3.3Linux用户和组管理
仅获取命令执行成功后的状态 echo $?mysql
把没有意义信息输出到/dev/null: bit bucket(位桶)
正确执行
[root@linux_basic tmp]# ls
A free hello mylinux mylog system-release test test.txt yoH you yoU you.txt
[root@linux_basic tmp]# echo $?
0
[root@linux_basic tmp]# ls > /dev/null
[root@linux_basic tmp]# echo $?
0
错误执行
[root@linux_basic tmp]# lssl
-bash: lssl: command not found
[root@linux_basic tmp]# lssl > /dev/null
-bash: lssl: command not found
[root@linux_basic tmp]# lssl &> /dev/null
[root@linux_basic tmp]# echo $?
127linux
经过设置阻止覆盖重定向已经存在的文件
[root@linux_basic tmp]# type set
set is a shell builtin
[root@linux_basic tmp]# help set
set: set [--abefhkmnptuvxBCHP] [-o option-name] [arg ...]
Set or unset values of shell options and positional parameters.
Change the value of shell attributes and positional parameters, or
display the names and values of shell variables.
-C If set, disallow existing regular files to be overwritten
by redirection of output. 若是文件存在,不能覆盖它
[root@linux_basic tmp]# cp test mylog/
[root@linux_basic tmp]# cat /etc/issue > mylog/test
[root@linux_basic tmp]# set -C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
-bash: mylog/test: cannot overwrite existing file
[root@linux_basic tmp]# set +C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
[root@linux_basic tmp]# set -C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
-bash: mylog/test: cannot overwrite existing file
[root@linux_basic tmp]# cat /etc/issue >| mylog/test
用户和组:
权限:定义资源或服务的访问能力
用户:获取资源或服务的标识
用户,容器(用户的容器),关联权限:用户组,方便地指派权限
组是权限的容器或是权限的集合sql
用户和组:实现资源分派的核心要素shell
容器: 用户
权限数据库
用户两类:
管理员
普通用户apache
用户的身份标识 User ID = UID
名称解析 :查找用户名对应的用户id
文本文件
关系型数据库
NIS
LDAPapi
组用户也有组id Group ID = GID安全
密码
authentication 认证过程
密码:口令 经过提供密码
认证工具
生物识别:
电子口令卡:
authorization: 提供权限
受权 经过文件的属组和属主来实现的
audit: 监督是否乱用了权限
审计 经过日志来实现的bash
权限: 获取某种资源的能力
一切皆文件:
用户所访问资源都是文件app
用户类别:
管理员:0
系统用户:1-499
目的运行后台程序(daemon)
普通用户:500+
能够登陆的:交互式访问的用户(管理员和普通用户)
组类别:
管理员组:0
系统组:1-499
用户组:500+ 500以上的
权限:
r 可读
w 可写
x 可执行
文件:
r: 查看文件内容
w: 修改文件内容
x: 把此文件启动为一个运行的程序(进程),能够在命令提示符下看成命令提交给内核运行;
目录:
r: 可以使用ls命令查看目录中的文件名列表
w: 能够在目录中建立或删除文件
x: 能够cd到此目录中,以及使用ls -l显示目录中文件的元数据信息
用户访问文件时的权限匹配模型:
一、检查运行此程序的的属主是否与其正在访问的文件的属主相同?
若是相同,则以属主的权限访问;
不然:
二、查检运行此进程的属组是否属于此文件的属组
若是是,则以属组的权限访问;
不然:
三、以其它用户的身份访问
用户管理: 用户的帐号密码相关的信息
Linux:
/etc/passwd: 用户的账号信息
/etc/shadow: 用户密码和相关的账户设定
/etc/group: 组的账号信息
/etc/gshaow: 组的密码信息
/etc/passwd文件格式:
account:password:UID:GID:GECOS:directory:shell
用户能够加入不止一个组:
基本组
额外组,附加组
用户组类别:
私有组:建立用户时,若是没有为其指定所属的组,系统会自动为其建立一个与用户名同名的组
基本组:用户的默认组
附加组,额外组:默认组之外的其它组
[root@linux_basic tmp]# whatis passwd
passwd (1) - update user's authentication tokens
passwd (5) - password file
passwd [sslpasswd] (1ssl) - compute password hashes
NAME
passwd - password file
DESCRIPTION
Passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like
user ID, group ID, home directory, shell, etc. Often, it also contains the encrypted passwords for each account. It should
have general read permission (many utilities, like ls(1) use it to map user IDs to usernames), but write access only for the
superuser.
登陆名:密码占位符:UID:GID:注释信息:家目录:用户的默认shell
There is one entry per line, and each line has the format:
account:password:UID:GID:GECOS:directory:shell
The field descriptions are:
account the name of the user on the system. It should not contain capital letters.
password the encrypted user password, an asterisk (*), or the letter 'x'. (See pwconv(8) for an explanation of 'x'.)
x是一个密码占位符,真正密码在/etc/shadow中
UID the numerical user ID.
GID the numerical primary group ID for this user.
