(RHCE笔记)linux基础之三 用户、组及权限
2014-05-07 22:17
441 查看
一、user
1.每个用户将指派唯一用户ID(UID)
root的ID为0
普通用户ID从500开始(0-500系统使用)
2.用户名和用户ID存在 /etc/passwd中
3.当用户登陆时系统自动为其分配一个用户家目录
4.用户无法读、写、执行其他用的文件
二、changing file ownership
1.only root can change a file's owner
2.only root or the owner can change a file's group
3.ownership is changed with chown:
chown [-R]用户名 file|directory (-R参数可以递归将文件夹及其子文件全部修改)
4.group-ownnership is change with chgrp:
chgrp [-R]组名 file|directory
例:
1.to change access modes:(修改访问模式)
chmod [-option]...mode[,mode] file|directory
2.mode includes:
-u,g or o for user,group and other
eg:
- -R recursive
4.examples:
- chmod ugo+r file:grant access to all for file
(所有用户添加可读权限)
- chmod o-wx dir:deny write and execute to others for dir
(other用户去掉可写和可执行权限)
四、changing permissions 数字方式
1.uses a thress-digit mode number
-first digit specifies owner's permissions
(第一位数字代表用户的权限)
-second digit specifies group permissions
(第二位数字代表group的权限)
-third digit represents others' permissions
(第三位数字代表others的权限)
eg:
--- 000
--x 001
-w- 010
-wx 011
r-- 100
r-x 101
rw- 110
rwx 111
将某文件的权限修改为:rwxr-x---(用户读写可执行,组可读可执行,other无权限)
rwxr-x---:750
-4(for read)
-2(for write)
-1(for execute)
3.example:
-chmod 640 myfile
五、user and group ID number
1.user names map to user ID number
2.group names map to group ID number
3.data stored on the hard disk is stored numberically
六、/etc/passwd,/etc/shadow,and /etc/group files
authentication information is stored in plain text files:
- /etc/passwd (用户信息)
- /etc/shadow (密码信息)
- /etc/group (用户组信息)
- /etc/gshadow (不再使用)
1./etc/passwd
user account information
eg:
user password information
eg:
user account information
eg:
1.user default files
- copied from /etc/skel
2.user environment initialization files (用户初始文件夹)
[root@instructor ~]#alias l='ls -a'
但是重新登陆后,需要再次执行该命令。为了方便,可以直接将该命令
写入.bash_profile
九、sourcing files
1.changes to profile and bashrc files need to be sourced
2.two methods:(执行shell脚本的两种方式)
-.scriptname
-source scriptname
3.shell scripts can source other files
十、user management tools
1.GUI
-system-config-users
2.CLI
-useradd
-usermod
-userdel[-r]***用户的时候一定要带-r参数,否则会暴露隐私
eg:修改用户的shell
1.by default,passwords do not expire
2.forcing passwords to expire is part of a strong security policy
3.modify default expiration settings in /etc/login.defs
4.to modify existing users.either:
-edit /etc/shadow by hand
-use chage [option] username
eg:vim /etc/login.defs
十二、default permissions
1.default permission for diretories is 777 minus umask
2.default permission fro files is the directory default without
execute permission
3.umask is set with the umask command
4.non-privileged users' umask is 002
- files will have permissions of 664
- directories will have permissions of 775
5.root's umask is 002
- files will have permissions of 644
- directories will have permissions of 755
eg:
user:(普通用户)
dir:777-umask(002)=775 (普通用户创建新目录时的权限)
rwxrwxr-x
file:777-umask(002)-xxx=664 (普通用户创建新文件时的权限)
rw-rw-r--
root
dir:777-umask(022)=755
rwxr-xr-x
file:777-umask(022)-xxx=644
rw-r--r--
1.每个用户将指派唯一用户ID(UID)
root的ID为0
普通用户ID从500开始(0-500系统使用)
2.用户名和用户ID存在 /etc/passwd中
3.当用户登陆时系统自动为其分配一个用户家目录
4.用户无法读、写、执行其他用的文件
二、changing file ownership
1.only root can change a file's owner
2.only root or the owner can change a file's group
