`
DavyJones2010
  • 浏览: 154255 次
  • 性别: Icon_minigender_1
  • 来自: 杭州
社区版块
存档分类
最新评论

Linux: Basic Command Introduction VI

阅读更多

User Management Related Commands

1) User management config file

1) User info config file: /etc/passwd

1) cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

output syntax:

username:password:UID:GID:GECOS:directory:shell

man 5 passwd

Command above can be used to inspect the help doc for passwd.

Cause there is a command called passwd, we have to specify the option 5.

2) Every single user will occupy a single line in this config file.

wc -l /etc/passwd
The command above can be used to count the number of user in current system.

3) Password will not be shown in password position and is marked as x instead.

4) Three kind of user in linux:

1) Super user (root, UID=0) -> More specific, as long as the UID=0, the user is SU no matter what name the user is.

2) Normal user (UID=500~60000) -> When we user useradd to add user, the user is normal user by default.

3) Dummy user (UID=1~499)

5) What is dummy user?

1) Dummy user related to system or program service.

    Like bin, daemon, shutdown, halt, etc. Any linux system have these dummy user by default.

    Like mail, news, games, apache, ftp, mysql and sshd, etc. These are related to process.

2) Dummy user don't have to or even cannot login system cause they may not have password.

3) Dummy user may not have home directory.

6) The GID means the default user group of the user.

1) A user can belong to more than one user group.

2) If a user belongs to a user group, he has all the permissions defined by the user group.

    Think of the -rwxrwxrwx. The three alphabets in the middle means the user group.

3) There is no user who doesn't belong to any user group.

4) Every time we add a user, we can assign its user group explicitly. If not, linux os will assign a usergroup for the user.

7) The GECOS is the description of current user. It recommanded to provide detailed info when we add user.

8) Directory is the home directory for current user. We can assign this explicitly. If not, os will create a directory with the name of username in the /home directory.

2) User password file: /etc/shadow

 1) cat /etc/passwd

root:****:15968:0:99999:7:::

Output syntax:

login-name:encrypted-password:date-of-last-password-change:minimum-password-age:maximum-password-age:password-warning-period:password-inactivity-period:account-expiration-date

2) If we sudo delete password for user, that means the user can login the system without typing password.

3)date-of-last-password-change starts with 1970-01-01.

4) When we add user and set the password for the user. The password will be recorded in /etc/passwd. Then execute "pwconv" to write the real password into /etc/shadow and use x to replace original password in /etc/passwd.

5) We can even manually change the /etc/passwd and /etc/shadow to add or delete user. And that is how the useradd worked.

3) User group info config file: /etc/group

4) User group password file: /etc/gshadow

5) User config file: etc/login.defs; etc/default/useradd

1)  cat /etc/login.defs

     Output sample:

PASS_MAX_DAYS    99999
PASS_MIN_DAYS    0
PASS_WARN_AGE    7
UID_MIN             1000           ----> Minimum user id.
UID_MAX            60000         ----> Maximum user id.
GID_MIN             1000           ----> Minimum user group id.
GID_MAX            60000         ----> Maximum user group id.

DEFAULT_HOME    yes       ----> Should login be allowed if we can't cd to the home directory?

Set all the default config info for user login operation.

2) cat /etc/default/useradd

GROUP=100                          ----> The default group for new added user.

HOME=/home                        ----> The default home dir.

INACTIVE=-1                         ----> The number of days after a password expires until the account is permanently disabled.

EXPIRE=                                ----> The expiration time for account.

CREATE_MAIL_SPOOL=yes

SHELL=/bin/sh

Set all the default config info for user add operation.

6) New user info file: /etc/skel

1) When we manually modified the /etc/passwd and /etc/shadow file to add a user. There is another one step we have to do.

    That is copy the config file in /etc/skel dir into /home/newuser dir.

7) Login info file: /etc/motd; etc/issue

1) cat etc/issue

Ubuntu 12.04.2 LTS \n \l
Includes the os name and version number. This info will shown every time we open the terminal even if we havn't login yet.

We can change this to change the welcome info.

2) cat etc/motd

Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-23-generic i686)
Includes the os name and version number. This info will shown every time when we successfully login the system in terminal.We can modify this to change the login successful welcome info.

2) User management command

 1) The easiest way to create user, we can simply type "useradd ***" and then type password for this user.

      The problem is that we didn't assign a group for this user, os will create a new group for this user with the name of username.

 2) We can type "passwd" to change the password for current user.

     We can type "password username" to change the password for the specified user.

     As only the root have the access to password file, how can current nonroot user change their own password?

administrator@ubuntu:~$ ls -ltr /usr/bin/passwd 
-rwsr-xr-x 1 root root 41284 Sep 13  2012 /usr/bin/passwd

    What does the s mean? --> If the x position marked as s, that would means SetUID.

