Linux allows multiple users to have access to the system at one time. Setting permissions protects users from each other. Users can be assigned to groups that are created for users who share privilege, security, and access. Files and devices may be granted access based on a specific user or a group of users.
Linux允许多个用户一次访问系统。 设置权限可以保护用户彼此之间。 可以将用户分配到为共享特权,安全性和访问权的用户创建的组。 可以基于特定用户或一组用户来授予文件和设备访问权限。
Groups are often used to give members certain permissions to modify a file or directory.
组通常用于授予成员某些权限来修改文件或目录。
The two main types of groups are primary groups and secondary groups. A user's primary group is the default group the account is associated with. Directories and files the user creates will have this Group ID. A secondary group is any group(s) a user is a member of other than the primary group.
组的两种主要类型是主要组和次要组。 用户的主要组是与该帐户关联的默认组。 用户创建的目录和文件将具有此组ID。 次要组是用户不是主要组的成员的任何组。
建立群组 (Creating groups)
Let's create two groups called "writers" and "editors". Use the groupadd
command like this ( You may have to use sudo
at the beginning so you have the appropriate permission to create a group):
让我们创建两个组,分别称为“作家”和“编辑者”。 像这样使用groupadd
命令(您可能必须在开始时使用sudo
,因此您具有创建组的适当权限):
groupadd writers
groupadd editors
建立使用者 (Creating users)
You may already have users to add to your group. If not, here is the basic syntax to create a user with the useradd
command:
您可能已经有用户要添加到您的组中。 如果没有,这是使用useradd
命令创建用户的基本语法:
useradd [options] username
useradd [options] username
Here is the command to create a user named "quincy". The -m
will create the user's home directory to match the username. The -p p4ssw0rd
creates a password for the user of "p4ssw0rd".
这是创建名为“ quincy”的用户的命令。 -m
将创建用户的主目录以匹配用户名。 -p p4ssw0rd
为“ p4ssw0rd”用户创建密码。
useradd -m quincy -p password
useradd -m quincy -p password
The user will be able to change their password with the passwd
command. They will have to enter their current password and then their new password.
用户将可以使用passwd
命令更改其密码。 他们将必须输入当前密码,然后输入新密码。
将用户添加到组 (Adding a user to a group)
You can use the usermod
command to add a user to a group. Here is how to add the user "quincy" to the group "writers". The -a
parameter means "append" and the -G
parameter adds a group as a secondary group.
您可以使用usermod
命令将用户添加到组中。 这是将用户“ quincy”添加到“ writers”组的方法。 -a
参数表示“追加”, -G
参数将一个组添加为辅助组。
usermod -a -G writers quincy
usermod -a -G writers quincy
When a user is created with the adduser
command, the user is automatically assigned to a primary group with the same name as the username. So currently the user "quincy" has a primary group of "quincy" and a secondary group of "writers".
使用adduser
命令创建用户时,该用户将自动分配adduser
用户名相同名称的主组。 因此,当前用户“ quincy”具有主要组“ quincy”和次要组“ writer”。
You can also add a user to many groups at once by separating the group names with commas. -G group1,group2,group3
.
您还可以通过用逗号分隔组名来一次将用户添加到多个组。 -G group1,group2,group3
。
The following command changes the primary group of the user quincy to "editors":
以下命令将用户昆西的主要组更改为“编辑者”:
usermod -g editors quincy
usermod -g editors quincy
从辅助组中删除用户 (Removing a user from a secondary group)
To remove a user from a secondary group you need to overwrite the current groups of a user with a new set of groups that does not contain the group that is being removed.
要从辅助组中删除用户,您需要用一组不包含要删除的组的新组覆盖用户的当前组。
First, use the id
command to check what secondary groups a user belongs to:
首先,使用id
命令检查用户属于哪个二级组:
id -nG quincy
id -nG quincy
Let's say that this returns editors writers
indicating that quincy is part of the "editors" and "writers" group. If you want to remove the "writers" group, use this command:
假设这返回了editors writers
表明昆西是“编辑者”和“作家”组的一部分。 如果要删除“作家”组,请使用以下命令:
usermod -G editors quincy
usermod -G editors quincy
That command sets the secondary group of quincy to "editors". Since the -a
flag was not used, the previous set of groups was overwritten.
该命令将昆西的第二组设置为“编辑器”。 由于未使用-a
标志,因此先前的组已被覆盖。
结论 (Conclusion)
You should now be ready to start managing users and groups. The next step is to determine which privileges each group will have.
您现在应该准备开始管理用户和组。 下一步是确定每个组将拥有哪些特权。