3.ownership is changed with chown:
chown [-R]用户名 file|directory (-R参数可以递归将文件夹及其子文件全部修改)
4.group-ownnership is change with chgrp:
chgrp [-R]组名 file|directory
例:
[root@instructor ~]# cd /tmp [root@instructor tmp]# mkdir ownership [root@instructor tmp]# cd ownership [root@instructor ownership]# ls -l total 0 [root@instructor ownership]# cp /etc/passwd ./ [root@instructor ownership]# ls -l total 4 -rw-r--r--. 1 root root 2051 Jan 2 14:42 passwd [root@instructor ownership]# pwd /tmp/ownership [root@instructor ownership]# [root@instructor ownership]# chown eric passwd [root@instructor ownership]# ll total 4 -rw-r--r--. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]#三、changing permissions 字母方式
1.to change access modes:(修改访问模式)
chmod [-option]...mode[,mode] file|directory
2.mode includes:
-u,g or o for user,group and other
eg:
[root@instructor ~]# cd /tmp [root@instructor tmp]# cd ownership [root@instructor ownership]# ls -l total 4 -rw-r--r--. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]# [root@instructor ownership]# chmod ugo+x passwd [root@instructor ownership]# ls -l total 4 -rwxr-xr-x. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]# or: [root@instructor ownership]# chmod a+x passwd [root@instructor ownership]# chmod a-x passwd [root@instructor ownership]# ls -l total 4 -rw-r--r--. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]# -+,- or = for grant,deny or set -r,w or x for read,write and execute3.option include(递归修改)
- -R recursive
4.examples:
- chmod ugo+r file:grant access to all for file
(所有用户添加可读权限)
- chmod o-wx dir:deny write and execute to others for dir
(other用户去掉可写和可执行权限)
四、changing permissions 数字方式
1.uses a thress-digit mode number
-first digit specifies owner's permissions
(第一位数字代表用户的权限)
-second digit specifies group permissions
(第二位数字代表group的权限)
-third digit represents others' permissions
(第三位数字代表others的权限)
eg:
--- 000
--x 001
-w- 010
-wx 011
r-- 100
r-x 101
rw- 110
rwx 111
将某文件的权限修改为:rwxr-x---(用户读写可执行,组可读可执行,other无权限)
rwxr-x---:750
[root@instructor ownership]# ls -l total 4 -rw-r--r--. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]# chmod 750 passwd [root@instructor ownership]# ls -l total 4 -rwxr-x---. 1 eric root 2051 Jan 2 14:42 passwd [root@instructor ownership]#2.permissions are calculated by adding:
-4(for read)
-2(for write)
-1(for execute)
3.example:
-chmod 640 myfile
五、user and group ID number
1.user names map to user ID number
2.group names map to group ID number
3.data stored on the hard disk is stored numberically
六、/etc/passwd,/etc/shadow,and /etc/group files
authentication information is stored in plain text files:
- /etc/passwd (用户信息)
- /etc/shadow (密码信息)
- /etc/group (用户组信息)
- /etc/gshadow (不再使用)
1./etc/passwd
user account information
eg:
[root@instructor tmp]# tail -2 /etc/passwd tommy:x:502:503::/home/tommy:/bin/bash test:x:503:504::/home/test:/bin/bash col1:user name (tommy) col2:placeholder (占位符,现在不用) col3:user ID (502) col4:user group ID (503) col5:comment (自定义信息) col6:user home directory (/home) col7:user login shell (/bin/bash)2./etc/shadow
user password information
eg:
