账户信息
linux的账户信息都存储在/etc/passwd文件下
[wolf@localhost ~]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
#......,中间省略很多
user:/var/cache/clevis:/sbin/nologin
gnome-initial-setup:x:974:974::/run/gnome-initial-setup/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wolf:x:1000:1000:CentOS 8 64:/home/wolf:/bin/bash
包含 :
wolf :x :1000:1000:CentOS 8 64:/home/wolf:/bin/bash
用户名:密码:用户ID(UID):群组ID(GID):用户描述:home目录位置:默认的shell
账户密码
linux中存放用户密码的文件为/etc/shadow,密码已经加密
[wolf@localhost ~]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[wolf@localhost ~]$ su
Password:
[root@localhost wolf]# cat /etc/shadow
root:$1$lLM.O6Uw$jeTFkC19c5C/gFSZDoy/N1::0:99999:7:::
bin:*:18397:0:99999:7:::
添加新用户-useradd
useradd添加默认值,default,用useradd -D查看
[wolf@localhost ~]$ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[wolf@localhost ~]$ ll -a /etc/skel
total 24
drwxr-xr-x. 3 root root 78 Nov 2 01:38 .
drwxr-xr-x. 149 root root 8192 Nov 20 01:53 ..
-rw-r--r--. 1 root root 18 Jul 27 2021 .bash_logout
-rw-r--r--. 1 root root 141 Jul 27 2021 .bash_profile
-rw-r--r--. 1 root root 376 Jul 27 2021 .bashrc
drwxr-xr-x. 4 root root 39 Nov 2 01:37 .mozilla
创建新组
利用groupadd命令创建一个名为group1的新组
#root管理员账户才能创建新组,-g:组ID为1010,-p:密码为group
[wolf@localhost ~]$ su
Password:
[root@localhost wolf]\# groupadd -g 1010 -p group1 group1
[root@localhost wolf]\# cat /etc/group
root:x:0:
bin:x:1:
······
slocate:x:21:
wolf:x:1000:
flower:x:1001:
flower2:x:1002:
group1:x:1010: #新增一个组为group1
新组添加成员
用usermod命令,将已经存在用户flower2添加到group1中
root@localhost wolf]\# usermod -g group1 flower2
[root@localhost wolf]\# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
······
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wolf:x:1000:1000:CentOS 8 64:/home/wolf:/bin/bash
flower:x:1001:1001::/home/flower:/bin/bash
flower2:x:1002:1010::/home/flower2:/bin/bash
利用useradd -g 命令在其中创建新用户flower3
[root@localhost wolf]\# useradd -g group1 flower3
[root@localhost wolf]\# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
······
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wolf:x:1000:1000:CentOS 8 64:/home/wolf:/bin/bash
flower:x:1001:1001::/home/flower:/bin/bash
flower2:x:1002:1010::/home/flower2:/bin/bash
flower3:x:1003:1010::/home/flower3:/bin/bash
[root@localhost wolf]\# userdel flower3
在新用户flower2下创建文件1.txt
unmask会创建文件的默认权限
[flower2@localhost wolf]$ cd /home/flower2
[flower2@localhost ~]$ ls
[flower2@localhost ~]$ ls -a
. .. .bash_logout .bash_profile .bashrc .mozilla
[flower2@localhost ~]$ touch 1.txt
[flower2@localhost ~]$ ll
total 0
-rw-r--r--. 1 flower2 group1 0 Nov 20 23:01 1.txt
[flower2@localhost ~]$ rm 1.txt #可以删除
[flower2@localhost ~]$ ls
[flower2@localhost ~]$ touch 1.txt #重建文档
可以看到文档权限为rw-r–r–,属主权限为可读可写,不可执行,但可以删除文档,可以推测删除文件不属于“执行”的操作。
属主读写该文档
[flower2@localhost ~]$ vim 1.txt
[flower2@localhost ~]$ cat 1.txt
hello, my name is txt1
I am 1 day old
thanks very much
更改用户,查看权限
[wolf@localhost flower2]$ su
Password:
[root@localhost flower2]\# ll /home/flower2/1.txt
-rw-r--r--. 1 flower2 group1 55 Nov 20 23:16 /home/flower2/1.txt
[root@localhost flower2]\# cat /home/flower2/1.txt
hello, my name is txt1
I am 1 day old
thanks very much
[root@localhost flower2]# ll /home/flower2/1.txt
