3.3Linux用戶和組管理
僅獲取命令執行成功後的狀態 echo $?mysql
把沒有意義信息輸出到/dev/null: bit bucket(位桶)
正確執行
[root@linux_basic tmp]# ls
A free hello mylinux mylog system-release test test.txt yoH you yoU you.txt
[root@linux_basic tmp]# echo $?
0
[root@linux_basic tmp]# ls > /dev/null
[root@linux_basic tmp]# echo $?
0
錯誤執行
[root@linux_basic tmp]# lssl
-bash: lssl: command not found
[root@linux_basic tmp]# lssl > /dev/null
-bash: lssl: command not found
[root@linux_basic tmp]# lssl &> /dev/null
[root@linux_basic tmp]# echo $?
127linux
經過設置阻止覆蓋重定向已經存在的文件
[root@linux_basic tmp]# type set
set is a shell builtin
[root@linux_basic tmp]# help set
set: set [--abefhkmnptuvxBCHP] [-o option-name] [arg ...]
Set or unset values of shell options and positional parameters.
Change the value of shell attributes and positional parameters, or
display the names and values of shell variables.
-C If set, disallow existing regular files to be overwritten
by redirection of output. 若是文件存在,不能覆蓋它
[root@linux_basic tmp]# cp test mylog/
[root@linux_basic tmp]# cat /etc/issue > mylog/test
[root@linux_basic tmp]# set -C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
-bash: mylog/test: cannot overwrite existing file
[root@linux_basic tmp]# set +C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
[root@linux_basic tmp]# set -C
[root@linux_basic tmp]# cat /etc/issue > mylog/test
-bash: mylog/test: cannot overwrite existing file
[root@linux_basic tmp]# cat /etc/issue >| mylog/test
用戶和組:
權限:定義資源或服務的訪問能力
用戶:獲取資源或服務的標識
用戶,容器(用戶的容器),關聯權限:用戶組,方便地指派權限
組是權限的容器或是權限的集合sql
用戶和組:實現資源分派的核心要素shell
容器: 用戶
權限數據庫
用戶兩類:
管理員
普通用戶apache
用戶的身份標識 User ID = UID
名稱解析 :查找用戶名對應的用戶id
文本文件
關係型數據庫
NIS
LDAPapi
組用戶也有組id Group ID = GID安全
密碼
authentication 認證過程
密碼:口令 經過提供密碼
認證工具
生物識別:
電子口令卡:
authorization: 提供權限
受權 經過文件的屬組和屬主來實現的
audit: 監督是否亂用了權限
審計 經過日誌來實現的bash
權限: 獲取某種資源的能力
一切皆文件:
用戶所訪問資源都是文件app
用戶類別:
管理員:0
系統用戶:1-499
目的運行後臺程序(daemon)
普通用戶:500+
能夠登陸的:交互式訪問的用戶(管理員和普通用戶)
組類別:
管理員組:0
系統組:1-499
用戶組:500+ 500以上的
權限:
r 可讀
w 可寫
x 可執行
文件:
r: 查看文件內容
w: 修改文件內容
x: 把此文件啓動爲一個運行的程序(進程),能夠在命令提示符下看成命令提交給內核運行;
目錄:
r: 可以使用ls命令查看目錄中的文件名列表
w: 能夠在目錄中建立或刪除文件
x: 能夠cd到此目錄中,以及使用ls -l顯示目錄中文件的元數據信息
用戶訪問文件時的權限匹配模型:
一、檢查運行此程序的的屬主是否與其正在訪問的文件的屬主相同?
若是相同,則以屬主的權限訪問;
不然:
二、查檢運行此進程的屬組是否屬於此文件的屬組
若是是,則以屬組的權限訪問;
不然:
三、以其它用戶的身份訪問
用戶管理: 用戶的帳號密碼相關的信息
Linux:
/etc/passwd: 用戶的賬號信息
/etc/shadow: 用戶密碼和相關的賬戶設定
/etc/group: 組的賬號信息
/etc/gshaow: 組的密碼信息
/etc/passwd文件格式:
account:password:UID:GID:GECOS:directory:shell
用戶能夠加入不止一個組:
基本組
額外組,附加組
用戶組類別:
私有組:建立用戶時,若是沒有爲其指定所屬的組,系統會自動爲其建立一個與用戶名同名的組
基本組:用戶的默認組
附加組,額外組:默認組之外的其它組
[root@linux_basic tmp]# whatis passwd
passwd (1) - update user's authentication tokens
passwd (5) - password file
passwd [sslpasswd] (1ssl) - compute password hashes
NAME
passwd - password file
DESCRIPTION
Passwd is a text file, that contains a list of the system’s accounts, giving for each account some useful information like
user ID, group ID, home directory, shell, etc. Often, it also contains the encrypted passwords for each account. It should
have general read permission (many utilities, like ls(1) use it to map user IDs to usernames), but write access only for the
superuser.
