authority management

By Unix

Linux users and user groups (authority management)

user management useradd create users

-c — Specify user description -d—specify home directory, default home directory /home under the same name directory

        -g—specify main group -G—specify additional group [a user Ah, there can only be one main group, but there can be multiple additional groups]

        -s—specify shell program 【Special: /sbin/nologin—login system is not allowed Users]

        -u—Specify UID -M Do not create a home directory

      Userdel -r delete with the home directory

      Usermod -d specified home directory -m mobile -u -o -g -G -s -c

share picture

Passwd

Lock password-u unlock-d delete password

Echo “password”| passwd -stdin “user name”

Group management:

Groupadd -g Modify group ID

-o reuse allowed

groupdel delete group

groupmod -g

-o

-n Modify group name

Specify group password [If a file enters the additional group of this user, and you want to access this file, others will You can set a password for this group]

Common documents

/etc/passwd

Uname:x:uid:gid:Description :Home directory: shell program

System user 1-499 1-999 Ordinary user 500-65535 1000-65535

Super user 0

shadow

Uname:uid:password: various events…

/etc/group

group: password group: additional group ID: group

/etc/gshadow

/etc/skel—The files in this directory will be copied to the home directory of every ordinary user, which is generally used as a warning.

User permissions: rwx read-write execution 421

R 100 w 010 r 001

Chmod [a|o|g|u] [+|-] File

Chown modify group permissions chown user1: file chown: user1 file chown user1: user1 file

ACL authorization management

Setfacl -mu:b:rw atest

Getfacl atest

Through permission management, add specified permissions to specified users

Setfacl -mu: Username: The added permissions file//file must be If it is the user’s file

Setfacl -xu: Username cancels file permissions

Getfacl —- View permissions added by acl

Special permissions

Temporary borrowing, for example, two users AB belong to group AA and group BB; A creates a user a.txt, and B goes to access a.txt by default and uses other. When B wants to access a.txt, but if he wants to go beyond his authority, borrow A’s authority to access, he needs to set the SUID position to 1. At the same time, it is also possible to borrow the SGID authority to access the file.

The role of the sticky bit: authorized to a directory, all users in the directory can only delete their own files, but cannot delete other people’s files. The SUID granted to the directory file

Chmod u+s files//Special permissions granted to SUID

share pictures

If the owner authority has x, display s

If the owner authority does not have x, display S

【How to borrow Bit problem? 】

SGID

Chmod g+s file//Special permissions granted to SUID

If the owner permission has x, show s

If the number of masters does not have x, S will be displayed

[How to borrow? 】

Sticky

Chmod o+t file//authorize sticky bits

Su authorization find / -d

/ etc/sudoers // Just add permissions in this file

Su-

Sudo-permission to intervene No user switching

p>

Leave a Comment

Your email address will not be published.