1. The Linux operating system is a multi-user and multi-tasking operating system, including user accounts and group accounts.
Subdivided user accounts (ordinary user accounts, super user accounts). In addition to user accounts, there are also group accounts. The so-called group account is a user account. There are two types of centos groups, private groups and standard groups. When a new user is created, if the group to which he belongs is not specified, centos will create a private group that is the same as the user. In this private group, only Including the users themselves. Standard groups can accommodate multiple users. If you want to use standard groups, you should specify the group he belongs to when creating a new user. On the other hand, the same user can belong to multiple groups, such as the leader of a certain unit. Group and technical group, lik is the technical director of the unit, so he belongs to the leadership group and technical group. When a user belongs to multiple groups, the group to which he or she belongs after logging in is the primary group, and other groups are additional groups.
2. The account system files in the Linux environment are mainly composed of four files: /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow
I won’t go into details about the basic meaning, but let’s focus on root. uid is 0, from 1-499 are the system's standard accounts, ordinary users start from uid 500.
3. Use commands to manage accounts
useradd option Username //Add new user
usermod option Username //Modify existing users
userdel -r Username //Deleting a user means deleting the home directory together.
groupadd option group name // Add a new group
groupmod option group name // Modify an existing group
groupdel group name // Delete an existing specific group.
Example
useradd zhh888 //Add a user zh888
groupadd blog //Create a new blog group
useradd -G blog zh //Indicates creating a new user zh and joining the blog additional group.
useradd -d /var/ftp/pub -M ftpadmin //Create a new user ftpadmin, specify the directory is /var/ftp/pub, do not create your own directory (-M)
usermod -G blog zh888 //Indicates that zh888 Add it to the additional group blog.
userdel ftpadmin //Delete the ftpadmin user
userdel -r zhh888 //Delete zh888 and delete the directory in /home together.
groupdel blog //Indicates deleting the blog group.
4. Password management and expiry
After creating a user, you need to add a password to the user. The command passwd of the set password
passwd option user name
passwd -l username account name // prohibit user account password
passwd -S username //Indicates to check the user account password status
passwd -u username //Indicates to restore the user account
passwd -d username //Indicates to delete the user account password
5.chage command is to protect the password expiration date, which can prevent others from guessing the password The time
chage option user name
parameters are -m days, -M days,-d days, -I days,-E date, -W days,-l
Example: #chage -m 2 -M 30 -W zhh //It means that the user cannot change the password within two days, and the maximum password survival period is 30 days, and the password is notified within 5 days of expiration
6. User and group status query command
whoami //Used to display the current user name.
groups username//Indicates that the groups to which the specified user belongs are displayed. If no user is specified, it is the group to which the current user belongs.
id //Indicates displaying the uid gid of the current user and the list of groups to which the user belongs.
su - User // means switching to other users, if su means switching to your current user.
newgrp group name //Indicates converting the user's current group to the specified additional group. The user must belong to this group to proceed.
7. Change the owner and group members
Sometimes you need to change the owner of the file and the group it belongs to. Only the owner of the file has the right to change other owners and groups. Users can transfer their own files to everyone. To change the file owner, use the chown command
chown [-R]
chown zh888 files//Change the owner of the file files to the zh888 user.
chown zh888.zh888 files//Change the owner and group of files to zh888.
chown -R zh888.zh888 files//Change the owner and group of all files or directories in all directories and subdirectories of files to zh888.
8. Set the directory and directory generation mask of the file
Users can use the umask command Sets the default build mask for files. The default build mask tells the system what permissions should not be given to create a file or directory. If the user places the umask command in the environment file .bash_profile, he can control the access permissions of all newly created files and directories.
umask [a1a2a3]
a1 represents the permission that does not allow the owner, a2 represents the permission that does not allow people in the same group, and a3 represents the permission that does not allow other people.
umask 022//Indicates that the setting does not allow users in the same group and other users to have write permissions.
umask //Shows the current default build mask.
9. Setting of special permissions
SUID SGID and sticky-bit
In addition to general permissions, there are also special permissions. Some special permissions have special permissions. If the user does not need special permissions, generally do not open special permissions to avoid security issues. . For specific usage, you can search on Baidu and Google.
I hope the knowledge I compiled can help netizens better understand issues such as centos user & group permissions & adding and deleting users.