一、学习内容
上一两周开始学习了linux,慢慢地学习了一些相关的知识,记录如下。
一、文件管理和IO重定向
1、文件路径和文件访问
2、文件通配符
3、文本管理命令
4、文件的删除和节点表结构
5、硬链接和软链接及重定向
6、重定向和管道
二、用户组合权限管理
1、用户和组管理初步
2、用户和组配置文件及管理命令
3、文件权限管理
4、默认权限和特殊权限
5、文件特殊属性和FACL
二、文件重定向及通配符等使用例子
1、显示/etc目录下,以非字母开头,后面跟了一个字母以及其它任意长度任意字符的文件或目录
[root@CentOS7 ~]# ls -a /etc/ | grep ^[^[:alpha:]][[:alpha:]].*
.pwd.lock
.updated
[root@CentOS7 ~]#
2、复制/etc目录下所有以p开头,以非数字结尾的文件或目录到/tmp/mytest1目录中
[root@CentOS7 ~]# mkdir /tmp/mytest1
[root@CentOS7 ~]# cd /etc
[root@CentOS7 etc]# ls | grep "^[p].*[^[:digit:]]$" | xargs -i cp -r -a {} /tmp/mytest1/
[root@CentOS7 etc]# ls /tmp/mytest1/
pam.d passwd passwd- pki plymouth pm popt.d postfix ppp prelink.conf.d printcap profile profile.d protocols python
[root@CentOS7 etc]#
3、将/etc/issue文件中的内容转换为大写后保存至/tmp/issue.out文件中
[root@CentOS7 ~]# tr 'a-z' 'A-Z' < /etc/issue > /tmp/issue.out
[root@CentOS7 ~]# cat /tmp/issue.out
\S
KERNEL \R ON AN \M
[root@CentOS7 ~]#
三、用户和组管理类命令的使用方法
3.1 Linux用户及组介绍
Linux操作系统对多用户的管理是非常繁琐的,所以用组的概念来管理用户就简单了。每个用户可以在一个独立的组,每个组也可以有0个或多个用户。Linux系统是根据用户ID和组ID来识别的。
- 创建用户,可以使用命令useradd,相关参数如下:
[root@CentOS7 ~]# useradd --help
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
[root@CentOS7 ~]# usermod -h
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
the user from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
-Z, --selinux-user SEUSER new SELinux user mapping for the user account
[root@CentOS7 ~]#
- 可以使用groupadd、groupmod来对组进行管理,详细参数使用如下;
[root@CentOS7 tmp]# groupadd -h
Usage: groupadd [options] GROUP
Options:
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
(non-unique) GID
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR directory prefix
[root@CentOS7 tmp]# groupmod -h
Usage: groupmod [options] GROUP
Options:
-g, --gid GID change the group ID to GID
-h, --help display this help message and exit
-n, --new-name NEW_GROUP change the name to NEW_GROUP
-o, --non-unique allow to use a duplicate (non-unique) GID
-p, --password PASSWORD change the password to this (encrypted)
PASSWORD
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
[root@CentOS7 tmp]#
- 用户相关的其他命令,如id,chfn,chsh,finger 等。
3.2 用户和组管理类命令的使用方法
- 创建组distro,其GID为2019;
[root@CentOS7 ~]# groupadd distro -g 2019
[root@CentOS7 ~]# grep distro /etc/group
distro:x:2019:
[root@CentOS7 ~]#
- 创建用户mandriva, 其ID号为1005;基本组为distro;
[root@CentOS7 ~]# useradd mandriva -u 1005 -g 2019
[root@CentOS7 ~]# grep mandriva /etc/passwd
mandriva:x:1005:2019::/home/mandriva:/bin/bash
[root@CentOS7 ~]#
- 创建用户mageia,其ID号为1100,家目录为/home/linux;
[root@CentOS7 ~]# useradd mageia -u 1100 -d /home/linux
[root@CentOS7 ~]# grep mageia /etc/passwd
mageia:x:1100:1100::/home/linux:/bin/bash
[root@CentOS7 ~]# ls /home
jiangde linux mandriva
[root@CentOS7 ~]#
- 给用户mageia添加密码,密码为mageedu,并设置用户密码7天后过期;
[root@CentOS7 ~]# echo -e "123456\n123456" | passwd mageia ##echo mageia:Cent0s7! | chpasswd 这个也可以
Changing password for user mageia.