GECOS This field is optional and only used for informational purposes. Usually, it contains the full username.
GECOS means General Electric Comprehensive Operating System, which has been renamed to GCOS when GE’s large
systems division was sold to Honeywell. Dennis Ritchie has reported: "Sometimes we sent printer output or
batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information
for the $IDENTcard. Not elegant."
用户注释信息
directory the user’s $HOME directory.
用户的家目录
shell the program to run at login (if empty, use /bin/sh). If set to a non-existing executable, the user will be
unable to login through login(1).
用户默认shell
[root@linux_basic you]# cat /etc/shells 安全shell,用于用户使用的默认
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
/etc/group文件:
组名:组密码占位符:GID:以逗号分隔属于此组(以之作为额外组)的用户列表
[root@linux_basic you]# head -1 /etc/group
root:x:0:
NAME
group - user group file
DESCRIPTION
/etc/group is a text file which defines the groups on the system. There is one entry per line, with the following format:
group_name:passwd:GID:user_list
The field descriptions are:
group_name
the name of the group.
password
the (encrypted) group password. If this field is empty, no password is needed.
GID the numerical group ID.
user_list
a list of the usernames that are members of this group, separated by commas.
[root@linux_basic you]# which useradd
/usr/sbin/useradd
[root@linux_basic you]# ls -l `which useradd`
-rwxr-x---. 1 root root 103096 Oct 15 21:34 /usr/sbin/useradd
[root@linux_basic you]# which adduser
/usr/sbin/adduser
[root@linux_basic you]# ls -l `which adduser`
lrwxrwxrwx. 1 root root 7 Dec 8 20:06 /usr/sbin/adduser -> useradd
新增用户的命令
useradd命令:
NAME
useradd - create a new user or update default new user information
SYNOPSIS
useradd [options] LOGIN
useradd -D
useradd -D [options]
[root@linux_basic you]# useradd user1
[root@linux_basic you]# tail -1 /etc/passwd
user1:x:501:501::/home/user1:/bin/bash
[root@linux_basic you]# useradd user2
[root@linux_basic you]# tail -2 /etc/passwd
user1:x:501:501::/home/user1:/bin/bash
user2:x:502:502::/home/user2:/bin/bash
每增长一个用户,其的uid都是前一个用户的uid加1
[root@linux_basic you]# tail -2 /etc/shadow
user1:!!:16425:0:99999:7:::
user2:!!:16425:0:99999:7:::
-u UID
-u, --uid UID
The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be
non-negative. The default is to use the smallest ID value greater than or equal to UID_MIN and greater than every other
user.
-g GID: 所属的基本组
-g, --gid GROUP
The group name or number of the user's initial login group. The group name must exist. A group number must refer to an
already existing group.
If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in /etc/login.defs. If this
variable is set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with
the same name as her loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line),
useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd,
or 100 by default.
-G GID: 所属的附加组
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with
no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The
default is for the user to belong only to the initial group.
-c 'COMMENT':注释信息
-c, --comment COMMENT
Any text string. It is generally a short description of the login, and is currently used as the field for the user's full
name.
-d /path/to/somewhere: 若是此目录事先存在,会有警告信息;
-d, --home HOME_DIR 用户的家目录
The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the
LOGIN name to BASE_DIR and use that as the login directory name. The parent directory of HOME_DIR must exist otherwise
the home directory cannot be created.
[root@linux_basic you]# ls /etc/skel/ -a 用户的必备信息
. .. .bash_logout .bash_profile .bashrc
[root@linux_basic you]# ls /home/user
user1/ user2/ user3/ user4/ user5/
[root@linux_basic you]# ls /home/user1/ -a
. .. .bash_logout .bash_profile .bashrc
[root@linux_basic you]# useradd -d /tmp/user3 user6
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@linux_basic you]# su - user6
-bash-4.1$
-bash-4.1$
-bash-4.1$ ls
-bash-4.1$ exit
logout
[root@linux_basic you]# ls /tmp/user3/ -a
. ..
须要注意权限
[root@linux_basic you]# ls -ld /tmp/user3
drwxr-xr-x. 2 root root 4096 Dec 21 17:57 /tmp/user3
[root@linux_basic you]# ls /home/ -l
total 24
drwx------. 2 cactiuser cactiuser 4096 Dec 10 21:18 cactiuser
drwx------. 2 user1 user1 4096 Dec 21 17:33 user1
drwx------. 2 user2 user2 4096 Dec 21 17:34 user2
drwx------. 2 user3 user3 4096 Dec 21 17:41 user3
drwx------. 2 user4 user4 4096 Dec 21 17:43 user4
drwx------. 2 user5 user5 4096 Dec 21 17:45 user5
-s SHELL: SHELL必须是/etc/shells文件中存在的shell
-s, --shell SHELL
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the
default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default.
