Having your own server, a very important step is to configure users. After all, if you want to be root, delete the database and run away!

View user

image.png

$ who am i
mugpeng  ttys000  Aug 20 19:43 
(base) mugpengdeMacBook-Pro:~ mugpeng$ who mom likes
mugpeng  ttys000  Aug 20 19:43 

root user

★ root permission, a kind of SYSTEM permission, can be understood as a concept with SYSTEM permission, but it is higher than Administrator permission. Root is the super Administrator user account in Linux and UNIX systems. This account has the supreme power of the whole SYSTEM and can operate all objects. Therefore, when many hackers invade the SYSTEM, You should increase the permission to root. This operation is equivalent to adding the new illegal account to the Administrators user group under Windows. For example, in the Android operating SYSTEM (based on the Linux kernel), obtaining the root permission means that you have obtained the highest permission of the mobile phone. At this time, you can perform all operations of adding, deleting, modifying and querying any file (including SYSTEM files) in the mobile phone. "

Generally, the default login account is an ordinary user. Switch users through su user or su - user (change to switch the user's working directory and environment). Or users belonging to the sudo group use the sudo use privilege command.

New user

# New user
sudo adduser lilei
# Change user password
sudo passwd lilei 

You can then view the new user and exit.

adduser and useradd

image.png

User group

View user groups

Method 1

groups xxx
xxx : xxx

The colon indicates the user before and the user group to which the user belongs.

Method 2

cat /etc/group | grep -E "xxx"

Generally speaking, the displayed password x means that the password is invisible, not really it.

Join the root user group

By default, the newly created user does not have root permission and is not in the sudo user group. You can join the sudo user group to obtain root permission.

$ sudo usermod -G sudo hhh

image.png

Delete users and user groups

--Remove home will delete the working directory corresponding to the user.

$ sudo deluser lilei --remove-home

Delete user groups using groupdel.

Interpretation of permission code information

-rw-r--r--
drwx------

The first character indicates the type of object:

-  Representation file
d Represents a directory
l Represents a link
c Represents a character device
b Represents a block device
n Represents a network device

Then there are three groups of three character codes. Each group defines three access rights:

r Indicates that the object is readable
w Indicates that the object is writable
x Indicates that the object is executable
 If there is no permission, a single dash will appear in the permission position.

These three groups of permissions correspond to three security levels of the object:

Owner of the object
 Group of objects
 Other users of the system

Change document owner

Change xxx file owner to user.

$ sudo chown user xxx

Edit file permissions

umask

When you create a file using touch or mkdir, the permissions of the file are set by default.

mugpengdembp:test mugpeng$ ls -l
total 0
-rw-r--r--  1 mugpeng  wheel   0 Jun  9 11:20 test1
drwxr-xr-x  2 mugpeng  wheel  64 Jun  9 11:20 test2

• Represents a file and d represents a directory.

Where do these permissions come from? It is set through umask. We can directly enter umask to view the default permission settings.

$ umask
0022

The first one represents the security feature of sticky bit. The last three digits represent the umask octal value corresponding to the file or directory. That is to convert the three groups of three character permissions into three octal numbers.

--- 000 0
--x 001 1
-w- 010 2
-wx 011 3
r-- 100 4
r-x 101 5
rw- 110 6
rwx 111 7

Therefore, the value of full permission is 666 for files and 777 for directories.

The file we created can be converted to octal 644.

However, the file permissions we created are different from the default 022. This is because the umask value is just a mask. It blocks files that you do not want to grant permissions to. Therefore, we need to subtract the umask value from the full permission value of the object. For example, the original file permission is 666, and subtraction is required when umask is 022, so its actual permission is 644.

We can use umask xxx to specify a new value for it. At this time, the permissions of the created file have been changed to 640.

$ umask 026
$ ls -l test3
-rw-r-----  1 mugpeng  wheel  0 Jun  9 11:41 test3

chmod

The chmod command can be used to change the permissions of a file.

chmod options mode file

The mode parameter can be customized to octal mode or symbol mode for security settings. The default is octal permission code.

-rw-r-----  1 mugpeng  wheel   0 Jun  9 11:41 test3
$ chmod 760 test3
-rwxrw----  1 mugpeng  wheel   0 Jun  9 11:41 test3

Symbol mode security settings

The security settings in chmod's symbol mode are slightly more complex. chmod [ugoa] [+ - = [rwxxstugo] where

u Represents the user
g Representation group
o On behalf of others
a representative ugo whole
+ Indicates adding permissions
- Indicates remove permission
= Indicates that the existing permission is modified to the following new value
X Indicates that if the object is a directory or has execution permission, execution permission is given
s Indicates runtime reset UID or GID
t Indicates a reserved file or directory

such as

-rwxrw----  1 mugpeng  wheel   0 Jun  9 11:41 test3
$ chmod o+r test3
-rwxrw-r--  1 mugpeng  wheel   0 Jun  9 11:41 test3

Exercises

image.png

# Create user
$ sudo adduser loutest
# Add user to sudo group
$ sudo usermod -G sudo loutest
# Switch users
$ su -l loutest
# Just create a file
$ sudo touch /opt/forloutest
$ ls /opt/ | grep 'forloutest'