Xiaobai cultivation record — user and authority management in Linux

Time:2021-8-17

1. User group management

Each user belongs to a user group. The system can centrally manage all users in a user group.

When creating a user, if no group is specified, a group with the same name as the user name is created.

Here are some basic commands for user group management:

  • New user group

    $ groupadd
  • Delete user group

    $ groupdel
  • Modify group name

    $ groupmod -n
  • View user group creation information

    The data of user groups is saved in the / etc / group file (excluding deleted groups), so you can view all user group information in this file:

    #Create a group named "family"
    $ sudo groupadd family
    
    #Check the / etc / group file to see that the family group information is available
    $ tail -n 1 /etc/group
    family:x:1002:
    
    #Rename the family group "family1"
    $ sudo groupmod -n family1 family
    
    #Check the / etc / group file again and the group name has changed
    $ tail -n 1 /etc/group
    family1:x:1002:

2. User management

  • Create user

    $ useradd [-g ]

    When creating a user, you can specify the group where the user belongs. If omitted, the system will create a group with the same name as the user name by default.

    After a user is created, a directory with the same name as the user name will be generated in the / home / directory as the user’s home directory. For example:

    #Create a user with the user name "Zhangsan"
    $ sudo useradd zhangsan
    
    #A directory named "Zhangsan" is automatically generated under the / home / directory
    $ ls /home/
    zhangsan
    
    #At the same time, the system automatically creates a user group named "Zhangsan"
    $ tail -n 1 /etc/group
    zhangsan:x:1001:
  • Set user password

    $ passwd []

    All users can use the passwd command to modify their passwords. When modifying, you need to enter the current password first, and then enter a new password, and the password cannot contain the current user name. If the current user is Alice:

    $ passwd
    Change the password of user Alice.
    Change the press password for Alice.
    (current) UNIX password: XXXXXXXX
    New password: XXXXXXXX
    重新输入New password: XXXXXXXX
    Passwd: all authentication tokens have been successfully updated.

    You can also set a password for the specified user. By default, only the root user has this permission:

    $ sudo passwd zhangsan
    Change the password of user Zhangsan.
    New password: XXXXXXXX
    重新输入New password: XXXXXXXX
    Passwd: all authentication tokens have been successfully updated.

    There is no need to enter the old password.

  • delete user

    $ userdel [-r]

    As mentioned earlier, when creating a new user, a directory with the same name as the user name will be generated in the / home / directory as the user’s home directory. When deleting a user, you can choose whether to keep the user’s home directory:

    #Such an operation will delete the user Zhangsan, but will keep the / home / Zhangsan directory
    $ sudo userdel zhangsan
    
    #Such an operation will delete the user Zhangsan and the / home / Zhangsan directory
    $ sudo userdel -r zhangsan

    In particular, if the system automatically generates a user group with the same name as the user name, the user group with the same name will also be deleted when the user is deleted.

  • View the history of creating users

    The creation information of the user is saved in the / etc / passwd file (excluding the deleted user):

    $ cat /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    ... ...
    zhangsan:x:1001:1001::/home/zhangsan:/bin/bash
  • Switch user

    $ su [-]

    By default, after switching users, you can only obtain the user’s execution permission, not its environment variables. If you need to obtain its environment variables at the same time, you can add the parameter “-“:

    #Output environment variables of the current user
    $ echo $PATH
    /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/alice/.local/bin:/home/alice/bin
    #Switch to root
    $ su root
    Password: XXXXXXXX
    #Output environment variables of the current user,可以发现与之前的相同
    $ echo $PATH
    /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/alice/.local/bin:/home/alice/bin
    
    $ exit
    exit
    
    #After exiting, switch to the root user again. At this time, add "-" to display the last login time
    $ su - root
    Password: XXXXXXXX
    Last login: on CST 2021pts / 0 at 20:06:27, February 19, 2005
    #Output environment variables of the current user,可以发现这时是 root 用户的环境变量
    $ echo $PATH
    /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
  • View user information

    $ id

    You can view the ID of the specified user and the ID and name of the group. For example:

    $ id alice
    Uid = 1000 (Alice) GID = 1000 (Alice) group = 1000 (Alice), 10 (wheel)

    You can see that the group to which the Alice user belongs is Alice (group ID 1000) and wheel (group ID 10).

  • View current user name

    $ whoami
    root
    $ su alice
    $ whoami
    alice
    $ who am i
    root     pts/0        2021-02-19 20:27 (11.205.52.123)
  • Modify the user’s group

    $ usermod -g family zhangsan

    To move Zhangsan to the family group:

    #The current Zhangsan is in the Zhangsan group
    $ id zhangsan
    Uid = 1001 (Zhangsan) GID = 1001 (Zhangsan) group = 1001 (Zhangsan)
    $ groups zhangsan
    zhangsan : zhangsan
    
    #Modify Zhangsan's group
    $ sudo usermod -g family zhangsan
    
    #Looking again, you can see that Zhangsan has been moved to the family group
    $ id zhangsan
    Uid = 1001 (Zhangsan) GID = 1002 (family) group = 1002 (family)
    $ groups zhangsan
    zhangsan : family
  • Give ordinary users root privileges

    If an ordinary user prompts “insufficient permission” when executing a command, you can add “sudo” before the command to execute with root permission. At this time, you need to enter your own password for authentication.

