1,User Group
Add user
useradd
-u UID
-o
-g specify GID or group name
-c comment information
-d home directory
-s shell
-G additional group
-r system user
-m home directory, system user
-M does not create home directory, non-system user
newusers file: create users in batches, you need to prepare files in the same format as passwd in advance
chpasswd: batch Modify user password, file format: user name: password
passwd
-l: lock the specified user
-u: unlock the specified user
-e: force Change the password when the user logs in next time
usermod
-u UID
-g GID
-G new additional group -a
-d HOME
-l New Home Directory
-U Unlock
-L Lock
-e YYYY-MM-DD: Specify the expiration date of the user account
--f INACTIVE: Set inactive Deadline
-d DIR: modify home directory
-m: cooperate with -d, modify and move data to new home directory
userdel
-r delete user home directory
id [OPTION]... [USER]
-n: display name, need to be used with ugG
-G: display the ID of the group to which the user belongs
-u UID
-g GID
Switch user mode
su: non-login switch, that is, the target user’s configuration file will not be read, and the current working directory will not be changed.< br /> su -: Login switch, it will read the target user's configuration file, switch to the home directory, switch completely
change modify the password policy
-d LAST_DAY
- E --expiredate EXPIRE_DATE
-I --inactive INACTIVE
-m --mindays MIN_DAYS
-M --maxdays MAX_DAYS
-W --warndays WARN_DAYS
< br /> chage -d 0 tom Mandatory reset password at the next login
chage -m 0 –M 42 –W 14 –I 7 tom
chage -E 2016-09-10 tom
groupadd
-g GID
-r system group
groupmod [option] GROUP
-n group_name: modify group name
-g GID: modify GID
modify file attributes
chown -R recursive
umask
can be used to preserve File permission
The default permission of the newly created file: 666-umask, if there is an execution (odd) permission in the result obtained, its permission will be +1
The default permission of the newly created directory: 777-umask
Unprivileged user umask is 002
root's umask is 022
File permissions:
r: view
w: modify
x: Run
Permissions for the directory:
r: View the list of files in the directory
w: Create and delete files (requires x permissions)
x: cd Enter directory
Special permissions
S UID
SGID
By default, when a user creates a file, its group belongs to the main group that the user belongs to.
Once a directory is set with an SGID, the directory has write permission The file created by the user in this directory belongs to the group belonging to this directory.
Sticky bit
A directory with write permission usually users can delete any file in the directory, regardless of the file
Set the Sticky bit in the directory, and only the owner or root of the file can delete the file.
SUID: user, occupy the owner’s execution permission bit
s: Owned by the owner x permission
S: the owner has no x permission
SGID: group, occupying the execution permission bit of the belonging group
s: group has x permission
S: group does not have x permission
Sticky: other, occupies the execution permission bit of other
t: other has x permission
T: other does not have x permission
file special attributes
chattr +i cannot be deleted, renamed, or changed
chattr +a can only add content
lsattr displays specific attributes
acl access control list
br />
ACL: Access Control List, to achieve flexible authority management
The xfs and ext4 file systems created by default in CentOS7 have ACL functions.
Before CentOS7, the ext4 file system created manually by default has no ACL function, need to be manually added
tune2fs –o acl /dev/sdb1
mount –o acl /dev/sdb1 /mnt/test
ACL effective order: owner>( Custom user>group, custom group)>others
Users outside the brackets will not be affected by mask
mount -o acl /directory
getfacl file |directory
setfacl- mu:wang:rwx file|directory
setfacl -Rm g:sales:rwX directory setfacl -M file.acl file|directory
setfacl -mg:salesgroup:rw file| directory
setfacl -md:u:wang:rx directory
setfacl -xu:wang file |directory
setfacl -X file.acl directory
The default x permissions are given to the directory through ACL, and the files in the directory will not inherit x permissions.
The base ACL cannot be deleted.
setfacl -k dir delete the default ACL permissions
setfacl –b file1 clear all ACL permissions
getfacl file1 | setfacl --set-file=- file2 Copy the acl permissions of file1 to file2
mask only affects The maximum permissions of people and groups except the owner and other
Mask needs to be logically ANDed with the user’s permissions before it can become a limited permission (EffectivePermission)
The user or group must be set It will take effect only if it exists within the scope of the mask permission setting.
setfacl -mmask::rx file
--set option will delete all the original ACL items and replace them with new ones. Note that you must include the UGO settings, you can’t just add ACLs like -m
XFS file system supports ACL by default, and other low-level file systems need to be supported after mounting. Specify when
2, script basis
variable commands
1. Can not use reserved words in the program: such as if, for< br />2. Only numbers, letters and underscores can be used, and cannot start with a number.
3. See the name to know the meaning
4. Uniform naming rules: camel case nomenclature
Suggested rules for naming in Shell:
1, uppercase variable names
2, lowercase local variables
3, lowercase function names
4, use English names, and reflect the actual effect
According to the effective scope of the variable and other criteria, divide the following variable types
Local variables: The effective scope is the current shell process; for other shell processes outside the current shell,
package Subshell processes including the current shell are invalid.
Environmental variables: the effective range is the current shell process and its subprocesses.
Local variables: the effective range is a code fragment in the current shell process, usually referring to functions
Location variable: $1, $2, ... to indicate that it is used to allow the script to call in the script code and pass the parameters passed to it through the command line
special variables: $?, $0, $* , [email protected], $#,$$
$$ The pid of the shell itself, the current process ID
$! The last background processes pid of the shell running
< br /> set
-e: If a command returns a non-zero exit status value (failure), exit. ?
?????? -n: No need to execute the script, just check the grammatical structure, and return all grammatical error messages. ??????