3) SetUID: --> 4

    If an executable file is excuted by other user and the file has the x position marked as s, then the user would have the permission of the file owner (Usually means root).

1) What if command "touch" x position marked as s?

2) What if command "vi" x position marked as s?

    That would be dangerous! Cause any other user can vi any file in this system!

    Other user can vi /etc/passwd, vi /etc/shadow

2) How can we add SetUID permission to file or command?

administrator@ubuntu:~$ chmod u+s Test/Test.java
administrator@ubuntu:~$ ls -ltr Test/Test.java 
-rwSrw-r-- 1 administrator administrator 127 Oct 13 10:11 Test/Test.java
administrator@ubuntu:~$ ls -ltr Test/Test.java 
-rw-rw-r-- 1 administrator administrator 127 Oct 13 10:11 Test/Test.java
administrator@ubuntu:~$ chmod 4755 Test/Test.java 
administrator@ubuntu:~$ ls -ltr Test/Test.java 
-rwsr-xr-x 1 administrator administrator 127 Oct 13 10:11 Test/Test.java
administrator@ubuntu:~$ umask
0002

    Attention that the 4 in 4755 means SetUID Permission.

    Also, in umask, the first digit 0 means the Special Permission which includes SetUID permission.

    Also, the SetUID permission S is uppercase  in Test/Test.java. Why?

    The uppercased S is a sign of warning. Cause the SetUID should only be assigned to executable file!

    If the file itself is not executable, there is no meaning of assign SetUID to it.

4) SetGID:  --> 2

    If an executable file is excuted by other user and the file has the x position marked as s, then the user would have the permission of the file owner group (Usually means root group).

5) How to find all the files that have the s permission?

administrator@ubuntu:~$ find / -perm -4000 -o -perm -2000 | more
administrator@ubuntu:~$ find / -perm -0777 -o -perm -0755 | more

   -o --> Means or

6) Sticky:    -->1

administrator@ubuntu:~$ mkdir temp
administrator@ubuntu:~$ chmod 777 temp
administrator@ubuntu:~$ touch temp/Test.java
administrator@ubuntu:~$ ls -ltr temp/
-rw-r--r-- 1 administrator administrator 0 Oct 17 22:35 Test.java
         The problem is that although we set Test.java the permission of 644, we set the permission of temp/ as 777 at the same time.

  That means even other people cannot write and execute Test.java, they can delete and rename this file.

  That would be undesirable cause we don't want other people touch the file we created especially in the shared folder /tmp.

  Linux has a shared folder /tmp.

administrator@ubuntu:~$ ls -ld /tmp
drwxrwxrwt 13 root root 28672 Oct 17 16:14 /tmp

 Attention that the rwt in other position.

1) Sticky only applies for directory whose permission is 777. If not, sticky would be meaningless.

2) If set sticky, that would means everyone can create file in this directory,

    but they can only delete the file they created(they are the owner of the file).

3) User group management command

1) user group info file --> /etc/group

administrator@ubuntu:~$ cat /etc/group
root:x:0:root

#What does that mean?
man 5 group
group_name:passwd:GID:user_list

1) Q:  What's the usage of group passwd?

    A:   That applies for users who don't belongs to this group but willing to operate as a member of this group. 

          After typed in the group passwd, he can temporarily as a member of this group.

2) groupadd

administrator@ubuntu:~$ sudo groupadd webadmin
administrator@ubuntu:~$ grep webadmin /etc/group
webadmin:x:892:
administrator@ubuntu:~$ sudo groupadd -g 888 leader
administrator@ubuntu:~$ grep leader /etc/group
leader:x:888:
 3) groupdel
administrator@ubuntu:~$ groupdel webadmin
administrator@ubuntu:~$ grep webadmin /etc/group
total 0
 4) groupmod 
administrator@ubuntu:~$ groupmod -n apache leader
#Modify the group name leader to apache
 5) useradd 
administrator@ubuntu:~$ useradd kunlun
administrator@ubuntu:~$ grep kunlun /etc/passwd
...
#useradd -D is the same with cat /etc/default/useradd
#To see the new added user default info 
administrator@ubuntu:~$ sudo useradd -D
administrator@ubuntu:~$ sudo cat /etc/default/useradd
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

# -u: assign one default uid.(Must not exist before)
# -g: assign one default group for user. 
# -G: assign several groups for user. One user can belongs to many groups.
# -d: assign the home folder for the user, default is /home
# -s: assign the default shell for user, default /bin/bash
# -c: description for the user. Use "" if description contains spaces.
# -e: assign the expiration date for the user 
administrator@ubuntu:~$ useradd 
-u 888  
-g apache 
-d /backup 
-s /bin/bash
-c "Apache user Davy" 
-e 2013-11-21
davy
administrator@ubuntu:~$ passwd davy
***
 6) usermod
# -G: add user Davy to group apache
administrator@ubuntu:~$ usermod -G apache Davy

