Home | 简体中文 | 繁体中文 | 杂文 | 知乎专栏 | Github | OSChina 博客 | 云社区 | 云栖社区 | Facebook | Linkedin | 视频教程 | 打赏(Donations) | About
知乎专栏多维度架构 微信号 netkiller-ebook | QQ群:128659835 请注明“读者”

第 17 章 Permission 权限管理

目录

17.1. User 用户管理
17.1.1. 添加用户
17.1.2. 删除用户
17.1.3. 修改用户组
17.1.4. 账号加锁与解锁
17.1.4.1. /etc/passwd
17.2. Group
17.2.1. Add a new group
17.2.2. Add a user to the group
17.2.3. /etc/group
17.2.4. gpasswd - administer /etc/group and /etc/gshadow
17.3. umask
17.4. Access Permissions
17.4.1. chown - change file owner and group
17.4.2. chgrp - change group ownership
17.4.3. chmod - change file access permissions
17.5. chattr - change file attributes on a Linux second extended file system
17.6. su - run a shell with substitute user and group IDs
17.7. runuser - run a command with substitute user and group ID
17.8. sudo, sudoedit - execute a command as another user
17.8.1. /etc/sudoers
17.8.2. /etc/sudoers
17.8.3. 设置示例
17.8.4. NOPASSWD
17.8.5. 允许或禁止命令
17.8.6. Cmnd_Alias 用法
17.8.7. wheel 组
17.8.8. 注意事项
17.9. ACL - Access Control List
17.9.1. getfacl - get file access control lists
17.9.2. setfacl - set file access control lists
17.9.2.1. set
17.9.2.2. default
17.9.2.3. remove
17.9.2.4. backup and restore

17.1. User 用户管理

17.1.1. 添加用户

		
$ adduser neo			
			
			
		
			
## 添加一个账号和root有一样的权限
useradd -o -u 0 -g 0  admin

## 指定家目录和shell
useradd -o -u 0 -g 0  -d /root -s /bin/bash admin

## 添加 root 用户并且设置密码
useradd -o -u 0 -g 0 admin
echo redhat | passwd admin --stdin
// 上面两条同下面一条
useradd -o -u 0 -g 0 -p $(openssl passwd -1 redhat@@neo) admin

## 添加普通用户并且设置密码
useradd -p $(openssl passwd -1 redhat@@admin) admin

##  添加普通用户指定其第二用户组
useradd -G root  -p $(openssl passwd -1 redhat@@admin) admin			
			
			
			

17.1.2. 删除用户

remove an existed user, but keeping directory /home/neo

		
$ userdel neo			
			
			

delete user's directory under /home when removing an existed user

		
$ userdel -r neo
			
			

17.1.3. 修改用户组

usermod - modify a user account

		
usermod -G group -a user

[root@scientific ~]# groupadd vm
[root@scientific ~]# adduser xen
[root@scientific ~]# usermod -G vm -a xen
[root@scientific ~]# usermod -G vm -a kvm
[root@scientific ~]# id xen
uid=501(xen) gid=502(xen) groups=502(xen),501(vm)
			
			

将 www 加入 wheel 组,www 用户可以使用 sudo 命令

		
			
[root@localhost ~]# usermod -aG wheel www

[www@localhost ~]$ id www
uid=80(www) gid=80(www) groups=80(www),10(wheel)			
			
			
			

17.1.4. 账号加锁与解锁

lock / unlock

		
passwd -l neo
			
			
		
passwd -u neo
			
			

17.1.4.1. /etc/passwd

		
[root@test ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
neo:x:500:500::/home/neo:/bin/bash
mysql:x:501:501::/home/mysql:/bin/bash