[root@linux_basic you]# useradd -s /bin/tcsh user7
[root@linux_basic you]# su - user7
[user7@linux_basic ~]$ ls
[user7@linux_basic ~]$ echo $SHELL
/bin/tcsh
[user7@linux_basic ~]$ exit
logout
[root@linux_basic you]# echo $SHELL
/bin/bash
-m:强制给用户建立家目录
-m, --create-home
Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory
(which can be defined with the -k option) will be copied to the home directory.
-M:不给用户建立家目录
-M
Do not create the user's home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to
yes.
-r: 建立系统用户
-r, --system
Create a system account.
System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the
SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the
creation of groups).
[root@linux_basic tmp]# useradd -r cacti
[root@linux_basic tmp]# tail -1 /etc/passwd
cacti:x:498:498::/home/cacti:/bin/bash uid和gid都是小于500的
[root@linux_basic tmp]# useradd -u 1000 user3
[root@linux_basic tmp]# tail -1 /etc/passwd
user3:x:1000:1000::/home/user3:/bin/bash
[root@linux_basic tmp]# tail -1 /etc/group
user4:x:1001:
[root@linux_basic tmp]# useradd -u 1001 -g 1001 user4
[root@linux_basic tmp]# tail -1 /etc/passwd
user4:x:1001:1001::/home/user4:/bin/bash
[root@linux_basic tmp]# groupadd mytest
[root@linux_basic tmp]# useradd -G user4,mytest user5
[root@linux_basic tmp]# tail -1 /etc/passwd
user5:x:1002:1003::/home/user5:/bin/bash
[root@linux_basic tmp]# tail -1 /etc/shadow
user5:!!:16425:0:99999:7:::
[root@linux_basic tmp]# tail /etc/group
wbpriv:x:88:
apache:x:48:
mysql:x:27:
cactiuser:x:500:
user1:x:501:
user2:x:502:
user3:x:1000:
user4:x:1001:user5
mytest:x:1002:user5
user5:x:1003:
[root@linux_basic tmp]# useradd -r -s /sbin/nologin -M -u 301 mogilefs 能够不用加'M'选项,由于系统用户默认是不建立家目录的
[root@linux_basic tmp]# ls /home/
cactiuser user1 user2 user3 user4 user5 user7 user8
[root@linux_basic tmp]# tail -1 /etc/passwd
mogilefs:x:301:301::/home/mogilefs:/sbin/nologin
groupadd命令: 添加组用户
NAME
groupadd - create a new group
SYNOPSIS
groupadd [options] group
DESCRIPTION
The groupadd command creates a new group account using the values specified on the command line plus the default values from
the system. The new group will be entered into the system files as needed.
-g GID:指定GID,能够为id也能够为组名
-g, --gid GID
The numerical value of the group′s ID. This value must be unique, unless the -o option is used. The value must be
non-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. Values
between 0 and 999 are typically reserved for system accounts.
-r: 系统组
-r, --system
Create a system group.
[root@linux_basic tmp]# groupadd user9
[root@linux_basic tmp]# useradd -r -g user9 user8
useradd: user 'user8' already exists
[root@linux_basic tmp]# useradd -r -g user9 user9
[root@linux_basic tmp]# tail -1 /etc/passwd
user9:x:300:1007::/home/user9:/bin/bash
[root@linux_basic tmp]# su - user9
su: warning: cannot change directory to /home/user9: No such file or directory
-bash-4.1$ exit
logout
[root@linux_basic tmp]# groupadd -r user10 [root@linux_basic tmp]# useradd -g user10 user10 [root@linux_basic tmp]# tail -1 /etc/passwd user10:x:1007:300::/home/user10:/bin/bash
- 1. Linux 用户和组管理
- 2. 用户和组管理
- 3. 0321用户和组管理
- 4. Linux用户和组管理
- 5. vCenter用户和组管理
- 6. 用户和组的管理
- 7. 用户和组管理(1.0)
- 8. 用户和组管理(2.0)
- 9. Centos7 用户和组管理
- 10. linux 用户和组管理
- 更多相关文章...
- • Rust 组织管理 - RUST 教程
- • Swarm 集群管理 - Docker教程
- • 适用于PHP初学者的学习线路和建议
- • Java Agent入门实战(三)-JVM Attach原理与使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 外部其他进程嵌入到qt FindWindow获得窗口句柄 报错无法链接的外部符号 [email protected] 无法被([email protected]@[email protected]@@引用
- 2. UVa 11524 - InCircle
- 3. The Monocycle(bfs)
- 4. VEC-C滑窗
- 5. 堆排序的应用-TOPK问题
- 6. 实例演示ElasticSearch索引查询term,match,match_phase,query_string之间的区别
- 7. 数学基础知识 集合
- 8. amazeUI 复择框问题解决
- 9. 背包问题理解
- 10. 算数平均-几何平均不等式的证明,从麦克劳林到柯西
- 1. Linux 用户和组管理
- 2. 用户和组管理
- 3. 0321用户和组管理
- 4. Linux用户和组管理
- 5. vCenter用户和组管理
- 6. 用户和组的管理
- 7. 用户和组管理(1.0)
- 8. 用户和组管理(2.0)
- 9. Centos7 用户和组管理
- 10. linux 用户和组管理