    However, not any ordinary user can use “sudo”. For details, you can view the / etc / sudoers file.

    The default configuration in the / etc / sudoers file is as follows:

    ## Allow root to run any commands anywhere 
    root	ALL=(ALL) 	ALL
    
    ## Allows people in group wheel to run all commands
    %wheel	ALL=(ALL)	ALL

    This indicates that only root users or users in the wheel group can use “sudo”. If you need to make “sudo” available to new users, you can configure the user or user group in / etc / sudoers. For example:

    $ visudo
    
    ## Allow root to run any commands anywhere 
    root	ALL=(ALL) 	ALL
    zhangsan ALL=(ALL) ALL

    At this point, user Zhangsan can use “sudo” after entering his own password.

    If a trusted user does not want to enter a password when using sudo, you can set:

    zhangsan ALL=(ALL) NOPASSWD:ALL

    In this way, user Zhangsan can directly use “sudo” without entering his own password.

3. File permissions

3.1 document attribute description

Use the LS – L command to view the properties of the file (directory), such as:

$ mkdir /home/alice/pardir && cd /home/alice/
$ touch ./pardir/a.txt ./pardir/b.txt

$ ls -l ./
Drwxrwxr-x. 2 Alice 32 February 26 18:57 pardir

$ ls -l ./pardir/
-Rw-rw-r --. 1 Alice Alice 0 February 26 18:57 a.txt
-Rw-rw-r --. 1 Alice Alice 0 February 26 18:57 b.txt

File attributes are described as follows:

3.2 file permission information description

Enlarge bits 1-9 in the file attributes as follows:

It can be seen that the user and group of the file can read, write and perform operations on the file, while other users outside the group can read and perform operations on the file rather than write operations.

For different file types, the explanations of the three operations are slightly different, as shown in the table below:

3.3 permission to modify documents

#Mode 1
$Chmod [options] [{Ugo} {+ - =} {RWX}] 

#Mode II
$Chmod [options] [{777}]

The common options are – R, or — recursive, which means recursive operation.

Example 1: modify the permission of a.txt file, add execution permission to the user, reduce write permission to the group, and add write permission and execution permission to other users:

#View the permission information of the current file
$ ll a.txt 
-Rw-rw-r --. 1 Zhangsan family 0 February 26 18:57 a.txt

#Modify file permissions
$ chmod u+x,g-w,o+wx a.txt

#View the permission information of the file again
$ ll a.txt 
-Rwxr -- RWX. 1 Zhangsan family 0 February 26 18:57 a.txt

Example 2: the permission to modify a.txt file is – the user has read, write and execute permissions, the group has read and execute permissions, and other users have read permissions:

#Modify file permissions (method 1)
$ chmod u=rwx,g=rx,o=r a.txt

#Modify file permissions (mode 2)
$ chmod 754 a.txt

#View the permission information of the file again
$ ll a.txt 
-Rwxr XR --. 1 Zhangsan family 0 February 26 18:57 a.txt

3.4 users who modify documents

$chown [options]

If the owner of a.txt file is changed from Alice to Zhangsan:

#The owner of the current a.txt file is Alice
$ ll a.txt 
-Rw-rw-r --. 1 Alice Alice 0 February 26 18:57 a.txt

#View the basic information of user Zhangsan
$ id zhangsan
Uid = 1001 (Zhangsan) GID = 1002 (family) group = 1002 (family)

#Change the owner of a.txt file to user 1001, that is, Zhangsan
$ sudo chown 1001 a.txt 

#Check the owner of the a.txt file again. It can be seen that it has been changed to Zhangsan
$ ll a.txt 
-Rw-rw-r --. 1 Zhangsan Alice 0 February 26 18:57 a.txt

3.5 group of modified document

$chgrp [options]

If the group of a.txt file is changed from Alice to family:

#The group of the current a.txt file is Alice
$ ll a.txt 
-Rw-rw-r --. 1 Zhangsan Alice 0 February 26 18:57 a.txt

#Change the group of a.txt file to group 1002, that is, family
$ sudo chgrp 1002 a.txt

#Check the group of the a.txt file again. It can be seen that it has been changed to family
$ ll a.txt 
-Rw-rw-r --. 1 Zhangsan family 0 February 26 18:57 a.txt

Some other common commands: open control of ports under centos7

1. View current firewall status

$ firewall-cmd --state
running

2. Check which ports are currently open in the firewall

$ firewall-cmd --zone=public --list-ports
8080/tcp

3. Open specified port

$ firewall-cmd --zone=public --add-port=3306/tcp --permanent
success

$ firewall-cmd --reload
success

4. Close the specified port

$ firewall-cmd --zone=public --remove-port=3306/tcp --permanent
success

$ firewall-cmd --reload
success

5. Turn off firewall

$ systemctl stop firewalld.service