[root@instructor ~]# tail -2 /etc/shadow tommy:!!:15952:0:99999:7::: test:$6$v0bJ8hdm$YfydydPHkYA4s7VrsR8ZHGb2eofMsEe9VPXDwSxWKWJ/HZxcbPnu7quKsPru/IWOyYwPzWsgp7OXZ.PIduyoq.:15955:0:99999:7::: col1:user name col2:encrypted user password col3:last password change(since 1970-1-1) col4:the minimum number of days between password changes(0) col5:the maximum number of days the password is valid(99999) col6:the number of days before password is to expired that user is warned(7) col7:the number of day after password expires that account is disabled col8:days since Jan 1,1970 that account is disable col9:reserved(保留)3./etc/group
user account information
eg:
[root@instructor ~]# grep "adm" /etc/group sys:x:3:bin,adm adm:x:4:adm,daemon desktop_admin_r:x:498:七、user default configures
1.user default files
- copied from /etc/skel
2.user environment initialization files (用户初始文件夹)
[root@instructor ~]# ls -a /etc/skel . .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla -~/.bash_profile:souring after user login -~/.bashrc:souring after user enter into a new bash shell -~/.bash_logout:executed after user logouteg:
[root@instructor ~]# cat ~/.bashrc # .bashrc # User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' alias grep='grep --color=auto' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi八、alias别名
[root@instructor ~]#alias l='ls -a'
但是重新登陆后,需要再次执行该命令。为了方便,可以直接将该命令
写入.bash_profile
九、sourcing files
1.changes to profile and bashrc files need to be sourced
2.two methods:(执行shell脚本的两种方式)
-.scriptname
-source scriptname
3.shell scripts can source other files
十、user management tools
1.GUI
-system-config-users
2.CLI
-useradd
-usermod
-userdel[-r]***用户的时候一定要带-r参数,否则会暴露隐私
eg:修改用户的shell
[root@instructor ~]# usermod -s /sbin/nologin eric [root@instructor ~]# su - eric This account is currently not available. [root@instructor ~]# usermod -s /bin/bash eric [root@instructor ~]# su - eric [eric@instructor ~]$十一、password aging policies
1.by default,passwords do not expire
2.forcing passwords to expire is part of a strong security policy
3.modify default expiration settings in /etc/login.defs
4.to modify existing users.either:
-edit /etc/shadow by hand
-use chage [option] username
eg:vim /etc/login.defs
十二、default permissions
1.default permission for diretories is 777 minus umask
2.default permission fro files is the directory default without
execute permission
3.umask is set with the umask command
4.non-privileged users' umask is 002
- files will have permissions of 664
- directories will have permissions of 775
5.root's umask is 002
- files will have permissions of 644
- directories will have permissions of 755
eg:
user:(普通用户)
dir:777-umask(002)=775 (普通用户创建新目录时的权限)
rwxrwxr-x
file:777-umask(002)-xxx=664 (普通用户创建新文件时的权限)
rw-rw-r--
root
dir:777-umask(022)=755
rwxr-xr-x
file:777-umask(022)-xxx=644
rw-r--r--
相关文章推荐
- RHCE课程-RH033Linux基础笔记七之文件的搜索及高级文件权限和用户、组操作
- RHCE课程-RH033Linux基础笔记七之文件的搜索及高级文件权限和用户、组操作 推荐
- linuxcast笔记:linux用户权限基础
- 实验楼 Linux 基础入门 用户及文件权限管理 作业笔记
- (RHCE笔记)linux基础之四 权限详解
- linux command Line and shell script bible(笔记三_权限/用户)
- Linux用户、用户组、文件权限学习笔记
- Linux用户管理及权限笔记(1)
- RHCE课程-RH033Linux基础笔记三之文件以及文件权限
- Linux用户及权限基础 6 ---- linux umask使用详解
- 1.Linux基础操作:主题3 用户用户组和权限管理
- linux学习笔记:用户及权限管理
- 拾遗:Linux 用户及权限管理基础
- Linux基础-管理用户和文件权限
- linux笔记-用户及权限详解
- Linux用户管理及权限笔记(2)
- Linux最基础(第一篇)——用户权限
- Linux基础笔记用户管理
- Linux基础(5)Linux的用户,组管理以及Linux的下的权限浅谈
- RHCE课程-RH033Linux基础笔记二之安装LINUX及常用命令介绍 推荐