# -g: add user to group
# -l : modify user name
# -d: modify home directory
administrator@ubuntu:~$ usermod -l davy -d /home/davy -g apache Davy

# modify username from davy to Davy
administrator@ubuntu:~$ usermod -l Davy davy
 7) gpasswd
# -a: add user to usergroup
# -d: delete user from usergroup
# -A: set admin for usergroup
# -r:  delete usergroup passwd
# -R: forbid user to act as member of this group by typing usergroup passwd
administrator@ubuntu:~$ gpasswd -a Davy apache
administrator@ubuntu:~$ gpasswd -r apache
# set passwd for group apache
administrator@ubuntu:~$ gpasswd apache
 8) newgrp
# shift user to davy from administrator
administrator@ubuntu:~$ su -u davy

# shift davy to usergroup administrator
davy@ubuntu:~$ newgrp administrator
password: ***

4) Add batch user

 

5) User permission authentication

  • 大小: 127.8 KB
  • 大小: 185.2 KB
分享到:
评论

相关推荐

    Linux for Beginners: An Introduction to the Linux Operating System

    The basic Linux commands you'll use most often. Creating, renaming, moving, and deleting directories. Listing, reading, creating, editing, copying, and deleting files. Exactly how permissions work ...

    Linux for Developers

    ### Linux for ... this book provides a comprehensive introduction to Linux programming, covering a wide range of topics from command line basics to advanced scripting and programming techniques.

    Wiley.Publishing.Fedora.Linux.Toolbox.1000+.Commands.for.Fedora.CentOS.and.Red.Hat.Power.Users.and.Red.Hat.Power.Users.2008.pdf

    vi and Vim are powerful text editors used widely in Linux. This appendix covers: - **Basic Editing**: Inserting, deleting, and modifying text. - **Navigation**: Moving around the editor efficiently. ...

    The.Linux.Networking.Architecture

    Part VI: Layer V—Application Layer 533 Chapter 27. Network Programming With Sockets 535 Section 27.1. Introduction 535 Section 27.2. Functions of the Socket API 538 Section 27.3. ...

    A Practical Guide to UNIX for Mac OS X Users.chm

    Designed for the novice to intermediate user, it covers basic user-level commands, shell programming, as well as more advanced utilities. Features: A quick introduction to 30+ useful utilities An ...

    unix power tools 3ed.pdf

    #### 六、脚本编程 (Part VI: Scripting) **6.1 shell解释 (Chapter 27: Shell Interpretation)** - **shell脚本语言**: shell脚本的基础语法。 - **条件语句**: 如何使用`if`, `case`等进行条件判断。 - **循环...

    Cisco Press - OSPF Network Design Solutions, 2nd Edition

    0323FMf.book Page vi Wednesday, March 12, 2003 9:41 AM vii Contents Introduction xix Part I OSPF Fundamentals and Communication 3 Chapter 1 Networking and Routing Fundamentals 5 Foundations of ...

    Tornado Train Workshop

    98 graphical and command-line user interfaces, file systems, and standard Windows editor. iv Wind River Systems Course Objectives • Overview of Tornado / VxWorks facilities. • Boot VxWorks and ...

    Practical C++ Programming C++编程实践

    Basic Declarations and Expressions Basic Program Structure Simple Expressions The std::cout Output Object Variables and Storage Variable Declarations Assignment Statements Floating-Point Numbers ...

    The Indispensable PC Hardware Book - rar - part1. (1/7)

    Basic Logical Elements. CMOS Inverters as Low-power Components. An Example: 1-bit Adder. The CPU as the Core of all Computers. 3. Everything Began with the Ancestor 8086. Pins and Signals in ...

    Developing Flex Applications 910p dda_doc88_cracker.zip

    This package contains 3 kid: 1. a book Developing Flex Applications 2. a web page viewer for doc88 ebt ... CONTENTS PART I: Presenting Flex CHAPTER 1: Introducing Flex....About Flex....

    php_6_fast_and_easy_web_development.pdf

    Using the SHOW Command. . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Appendix FUsing SQLite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 Examples of SQLite in Action. . . ...

    hadoop_the_definitive_guide_3nd_edition

    Basic Filesystem Operations 52 Hadoop Filesystems 54 Interfaces 55 The Java Interface 57 Reading Data from a Hadoop URL 57 Reading Data Using the FileSystem API 59 Writing Data 62 Directories 64 ...

    最新版的DebuggingWithGDB7.05-2010

    5.1.7 Breakpoint Command Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.8 “Cannot insert breakpoints” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.9 ...

Global site tag (gtag.js) - Google Analytics