 /etc/shadow
b2021:!!:18876:0:99999:7::18878: The time is 18876 days since 1970
[root@localhost ~]# 

          1.7 changing user password

        Command format

        passwd [options]... Username

        - d: Clear current password

        - l: Lock user

        - s: Current user status

        - u: Unlock

[root@localhost ~]# passwd wei / / set the password of wei account
 Change user wei Your password.
New password:
Invalid password: the password is a palindrome
 Re enter the new password:
passwd: All authentication tokens have been successfully updated.


[root@localhost ~]# passwd -d wei / / clear the password of wei account
 Clear user's password wei. 
passwd: Operation succeeded


[root@localhost ~]# passwd -S wei / / view the password of wei's account
wei NP 2021-09-06 0 99999 7 -1 (The password is empty.) 


[root@localhost ~]# passwd -l wei / / lock the password of wei account
 Lock user wei Your password.
passwd: Operation succeeded

[root@localhost ~]# passwd -u wei / / unlock the password of wei account
 Unlock user wei Your password.
passwd: Warning: unlocked passwords will be empty.
passwd: Unsafe operation(use -f Parameter to force the operation)

        1.8 modify existing user attributes

         Command format

        usermod [options]... User name

        - l: Modified name (write the changed name first and then the original name)

        - 50: L ock user

        - U: Unlock user

[root@localhost ~]# usermod -l b2020 a2020 modify user a2020 to b2020
[root@localhost ~]# tail -6 /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
liu:x:1000:1000:liu:/home/liu:/bin/bash
wei:x:1001:1001::/home/wei:/bin/bash
yiyi:x:2020:2020::/home/yiyi:/bin/bash
b2021:x:2022:2022::/home/b2021:/bin/bash
b2020:x:2021:2021::/ky15/ss:/bin/bash
[root@localhost ~]# 

        1.9 delete user

         Command format

         userdel [options] user name

        Common options

        - r: Delete with host directory

[root@localhost ~]# userdel b2021 / / delete user b2021
[root@localhost ~]# ls -a /home / / the user has been deleted, but the file remains
.  ..  b2021  liu  wei  yiyi
[root@localhost ~]# su b2021 / / log in to b2021
su: user b2021 does not exist  // User b2021 does not exist
[root@localhost ~]# 

        2, Group account configuration  

        2.1 concept of group

        Basic group: primary group: also known as primary group, first group or initial login group. It is the user's default group and the group identified by the user's gid( Private group)

        Additional group: subsidiary group: also known as Secondary group or supplementary group, the user's additional group( Public group)

        two point two   Add group account

         Command format

        groupadd[-g GID] group account

        Group account file location

        / etc/group: save the basic information of the account

        / etc/ashadow: save the password information of the group information

[root@localhost ~]# groupadd -g 1500 pupu creates a pupu group with group number 1500
[root@localhost ~]# tail -6 /etc/group
tcpdump:x:72:
liu:x:1000:liu
wei:x:1001:
yiyi:x:2020:
a2020:x:2021:
pupu:x:1500:
[root@localhost ~]# 

        2.3 add group account

        Command format

        groupwd   Group account name

        Common commands

        - a: Add users to a group

        - d: Remove a user from the group

        - M: Custom group members, separated by commas

[root@localhost ~]# gpasswd -a wei pupu
 Transferring user“ wei"Add to“ pupu"Group
[root@localhost ~]# 

        2.4 delete group account

        Command format

        groupdel group account name

[root@localhost ~]# groupdel pupu
[root@localhost ~]# tail -6 /etc/group
sshd:x:74:
tcpdump:x:72:
liu:x:1000:liu
wei:x:1001:
yiyi:x:2020:
a2020:x:2021:
[root@localhost ~]# 

        2.5 query account information

        Command format

        finger [user name]

        Common options

        w: View current account information

        who: view all users currently logged in to the system

        User: current user

[root@localhost ~]# w
 19:51:57 up 14:18,  3 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     :0       :0               Vi. 15   ?xdm?   4:09   0.19s /usr/libexec/gnome-session-binary --session gnome-classic
root     pts/0    :0               Vi. 15    2days  0.09s  0.09s bash
root     pts/2    192.168.26.1     17:28    5.00s  0.38s  0.02s w
[root@localhost ~]# 



[root@localhost ~]#  who
root     :0           2021-09-04 15:58 (:0)
root     pts/0        2021-09-04 15:59 (:0)
root     pts/2        2021-09-06 17:28 (192.168.26.1)


[root@localhost ~]# users
root root root
[root@localhost ~]# 

        2.6 file permissions

[root@localhost ~]# ll
 Total consumption 8
-rw-------. 1 root root 1600 9 April 00:41 anaconda-ks.cfg
-rw-r--r--. 1 root root 1808 9 April 00:42 initial-setup-ks.cfg
drwxr-xr-x. 4 root root   82 9 June 18:50 ky15
drwxr-xr-x. 2 root root    6 9 April 00:43 public
drwxr-xr-x. 2 root root    6 9 April 00:43 Template
drwxr-xr-x. 2 root root    6 9 April 00:43 video
drwxr-xr-x. 2 root root    6 9 April 00:43 picture
drwxr-xr-x. 2 root root    6 9 April 00:43 file
drwxr-xr-x. 2 root root    6 9 April 00:43 download
drwxr-xr-x. 2 root root    6 9 April 00:43 music
drwxr-xr-x. 2 root root    6 9 April 00:43 desktop
[root@localhost ~]# 

        The first letter in the first line of the previous paragraph indicates the file attribute. r: indicates that the file can be read and viewed, w: indicates that the file can be written and modified, and x: indicates that the file can be executed.

        For example: drwxr-xr-x. 4 root   82 September   6 18:50 ky15

        The first segment: the file owner, the second segment: the group to which the file belongs, and the third segment: other users

        2.7 setting permissions for files and directories

        Command format

        chmod[u,g,o,u][+,-,=][r,w,x]

        u: Owner, g: group, o: other users, a: all users

        +,-,=: It means adding and removing permissions respectively.

        Common options

        - R: Recursively modify the files in the specified directory

[root@localhost ky15]# chmod +rwx 1.txt
[root@localhost ky15]# ll
 Total consumption 8
-rwxr-xr-x. 1 root root 120 9 April 3:36 1.txt
-rw-r--r--. 1 root root   0 9 April 2:40 2.txt
-rw-r--r--. 1 root root 110 9 June 14:18 3.txt
-rw-r--r--. 1 root root   0 9 April 2:40 4.txt
drwxr-xr-x. 2 root root   6 9 April 3:33 passwd
drwxr-xr-x. 2 root root   6 9 June 18:50 ss
[root@localhost ky15]# 

        3, Summary

        Understand the user composition of the system, use commands to manage the security of accounts, and the creation and deletion of group members.

Tags: Linux html5

Posted on Mon, 06 Sep 2021 18:01:22 -0400 by bedted