Chapter 3: multi-user task management
Main contents:
- Account management
- Authority management
- Process management
1. Account management:
Relevant system files: /etc/passwd:Define each user account, which can be read by all users /etc/shadow:Save the encrypted user password, root readable /etc/group:Group users, including all attributes of the group,All user readable /etc/gshawow: Define user group password, group administrator and other information, root readable
Note: a group can have multiple users, and a user can also belong to different groups.
When a user is a member of many groups, it has a primary group and the rest are additional groups.
Some commands:
useradd: Add new user [-G]:Specify additional groups [-g]: Specify initial group usermod: Modify an existing user userdel: Delete existing users, cooperate[-r]Delete user home directory groupadd: Add a new group groupmod: Modify group groupdel: delete group passwd: Password management [-S]:List password status information or [-l/-u]:Lock user/Unlock or [-d]:remove password chage:Modify user password (user already exists) [-m]: Specify the minimum number of days to change the password. 0 is never expired [-M]: Specify the maximum number of days the password is valid [-l]: Lists the current user password aging information whoami: Displays the current user name id: Show user identity groups: Displays the specified user group newgrp: Convert the user from the current group to the specified additional group, provided that the user must belong to the group
A small example
#Create a new user tom and attach it to the staff group useradd -G staff tom #Create a new user abc, specify the login directory as / www, and do not create a user host directory ([- M]) makdir /www; useradd -d /www -M abc
2. Authority management
----Note: deleting files has nothing to do with file permissions----
There are three kinds of permissions: R (read), w (write) and x (execute)
The meaning of the file is simple to read, write and run
The meaning of the directory is r (contents can be listed), w (files can be created and deleted in the directory), x (you can use the cd command to enter the directory)
Of course, there is also a special (-) to indicate no operation permission
For convenience, we usually express these permissions as numbers
r: 4
w: 2
x: 1
At the same time, generally, there are 10 permissions listed, of which the first represents the file type, and then every three represents [file belongs to master permission], [file belongs to group permission] and [other user permissions]
Some statements:
# Change operation permissions: chmod[ugoa][+-=][rwxugo] [u]: Indicates the owner( user) [g]: User group( group) [o]: Other users( other) [a]: All users( all) [+]: Add permissions [-]: Delete permissions [=]: Assign permissions and delete the original permissions #Change owner and co owner: chown #Change the owner of user1 to aaa chown aaa user1 #Sets the default build mask for the file umask[-S][u1u2u3] [-S]: View permissions for each section u1: Owner permission is not allowed u2: Permission of the same group is not allowed u3: Do not allow others to have permissions #Special permission settings [[special permission for documents] SUID:When a setting SUID When the executable of is executed, the file will run as the owner. SGID:When a setting SGID When the executable of is executed, the file will run as the group to which it belongs. [[directory special permission] SGID: The files created in the directory are consistent with the group to which the directory belongs. The group of all files copied to this directory will be reset to be consistent with this directory, unless added during copying[-p]Parameters. sticky-bit: The files stored in this directory are only allowed to be deleted and moved by the owner.
A typical example of setting SUID is the passwd program, which allows ordinary users to change their password (change the / etc/shadow file), but if so, ordinary users will have root permission (/ etc/shadow file permission is root), which will cause hidden problems to system security. If SUID is set, the user will "have" root permission when performing passwd operation.
Small example:
#View the default build mask for the current file umask -S u=rwx,g=rx,o=rx #Add SUID permission for program / usr/bin/myapp (text setting method) chmod u+s /usr/bin/myapp (Numerical setting method) chmod 4755 /usr/bin/myapp
Numerical setting method of special authority:
Four octal digits are used. The first digit is used to set special permissions, and the last three digits are used to set basic permissions.
SUID—s(4)
SGID—s(2)
sticky-bit—t(1)
- Process management
Concept:
Each process has an identification number, called PID, which is used to distinguish it from its process. After the system starts, the first process is systemd, PID=1. systemd is the only process that runs directly by the system kernel.
In addition to PID, there are four identification numbers related to users and groups:
① Actual user ID RUID
② Actual group ID RGID
③ Valid user ID EUID
④ Valid group ID EGID
Among them, ① and ② are responsible for identifying the running users and groups, which is actually equivalent to the UID and GID of the process.
Type of process
- Interactive process: it can be started by Shell and run in the foreground and background.
- Batch process: a background process that is not associated with a specific terminal and executes sequentially in the waiting queue.
- Daemon: it is initialized at startup and runs in the background when necessary
Start mode
- Manual start
- Foreground start
- Background start
View process
- ps statement
ps [a]: Show all processes [u]: Displays the user name and start time [x]: Show processes without control terminals [f/H]: Show process tree [-e]: Show all processes [-f]: Full display (all information)
- ps output field meaning (main)
PPID;Parent process number PID: Process number TTY;From which terminal STAT: Current status of the process
- Character meaning of process status in STAT
R: In progress S: The process is sleeping Z: Zombie process, has been terminated, the parent process does not know <: High priority process N: Low priority process X: Dead process
- Kill process
Kill by force: kill -9
Forcibly kill all processes of user aaa: pkill -9 -u aaa