1, References
Ubuntu/Linux user management and permission management (super detailed analysis)
2, Key instructions
1. root user
1.1 set root user password
sudo passwd root
# output yichao@yichao:~$ sudo passwd root [sudo] yichao Password for: Enter a new UNIX password: Re enter the new UNIX password: passwd: The password was successfully updated
1.2 enter the root user
su root
# output yichao@yichao:~$ su root password: root@yichao:/home/yichao#
2. User group
2.1 viewing user groups
id user name # perhaps cat /etc/group | grep UserName
yichao@yichao:~$ id yichao uid=1000(yichao) gid=1000(yichao) group=1000(yichao),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(docker)
uid,user id; gid,User's group id; Group, a list of groups in which the user belongs; The user's primary group is yichao; Also in 4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(docker)In the user group;
2.2 creating user groups
Many times, when creating new users, I want to group some users into a group for subsequent management. For example, I plan to put all the student accounts in the student group. In Ubuntu, a user can be in several groups at the same time, and a primary group will be designated.
sudo groupadd [options] GroupName
2.3 deleting user groups
sudo groupdel GroupName
2.4 modifying user groups
sudo groupmod [options] GroupNameOld
-g NewID: by GroupNameOld User group specifies a new group id -n NewGroupName:by GroupNameOld User group specifies a new group name
# Change the name of user group group1 to group2 and set the group id to 10001 sudo groupmod -g 10001 -n group2 group1
2.5 user group management
The command of user group management is gpasswd, which is usually used to add or remove users to user groups. Its basic syntax is as follows:
gpasswd [option] GroupName # Add user user1 to user group Group2 gpasswd -a user1 Group2 # Remove user user1 from user group Group1 gpasswd -d user1 Group1
3. Create a new user
To create a new user, you can use two commands: adduser and useradd. One is to configure the password and other information through the system prompt, and the system will create the user with the default directory configuration (adduser will establish the user's home directory in the \ home directory, only configure the password and some user information, and other configurations such as permission user group are default); One is to add users through parameter configuration (useradd, you can enter parameters to determine the user's home directory, user group and other configurations).
To avoid confusing these two commands, I remember this:
((system) add user—— System add user,add before, user After, it is automatically completed by the system, system Omitted, so adduser; User add (user)—— User add user,You can customize the parameter configuration by adding users, and omit the following users,So it is useradd.
3.1 adduser system creates a new user
By default, a new user group is created and a new user directory \ home\abc \ is created under the \ home directory.
sudo adduser UserName
3.2 useradd user creates a new user
useradd [options] UserName
# Common options are as follows (pay attention to strict case sensitivity) -d DirPath: appoint DirPath Is the home directory of the new user; -m: No value is required, and-d Shared, indicating that when the above DirPath Create directory when directory does not exist DirPath; -g GroupName: Specify the user group where the new user is mainly located (an error will be reported when the specified group does not exist. You need to create a user group first; -G GroupName1 GroupName2: Specify the user group of the new user (multiple users can be listed); -s ShellPath: Specifies the login of the user shell For file ShellPath.
useradd -d /media/StudentGroup/stu1/ -m -g StudentGroup -G adm,root stu1 Create user stu1,The primary user group is StudentGroup(It needs to be created in advance), and it also belongs to the user group adm and root,Home directory is/media/StudentGroup/stu1/. In this way, the created user has no password and can root The user sets a password for it( passwd stu1 Command, see user modification later).
Note: you need to manually create the directory / media/StudentGroup / or ensure that it exists, because the directory created in this command does not support multi-level directory creation at the same time, like the command mkdir.
4. Modify user
4.1 switching user groups
Sometimes, when a user belongs to multiple user groups at the same time, the permission configuration of the primary user group will be used by default.
# User stu1 is in the user group StudentGroup and ADM at the same time. The default is StudentGroup. Under stu1, you can switch to adm group by using the following command: newgrp adm
4.2 password related
If only the current user changes his password, only passwd can be used. If the root user or other administrator user modifies the password configuration of other users, the administrator permission sudo or the root user itself is required.
passwd [options] UserName
Do not use any options: modify the password directly -l:Lock the password, that is, disable the user. The user can ssh Login, but the password cannot be changed -u:Unlock password, i.e. disable -d:Clear the password so that the account does not need a password
4.3 configuration related
usermod [options] UserName
One is the - m option. When modifying the user configuration, it also needs to be used with the - d option. At this time, the - m option is not to create the user home directory, but to move the contents of the old user home directory to the new user home directory specified by - d.
The other is the - G option. If you want to add users to one or more groups, the user group list after - G should include the group list of the previous user and the new group list. Otherwise, the user will be removed from the previous group list. To view which groups the user is in, you can view them with the command cat /etc/group | grep UserName. (UserName is the user name to view).