-rw-r--r--. 1 flower2 group1 55 Nov 20 23:16 /home/flower2/1.txt
[root@localhost flower2]\# vim /home/flower2/1.txt #root用户可读可写
[root@localhost flower2]# su wolf #切换到wolf用户
[wolf@localhost flower2]$ cat /home/flower2/1.txt
cat: /home/flower2/1.txt: Permission denied #不可操作
改变文件权限-chmod
[flower2@localhost home]$ cd flower2
[flower2@localhost ~]$ pwd
/home/flower2
[flower2@localhost ~]$ vim 2.txt #创建并编辑文件
[flower2@localhost ~]$ ll 2.txt #查看权限信息
-rw-r--r--. 1 flower2 group1 67 Nov 21 03:13 2.txt
[flower2@localhost ~]$ chmod o+w 2.txt #其他组员加入写权限
[flower2@localhost ~]$ ll 2.txt #其他组员加入写权限
-rw-r--rw-. 1 flower2 group1 67 Nov 21 03:13 2.txt
[root@localhost flower2]\# su wolf #切换用户
[wolf@localhost flower2]$ cat /home/flower2/2.txt
cat: /home/flower2/2.txt: Permission denied #无权限读取
[wolf@localhost flower2]$ ls /home/flower2 #因wolf无权限进入flower2目录
ls: cannot open directory '/home/flower2': Permission denied
[wolf@localhost flower2]$ cat /home/cp2.txt
this is the 2ed file of flower2
witch group did the file belong to
[wolf@localhost flower2]$
复制文件到/home下
[flower2@localhost ~]$ pwd #查看当前目录
/home/flower2
[flower2@localhost ~]$ cp 2.txt /home/cp2.txt
cp: cannot create regular file '/home/cp2.txt': Permission denied
#将flower2下的文件复制到/home下,无权限,换回管理员
[flower2@localhost ~]$ su
Password:
[root@localhost flower2]# cp 2.txt /home/cp2.txt #复制
[root@localhost flower2]\# ls /home/ #复制成功
cp2.txt flower flower2 flower3 flower4 wolf
普通用户没有进入其他用户的权限,除非是管理员,更不用说复制文件
[flower2@localhost ~]$ pwd #查看当前目录
/home/flower2
[flower2@localhost ~]$ cp 2.txt /home/cp2.txt
cp: cannot create regular file '/home/cp2.txt': Permission denied
#将flower2下的文件复制到/home下,无权限,换回管理员
[flower2@localhost ~]$ su
Password:
[root@localhost flower2]# cp 2.txt /home/cp2.txt #复制
[root@localhost flower2]\# ls /home/ #复制成功
cp2.txt flower flower2 flower3 flower4 wolf
复制到/home的文件,与之前的文件权限不同,普通用户并无改写的权限
所有复制文件并不是全部复制
[wolf@localhost flower2]$ ll /home/cp2.txt #新文件权限
-rw-r--r--. 1 root root 67 Nov 21 03:18 /home/cp2.txt
#我们发现复制到/home目录下的cp2还是没有被写的权限
[wolf@localhost flower2]$ su
Password:
[root@localhost flower2]\# ll /home/flower2/2.txt #原始母文件权限
-rw-r--rw-. 1 flower2 group1 67 Nov 21 03:13 /home/flower2/2.txt
增加权限进行改写
[root@localhost flower2]# chmod o+w /home/cp2.txt
[root@localhost flower2]# ll /home/cp2.txt
-rw-r--rw-. 1 root root 67 Nov 21 03:18 /home/cp2.txt
[root@localhost flower2]# vim /home/cp2.txt
[root@localhost flower2]# cat /home/cp2.txt
this is the 2ed file of flower2
witch group did the file belong to
THIS LINE IS WRITTEN BY wolf #增加的一行
改变所属关系-chown
上面花了很大功夫才让wolf用户可以查看并修改flower2用户的文档,如果直接改变文档的所属关系会更加便捷
首先创建一个新的文件3.txt
[flower2@localhost ~]$ vim 3.txt
[flower2@localhost ~]$ ll 3.txt
-rw-r--r--. 1 flower2 group1 39 Nov 21 17:11 3.txt
[flower2@localhost ~]$ chown wolf 3.txt
chown: changing ownership of '3.txt': Operation not permitted
[flower2@localhost ~]$ su
Password:
[root@localhost flower2]# chown wolf 3.txt
[root@localhost flower2]# ll 3.txt
-rw-r--r--. 1 wolf group1 39 Nov 21 17:11 3.txt
[root@localhost flower2]# cat /etc/group
root:x:0:
bin:x:1:
······
slocate:x:21:
wolf:x:1000:
flower:x:1001:
flower2:x:1002:
group1:x:1010:
[root@localhost flower2]# chown -g 1000 3.txt
chown: invalid option -- 'g'
Try 'chown --help' for more information.