? -u: Treat unset variables as errors during replacement. ????
?? ?-v: When reading shell input lines, display them. ?????
? -x: When executing a command, display the commands and their parameters
Variable assignment: name=’value’
You can use the reference value
(1) It can be a direct string: name=”root”
(2) Variable reference: name=”$USER”
(3) Command reference: name=COMMAND
name=$(COMMAND)
Variable reference: ${name} or $name
" "Weak reference, the variable reference will be replaced with the variable value
' 'Strong Reference, the variable reference will not be replaced with the variable value, but keep the original string
Display all the defined variables: set
Delete variable: unset name
Read only Variables: can only be declared, but cannot be modified or deleted
Declare read-only variables:
readonly name
declare -r name
View read-only variables:
readonly -p
Variable scope
local
export global
New subshell running script
source script execution, in this sehll
< p>Command line extension
$() or “
Declare variables
readonly name
declare -r name
-i integer
– x environment variable
readonly -p
Unset variable
unset var
unset -f function name
location variable
Exit code
bash custom exit status code
exit [n ]: Custom exit status code
Note: Once the exit command is encountered in the script, the script will terminate immediately; the termination exit status depends on the number after the exit command
Note: If the exit status code is not specified for the script, the entire The exit status code of the script depends on the status code of the last command executed in the script
Arithmetic operations
Only integer operations are supported
let
expr
ab=expr $a + $b
$[ ]
$(( ))
bc supports decimals
echo “5*7 .3” | bc
< p>Condition test
Condition test
True returns 0
False returns 1
Logical operation
and -a &&
or- o ||
Not!
a Use []
[-a ]
&& Use [[ ]]
[[ && ]]
[] && [ ]
Test command
test EXPRESSION
[EXPRESSION ]
[[ EXPRESSION ]]
1, use -n -z to determine whether the variable is empty
[] Need to add “” outside the variable [[ ]] No need
Note: There must be blank characters before and after EXPRESSION
Command combination
( command;command) Open subshell
{command; command;} Execute in this shell
< p>bash numerical test
-v VAR
whether variable VAR is set
numerical test
-gt is greater than -ge is greater than or equal to -eq Is it equal to -ne Is it not equal to -lt Is it less than -le Is it less than or equal to
p>
shell variable string
${parameter}
${#parameter} character length
${parameter:offset} extract the substring from the offset to the end
${parameter :offset:le ngth} Extract a string of length length from the offset
${parameter#word} Delete the shortest matching word string from the beginning of ${parameter}
${parameter##word} From ${parameter }The longest matching word string is deleted from the beginning
${parameter%word} The shortest matching word string is deleted from the end of ${parameter}
${parameter%%word} From the end of ${parameter} Start to delete the longest matching word string
${parameter/pattern/string} string replace the first matching pattern
${parameter//pattern/string} all
character length
pipe echo ${char} |wc -L
expre length “${char}”
Special extended variable
${parameter:-word} If the parameter variable is empty or If the value is not assigned, it will return the word string and replace the variable value
${parameter:=word} If the parameter variable is empty or not assigned, it will be set to word and returned. Positional variables and special variables are not applicable
${ parameter:?word} If the parameter variable is empty or unassigned, word is output as standard error, otherwise the variable value is output
${parameter:+word} If the parameter variable is empty or unassigned, do nothing, otherwise word The value of return
Math operation
!/bin/bash
no1=4;
no2=5;
let result=no1+no2
echo $result
result=$[ no1 + no2 ]
result=$[ $no1 + 5 ]
You can also use (()), but use (( )), you need to add $ before the variable name:
Array
$ ass_array=([index1]=val1 [index2]=val2)
Use independent “index -Value” is assigned:
$ ass_array[index1]=val1
$ ass_array’ind ex2]=val2
Array index
$ echo ${!array_var[*]}
$ echo ${!array_var[@]
$ echo ${!fruits_value[*]}
while read n ;do
echo "name is $n"
done
cat student_name.txt | while read name; do
useradd $name
echo $name is created
done
find
find /var -not (-user root -o -user lp -o -user gdm )
Cooperate with xargs
Compression
compress .Z
gzip .gz
bzip2 .bz2
xz .xz
zip .
tar
cpio
-j: bzip2, -z: gzip, -J: xz
Soft and hard symbolic links
df -i –print-type
What is the difference between a symbolic link and a hard link?
Symbolic links:
Soft links have their own file attributes and permissions, etc.;
Can create soft links to non-existent files or directories;
Soft links can cross file systems;
Soft links Can create files or directories;
When creating a soft link, the link count i_nlink will not increase;
Deleting a soft link does not affect the pointed file, but if the pointed original file is deleted, the related soft link It is called a dead link (that is, a dangling link, if the pointed path file is recreated, the dead link can be restored to a normal soft link).
Hard link:
Files have the same inode and data block;
Can only create existing files;
Can’t create hard links across file systems;
Cannot create directories, only files;
Deleting a hard-linked file does not affect other files with the same inode number.
There are two counters for each file: i_count and i_nlink, which are reference count and hard link count. The i_count in the structure inode is used to track the number of files accessed, and i_nlink is the number of hard links to the file viewed using the ls -l command above. In other words, i_count tracks the status of files in memory, while i_nlink is a disk counter. When the file is deleted, i_nlink is set to 0 first. These two counters of the file make it easy to upgrade the Linux system or program. The system or program can replace the new file with the same file name without shutting down (that is, the file i_count is not 0). The new file has its own inode and data block. The old file will be complete after the related process is closed. Delete
When the soft link is created with a relative path, the link will search for a file with the same file name in the current directory. If it cannot be found, the link will become invalid. The link file has its own node data.