When using Linux system, we should adhere to
Minimum authority principle.
Least privilegeIt means that Linux usually wants users or processes to have only enough permissions to complete their work, and the system does not give them more privileges.
The most privileged user is usually
rootUsers can do whatever they want (representing the maximum permission). If used, each process uses
rootPermission, which is a huge security vulnerability for the system, so it can not be used
rootUsers deploy services and reduce the permissions of the deployment process. Using a specific user to deploy a specific service is a common way. The privileges enjoyed by the user should be reduced to prevent abuse of permissions. Therefore, it is necessary to manage relevant users in Ubuntu.
useraddYou can create a new user:
sudo useradd jjz
AddUser is automatically created
shell, and automatically created
Use the passwd command to set the password for the user:
sudo passwd jjz
sudo: unable to resolve host Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
This allows users tojjzSet a password.
idCommand to view user information:
sudo id jjz
uid=1000(jjz) gid=100(users) groups=100(users)
Use the finger command to view the user’s directory, shell, and entered address details:
sudo finger jjz
Login: jjz Name: Directory: /home/jjz Shell: /bin/sh Never logged in. No mail. No Plan.
Modify and delete users
The command usermod is used to modify user information and user login:
usermod -l jjz jjz1
It can also be used to add users to the group, for example:
usermod -g users jjz
It can also be used to modify a user’s user directory:
usermod -d /user/jjz jjz
If you want to delete a user, you can use the name userdel:
When deleting a user, delete the user’s working directory at the same time. You can use the command:
userdel -r jjz
Switching between user and root user
After logging in with a non root user, sometimes you need to perform some operations with root permission, such as installing system level software, modifying system files, etc. you often need sudo permission. At this time, we can also switch to the root user for operation and switching
rootYou can use the command:
To switch to root, you need to verify the current user password.
After using the root user, you can use the command to switch to other users:
Or use it directly
exitYou can exit the root user and return to the login user.
Give the user permission to execute sudo
When a new user executes
sudoWill prompt when
xxx is not in the sudoers file. This incident will be reported.That is, the current user does not have permission to execute sudo. If we want the user to have the permission to execute sudo, we need to authorize the user,
sudoAuthorization of permissions requires modification of the file
First enter root mode:
Add write permission for file:
chmod u+w /etc/sudoers
Add below it:
If you want to revoke the write permission of a file, you can use the command:
chmod u-w /etc/sudoers
Disable and enable root user
In order to fully implement the minimum authorization principle of the system, we can also prohibit the root user from logging in and disable the root user’s command:
sudo passwd -l root
This disables root login, but the root password is still saved.
Start the root login again and execute the command:
sudo passwd -u root