[root@localhost flower2]# chgrp 1000 3.txt
[root@localhost flower2]# ll 3.txt
-rw-r--r--. 1 wolf wolf 39 Nov 21 17:11 3.txt
chown可以同时改变文件的属主和属组
flower2@localhost ~]$ ll
total 16
-rwxrwxrwx. 1 flower2 group1 85 Nov 20 23:23 1.txt
-rw-r--rw-. 1 flower2 group1 67 Nov 21 03:13 2.txt
-rw-r--r--. 1 wolf group1 40 Nov 21 04:12 3
-rw-r--r--. 1 wolf wolf 39 Nov 21 17:22 3.txt
[flower2@localhost ~]$ su
Password:
[root@localhost flower2]# chown wolf.wolf 2.txt
[root@localhost flower2]# ll
total 16
-rwxrwxrwx. 1 flower2 group1 85 Nov 20 23:23 1.txt
-rw-r--rw-. 1 wolf wolf 67 Nov 21 03:13 2.txt
-rw-r--r--. 1 wolf group1 40 Nov 21 04:12 3
-rw-r--r--. 1 wolf wolf 39 Nov 21 17:22 3.txt
共享文件
[flower2@localhost ~]$ su flower3 #切换用户为flower3
Password:
[flower3@localhost flower2]$ cd /home/flower3 #进入目录
[flower3@localhost ~]$ ll
total 0
[flower3@localhost ~]$ mkdir sharedfile2 #创建共享文件夹
[flower3@localhost ~]$ ll
total 0
drwxr-xr-x. 2 flower3 group1 6 Nov 22 18:54 sharedfile2
[flower3@localhost ~]$ chgrp group1 sharedfile2 #文件夹的默认属组
[flower3@localhost ~]$ chmod g+s sharedfile2 #运行时SGID位置位,默认属组为group1
[flower3@localhost ~]$ cd sharedfile2
[flower3@localhost sharedfile2]$ touch file1 #创建file1
[flower3@localhost sharedfile2]$ ll #查看属性
total 0
-rw-r--r--. 1 flower3 group1 0 Nov 22 18:57 file1
[flower3@localhost sharedfile2]$ cd .. #退出
[flower3@localhost ~]$ umask 002 #设置掩码为002,文件对属组是可写的
[flower3@localhost ~]$ cd sharedfile2
[flower3@localhost sharedfile2]$ touch file2
[flower3@localhost sharedfile2]$ ll #看到file1,与file2的区别
total 0
-rw-r--r--. 1 flower3 group1 0 Nov 22 18:57 file1
-rw-rw-r--. 1 flower3 group1 0 Nov 22 18:57 file2
如果不用考虑太多,用笨办法创建可以供组内成员的文件,思路:每层目录和文件都可以供组员进入修改chmod g+rw
flower3@localhost home]$ cd flower3
[flower3@localhost ~]$ ls
file3 sharedfile2
[flower3@localhost ~]$ ll
total 0
-rw-rw-r--. 1 flower3 group1 0 Nov 22 19:06 file3
drwxrwsr-x. 2 flower3 group1 32 Nov 22 18:57 sharedfile2
[flower3@localhost ~]$ cd sharedfile2
[flower3@localhost sharedfile2]$ ls
file1 file2
[flower3@localhost sharedfile2]$ ll
total 0
-rw-r--r--. 1 flower3 group1 0 Nov 22 18:57 file1
-rw-rw-r--. 1 flower3 group1 0 Nov 22 18:57 file2
[flower3@localhost sharedfile2]$ su flower2
Password:
[flower2@localhost sharedfile2]$ pwd
/home/flower3/sharedfile2
[flower2@localhost sharedfile2]$ cat file1
[flower2@localhost sharedfile2]$ vim file1
[flower2@localhost sharedfile2]$ cat file1
dddff
[flower2@localhost sharedfile2]$ touch file3
[flower2@localhost sharedfile2]$ ll
total 4
-rw-r--r--. 1 flower2 group1 6 Nov 22 22:46 file1
-rw-rw-r--. 1 flower3 group1 0 Nov 22 18:57 file2
-rw-r--r--. 1 flower2 group1 0 Nov 22 22:47 file3
[flower2@localhost sharedfile2]$ cd ..
bash: cd: ..: Permission denied
[flower2@localhost sharedfile2]$ pwd
/home/flower3/sharedfile2
可以先设置掩码umask 002创建可供编辑的文档
[flower2@localhost sharedfile2]$ umask 002
[flower2@localhost sharedfile2]$ touch file5
[flower2@localhost sharedfile2]$ ll
total 4
-rw-r--r--. 1 flower2 group1 6 Nov 22 22:46 file1
-rw-rw-r--. 1 flower3 group1 0 Nov 22 18:57 file2
-rw-r--r--. 1 flower2 group1 0 Nov 22 22:47 file3
-rw-r--r--. 1 flower2 group1 0 Nov 22 22:52 file4
-rw-rw-r--. 1 flower2 group1 0 Nov 22 22:53 file5