拾遗：Linux 用户及权限管理基础

Lacks of Knowledge 1:

　　Linux has large amount of COMMANDS,but many of them have similar funtions,it's annoying! So,how to get the highest efficiency in a very limited period?

　　Choise only one method which cat solve your problem[s] perfectly,and throw others away!

　　Just as the command "history",I will never waste my time on "!xxx","!<",etc. Because "history | grep" will solve any problems as all the others can do.

　　It's same for me to deal with the chapter of user-management.I will only focus on the formats of four files(/etc/passwd,/etc/shadow/,/etc/group,/etc/gshadow) and three necessary commands("useradd","newusers","chpasswd").

　　These seven tools are enough,as below:

f@z ~ $ cat /etc/passwd
qemu:x:77:77:added by portage for libvirt:/dev/null:/sbin/nologin
ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/sbin/nologin

name:password:UID:GID:unnecessary comments of user:home directory:shell

z f # cat /etc/shadow
root:$6$QJnD:17015:0:99999:7:::
f:$6$5ajHHo.:17015:0:99999:7:::

name:password:date of last password change:minimun password age[days]:maximum password age[days]:password warning period[days]:password inactivity period[days]:account expiration date

Note:the third and eighth object(date of last password change,account expiration date) is expressed as the number of days since Jan 1, 1970.

z f # cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon

group name:password:GID:member[s] of the group

z f # cat /etc/gshadow
root:::root
bin:::root,bin,daemon

group name:password:administrator[s] of the group:member[s] of the group

newusers　　:#recive arguments from file,format same as /etc/passwd

[root@7 fh]# cat testfile
zhangsan:abc:3000:3000:xxxx:/home/zhangsan:/bin/bash
lisi:abc:4000:4000:xxxx:/home/lisi:/bin/bash

[root@7 fh]# newusers testfile
[root@7 fh]# tail -n 2 /etc/passwd
zhangsan:x:3000:3000:xxxx:/home/zhangsan:/bin/bash
lisi:x:4000:4000:xxxx:/home/lisi:/bin/bash

chpasswd　　:#recive arguments from stdin

[root@7 fh]# cat testfile2
zhangsan:catdog
lisi:dogcat
[root@7 fh]# cat testfile2 | chpasswd
[fh@7 ~]$ su - zhangsan
Password:
-bash-4.2$

useradd -G -s -m -k

[root@7 fh]# useradd -m -G wheel -s /bin/bash -k /dev/null test_user
[root@7 fh]# tail -n 1 /etc/passwd
test_user:x:4001:4001::/home/test_user:/bin/bash
[root@7 fh]# grep 'wheel' /etc/group
wheel:x:10:fh,test_user
[root@7 fh]# ls -a /home/test_user/
.  ..

Lacks of Knowledge 2:

setfacl -M　　:#revice arguments from file

[root@7 fh]# cat file1
u:fh:6
g:fh:4
d:u:fh:rx
mask::5
[root@7 fh]# setfacl -M file1 a_dir/
[root@7 fh]# getfacl a_dir/
# file: a_dir/
# owner: root
# group: root
user::rwx
user:fh:rw-            #effective:r--
group::r-x
group:fh:r--
mask::r-x
other::r-x
default:user::rwx
default:user:fh:r-x
default:group::r-x
default:mask::r-x
default:other::r-x