登陸名:密碼佔位符:UID:GID:註釋信息:家目錄:用戶的默認shell
There is one entry per line, and each line has the format:
account:password:UID:GID:GECOS:directory:shell
The field descriptions are:
account the name of the user on the system. It should not contain capital letters.
password the encrypted user password, an asterisk (*), or the letter 'x'. (See pwconv(8) for an explanation of 'x'.)
x是一個密碼佔位符,真正密碼在/etc/shadow中
UID the numerical user ID.
GID the numerical primary group ID for this user.
GECOS This field is optional and only used for informational purposes. Usually, it contains the full username.
GECOS means General Electric Comprehensive Operating System, which has been renamed to GCOS when GE’s large
systems division was sold to Honeywell. Dennis Ritchie has reported: "Sometimes we sent printer output or
batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information
for the $IDENTcard. Not elegant."
用戶註釋信息
directory the user’s $HOME directory.
用戶的家目錄
shell the program to run at login (if empty, use /bin/sh). If set to a non-existing executable, the user will be
unable to login through login(1).
用戶默認shell
[root@linux_basic you]# cat /etc/shells 安全shell,用於用戶使用的默認
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
/etc/group文件:
組名:組密碼佔位符:GID:以逗號分隔屬於此組(以之作爲額外組)的用戶列表
[root@linux_basic you]# head -1 /etc/group
root:x:0:
NAME
group - user group file
DESCRIPTION
/etc/group is a text file which defines the groups on the system. There is one entry per line, with the following format:
group_name:passwd:GID:user_list
The field descriptions are:
group_name
the name of the group.
password
the (encrypted) group password. If this field is empty, no password is needed.
GID the numerical group ID.
user_list
a list of the usernames that are members of this group, separated by commas.
[root@linux_basic you]# which useradd
/usr/sbin/useradd
[root@linux_basic you]# ls -l `which useradd`
-rwxr-x---. 1 root root 103096 Oct 15 21:34 /usr/sbin/useradd
[root@linux_basic you]# which adduser
/usr/sbin/adduser
[root@linux_basic you]# ls -l `which adduser`
lrwxrwxrwx. 1 root root 7 Dec 8 20:06 /usr/sbin/adduser -> useradd
新增用戶的命令
useradd命令:
NAME
useradd - create a new user or update default new user information
SYNOPSIS
useradd [options] LOGIN
useradd -D
useradd -D [options]
[root@linux_basic you]# useradd user1
[root@linux_basic you]# tail -1 /etc/passwd
user1:x:501:501::/home/user1:/bin/bash
[root@linux_basic you]# useradd user2
[root@linux_basic you]# tail -2 /etc/passwd
user1:x:501:501::/home/user1:/bin/bash
user2:x:502:502::/home/user2:/bin/bash
每增長一個用戶,其的uid都是前一個用戶的uid加1
[root@linux_basic you]# tail -2 /etc/shadow
user1:!!:16425:0:99999:7:::
user2:!!:16425:0:99999:7:::
-u UID
-u, --uid UID
The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be
non-negative. The default is to use the smallest ID value greater than or equal to UID_MIN and greater than every other
user.
-g GID: 所屬的基本組
-g, --gid GROUP
The group name or number of the user's initial login group. The group name must exist. A group number must refer to an
already existing group.
If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in /etc/login.defs. If this
variable is set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with
the same name as her loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line),
useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd,
or 100 by default.
-G GID: 所屬的附加組
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with
no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The
default is for the user to belong only to the initial group.
-c 'COMMENT':註釋信息
-c, --comment COMMENT
Any text string. It is generally a short description of the login, and is currently used as the field for the user's full
name.
-d /path/to/somewhere: 若是此目錄事先存在,會有警告信息;
-d, --home HOME_DIR 用戶的家目錄
The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the
LOGIN name to BASE_DIR and use that as the login directory name. The parent directory of HOME_DIR must exist otherwise
the home directory cannot be created.
[root@linux_basic you]# ls /etc/skel/ -a 用戶的必備信息
. .. .bash_logout .bash_profile .bashrc
[root@linux_basic you]# ls /home/user
user1/ user2/ user3/ user4/ user5/
[root@linux_basic you]# ls /home/user1/ -a
. .. .bash_logout .bash_profile .bashrc
[root@linux_basic you]# useradd -d /tmp/user3 user6
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@linux_basic you]# su - user6
-bash-4.1$
-bash-4.1$
-bash-4.1$ ls
-bash-4.1$ exit
logout
[root@linux_basic you]# ls /tmp/user3/ -a
. ..
須要注意權限
[root@linux_basic you]# ls -ld /tmp/user3
drwxr-xr-x. 2 root root 4096 Dec 21 17:57 /tmp/user3
[root@linux_basic you]# ls /home/ -l
total 24
drwx------. 2 cactiuser cactiuser 4096 Dec 10 21:18 cactiuser
drwx------. 2 user1 user1 4096 Dec 21 17:33 user1
drwx------. 2 user2 user2 4096 Dec 21 17:34 user2
drwx------. 2 user3 user3 4096 Dec 21 17:41 user3
drwx------. 2 user4 user4 4096 Dec 21 17:43 user4
drwx------. 2 user5 user5 4096 Dec 21 17:45 user5
-s SHELL: SHELL必須是/etc/shells文件中存在的shell
-s, --shell SHELL
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the
default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default.