Sometimes users belong to many groups, so it is troublesome to use only the - G option. You need to list all the previous groups. At this time, you can add the - a option (append) and the - G option together, which means to attach a group. When using it, it is shown in the following command:
usermod -a -G newGroup user1 #Adding user1 to the newGroup group adds a newGroup to the original group list of user1
5. User account
5.1 viewing users
Each user has a corresponding record line in the file / etc/passwd, which records some basic attributes of the user.
cat /etc/passwd
yichao@yichao:~$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false syslog:x:104:108::/home/syslog:/bin/false _apt:x:105:65534::/nonexistent:/bin/false messagebus:x:106:110::/var/run/dbus:/bin/false uuidd:x:107:111::/run/uuidd:/bin/false lightdm:x:108:114:Light Display Manager:/var/lib/lightdm:/bin/false whoopsie:x:109:117::/nonexistent:/bin/false avahi-autoipd:x:110:119:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/bin/false colord:x:113:123:colord colour management daemon,,,:/var/lib/colord:/bin/false speech-dispatcher:x:114:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false hplip:x:115:7:HPLIP system user,,,:/var/run/hplip:/bin/false kernoops:x:116:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false pulse:x:117:124:PulseAudio daemon,,,:/var/run/pulse:/bin/false rtkit:x:118:126:RealtimeKit,,,:/proc:/bin/false saned:x:119:127::/var/lib/saned:/bin/false usbmux:x:120:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false yichao:x:1000:1000:yichao,,,:/home/yichao:/bin/bash share:x:1001:1001::/home/share:
A row of records corresponds to a user, and each row of records is colon(:)It is divided into 7 fields, and its format and specific meaning are as follows: user name:Password:User identification number:Group identification number:Annotative description:home directory:Sign in Shell
5.2 viewing user groups
Each user group corresponds to a line of records in the file / etc/group.
cat /etc/group
yichao@yichao:~$ cat /etc/group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,yichao tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:yichao floppy:x:25: tape:x:26: sudo:x:27:yichao audio:x:29:pulse dip:x:30:yichao www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:yichao staff:x:50: games:x:60: users:x:100: nogroup:x:65534: systemd-journal:x:101: systemd-timesync:x:102: systemd-network:x:103: systemd-resolve:x:104: systemd-bus-proxy:x:105: input:x:106: crontab:x:107: syslog:x:108: netdev:x:109: messagebus:x:110: uuidd:x:111: ssl-cert:x:112: lpadmin:x:113:yichao lightdm:x:114: nopasswdlogin:x:115: ssh:x:116: whoopsie:x:117: mlocate:x:118: avahi-autoipd:x:119: avahi:x:120: bluetooth:x:121: scanner:x:122:saned colord:x:123: pulse:x:124: pulse-access:x:125: rtkit:x:126: saned:x:127: yichao:x:1000: sambashare:x:128:yichao docker:x:999:yichao share:x:1001:
A row of records corresponds to a user group, and each row of records is colon(:)It is divided into 4 fields, and its format and specific meaning are as follows: Group name:Password:Group identification number:List of users in the group
6. View file / directory permissions
ls -l ll
| jurisdiction | incode | User | User group | file size | Modification time | name |
|---|---|---|---|---|---|---|
| drwxrwxrwx | 0 | user | group | 512 | Month day time | name |
The first field, such as drwxrwxrwx or drwxr-xr-x, indicates the permission of the file. The value of this field has a total of 10 characters, and the meaning of each bit is as follows:
| position | meaning | Value description |
|---|---|---|
| 1st place | Is it a directory | d indicates that the file is a directory, - indicates that the file is not a directory |
| 2 ~ 4 bits | Permission of the user to this file | The 2, 3 and 4 bits correspond to read, write and execute permissions respectively. If the corresponding position is "-" symbol, it indicates that it does not have the permission, and the corresponding letters r, w and x indicate that it has the permission |
| 5 ~ 7 bits | Permission of the user group to this file | Bits 5, 6 and 7 correspond to read, write and execute permissions respectively. If the corresponding position is "-" symbol, it indicates that it does not have the permission, and the corresponding letters r, w and x indicate that it has the permission |
| 8 ~ 10 bits | Permissions of other users on this file | Bits 8, 9 and 10 correspond to read, write and execute permissions respectively. If the corresponding position is "-" indicates that it does not have the permission, and the corresponding letters r, w and x indicate that it has the permission |
7. Modify / set permissions
chmod Permission operation file name
chmod 777 -R Directory name chmod 777 file name
8. Modify ownership
chown yichao:yicaho -R Directory name chown yichao:yichao file name
9. Add users and grant permissions to Ubuntu
ubuntu adds a user and grants permissions
9.1 new users (take yoyo as an example)
sudo adduser yoyo
9.2 password modification
sudo passwd yoyo
9.3 modifying shell types
sudo usermod -s /bin/bash yoyo
9.4 add sudo permission
sudo gedit /etc/sudoers # Find the line root ALL=(ALL) ALL and add it below it yoyo ALL=(ALL:ALL) ALL
9.5 SSH Remote Login
ssh yoyo@192.168.0.147