[root@linux_basic you]# useradd -s /bin/tcsh user7
[root@linux_basic you]# su - user7
[user7@linux_basic ~]$ ls
[user7@linux_basic ~]$ echo $SHELL
/bin/tcsh
[user7@linux_basic ~]$ exit
logout
[root@linux_basic you]# echo $SHELL
/bin/bash
-m:強制給用戶建立家目錄
-m, --create-home
Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory
(which can be defined with the -k option) will be copied to the home directory.
-M:不給用戶建立家目錄
-M
Do not create the user's home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to
yes.
-r: 建立系統用戶
-r, --system
Create a system account.
System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the
SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the
creation of groups).
[root@linux_basic tmp]# useradd -r cacti
[root@linux_basic tmp]# tail -1 /etc/passwd
cacti:x:498:498::/home/cacti:/bin/bash uid和gid都是小於500的
[root@linux_basic tmp]# useradd -u 1000 user3
[root@linux_basic tmp]# tail -1 /etc/passwd
user3:x:1000:1000::/home/user3:/bin/bash
[root@linux_basic tmp]# tail -1 /etc/group
user4:x:1001:
[root@linux_basic tmp]# useradd -u 1001 -g 1001 user4
[root@linux_basic tmp]# tail -1 /etc/passwd
user4:x:1001:1001::/home/user4:/bin/bash
[root@linux_basic tmp]# groupadd mytest
[root@linux_basic tmp]# useradd -G user4,mytest user5
[root@linux_basic tmp]# tail -1 /etc/passwd
user5:x:1002:1003::/home/user5:/bin/bash
[root@linux_basic tmp]# tail -1 /etc/shadow
user5:!!:16425:0:99999:7:::
[root@linux_basic tmp]# tail /etc/group
wbpriv:x:88:
apache:x:48:
mysql:x:27:
cactiuser:x:500:
user1:x:501:
user2:x:502:
user3:x:1000:
user4:x:1001:user5
mytest:x:1002:user5
user5:x:1003:
[root@linux_basic tmp]# useradd -r -s /sbin/nologin -M -u 301 mogilefs 能夠不用加'M'選項,由於系統用戶默認是不建立家目錄的
[root@linux_basic tmp]# ls /home/
cactiuser user1 user2 user3 user4 user5 user7 user8
[root@linux_basic tmp]# tail -1 /etc/passwd
mogilefs:x:301:301::/home/mogilefs:/sbin/nologin
groupadd命令: 添加組用戶
NAME
groupadd - create a new group
SYNOPSIS
groupadd [options] group
DESCRIPTION
The groupadd command creates a new group account using the values specified on the command line plus the default values from
the system. The new group will be entered into the system files as needed.
-g GID:指定GID,能夠爲id也能夠爲組名
-g, --gid GID
The numerical value of the group′s ID. This value must be unique, unless the -o option is used. The value must be
non-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. Values
between 0 and 999 are typically reserved for system accounts.
-r: 系統組
-r, --system
Create a system group.
[root@linux_basic tmp]# groupadd user9
[root@linux_basic tmp]# useradd -r -g user9 user8
useradd: user 'user8' already exists
[root@linux_basic tmp]# useradd -r -g user9 user9
[root@linux_basic tmp]# tail -1 /etc/passwd
user9:x:300:1007::/home/user9:/bin/bash
[root@linux_basic tmp]# su - user9
su: warning: cannot change directory to /home/user9: No such file or directory
-bash-4.1$ exit
logout
[root@linux_basic tmp]# groupadd -r user10 [root@linux_basic tmp]# useradd -g user10 user10 [root@linux_basic tmp]# tail -1 /etc/passwd user10:x:1007:300::/home/user10:/bin/bash
- 1. Linux 用戶和組管理
- 2. 用戶和組管理
- 3. 0321用戶和組管理
- 4. Linux用戶和組管理
- 5. vCenter用戶和組管理
- 6. 用戶和組的管理
- 7. 用戶和組管理(1.0)
- 8. 用戶和組管理(2.0)
- 9. Centos7 用戶和組管理
- 10. linux 用戶和組管理
- 更多相關文章...
- • Rust 組織管理 - RUST 教程
- • Swarm 集羣管理 - Docker教程
- • 適用於PHP初學者的學習線路和建議
- • Java Agent入門實戰(三)-JVM Attach原理與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Linux 用戶和組管理
- 2. 用戶和組管理
- 3. 0321用戶和組管理
- 4. Linux用戶和組管理
- 5. vCenter用戶和組管理
- 6. 用戶和組的管理
- 7. 用戶和組管理(1.0)
- 8. 用戶和組管理(2.0)
- 9. Centos7 用戶和組管理
- 10. linux 用戶和組管理