New password: BAD PASSWORD: The password is shorter than 8 characters
Retype new password: passwd: all authentication tokens updated successfully.[root@CentOS7 ~]# chage -d 7 mageia
[root@CentOS7 ~]# getent shadow mageia
mageia:$6$YzptQdYv$0bW2RjiO7/nHw2Piz0LAsdQ9Z9USMorTFr2gowaeG.ptK0yNxeenYCfKBtCHs7qB2BAXXDlQ1sd0TqV/qnBR00:7:0:99999:7:::
[root@CentOS7 ~]#
- 删除mandriva,但保留其家目录;
[root@CentOS7 ~]# userdel mandriva
[root@CentOS7 ~]# ls /home
jiangde linux mandriva
[root@CentOS7 ~]# cat /etc/passwd | grep mandriva
[root@CentOS7 ~]#
- 创建用户slackware,其ID号为2002,基本组为distro,附加组peguin;
[root@CentOS7 ~]# groupadd peguin
[root@CentOS7 ~]# useradd slackware -u 2002 -g 2019 -G 2020
[root@CentOS7 ~]# id slackware
uid=2002(slackware) gid=2019(distro) groups=2019(distro),2020(peguin)
[root@CentOS7 ~]#
- 修改slackware的默认shell为/bin/tcsh;
[root@CentOS7 ~]# usermod -s /bin/tcsh slackware
[root@CentOS7 ~]# getent passwd slackware
slackware:x:2002:2019::/home/slackware:/bin/tcsh
[root@CentOS7 ~]#
- 为用户slackware新增附加组admins,并设置不可登陆。
[root@CentOS7 ~]# groupadd admins
[root@CentOS7 ~]# gpasswd -a slackware admins ##或者使用usermod -a -G admins slackware
Adding user slackware to group admins
[root@CentOS7 ~]# id slackware
uid=2002(slackware) gid=2019(distro) groups=2019(distro),2020(peguin),2021(admins)[root@CentOS7 ~]# usermod -s /sbin/nologin slackware ##或者使用chsh -s /sbin/nologin slackware
[root@CentOS7 ~]# getent passwd slackware
slackware:x:2002:2019::/home/slackware:/sbin/nologin
[root@CentOS7 ~]#
3.3 用户及组的综合使用
- 创建用户user1、user2、user3。然后在/data/下创建目录test;
[root@CentOS7 ~]# useradd user1
[root@CentOS7 ~]# useradd user2
[root@CentOS7 ~]# useradd user3
[root@CentOS7 ~]# grep user* /etc/passwd
user1:x:2003:2003::/home/user1:/bin/bash
user2:x:2004:2004::/home/user2:/bin/bash
user3:x:2005:2005::/home/user3:/bin/bash
[root@CentOS7 ~]#
[root@CentOS7 ~]# mkdir /data/test
[root@CentOS7 ~]# ll /data/test -d
drwxr-xr-x. 2 root root 6 Jan 3 22:45 /data/test
[root@CentOS7 ~]#
- 修改目录/data/test属主、属组为user1;
[root@CentOS7 ~]# chown user1:user1 /data/test
[root@CentOS7 ~]# ll /data/test -d
drwxr-xr-x. 2 user1 user1 6 Jan 3 22:45 /data/test
[root@CentOS7 ~]#
- 在目录属主、属组不变的情况下,user2对文件有读写权限;
[root@CentOS7 ~]# cd /data/test
[root@CentOS7 test]# touch f1.txt
[root@CentOS7 test]# ll f1.txt
-rw-r--r--. 1 root root 0 Jan 3 22:53 f1.txt
[root@CentOS7 test]# setfacl -m u:user2:rw- f1.txt
[root@CentOS7 test]# getfacl f1.txt
# file: f1.txt
# owner: root
# group: root
user::rw-
user:user2:rw-
group::r--
mask::rw-
other::r--
[root@CentOS7 test]# su user2
[user2@CentOS7 test]$ echo user2_add_testing >> f1.txt
[user2@CentOS7 test]$ cat f1.txt
user2_add_testing
[user2@CentOS7 test]$ exit
exit
[root@CentOS7 test]# su user3
[user3@CentOS7 test]$ echo user3_add_testing >> f1.txt
bash: f1.txt: Permission denied
[user3@CentOS7 test]$
- user1在/data/test目录下创建文件a1.sh, a2.sh, a3.sh, a4.sh,设置所有用户都不可删除1.sh,2.sh文件、除了user1及root之外,所有用户都不可删除a3.sh, a4.sh;
[root@CentOS7 test]# su user1
[user1@CentOS7 test]$ touch a{1..4}.sh
[user1@CentOS7 test]$ ll
total 4
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a1.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a2.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a3.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a4.sh
-rw-rw-r--+ 1 root root 18 Jan 3 22:58 f1.txt
[user1@CentOS7 test]$ exit
exit
[root@CentOS7 test]# chattr +i a[1,2].sh
[root@CentOS7 test]# lsattr
---------------- ./f1.txt
----i----------- ./a1.sh
----i----------- ./a2.sh
---------------- ./a3.sh
---------------- ./a4.sh
[root@CentOS7 test]#
[root@CentOS7 test]# rm -rf a1.sh
rm: cannot remove ‘a1.sh’: Operation not permitted
[root@CentOS7 test]# su user1
[user1@CentOS7 test]$ rm -rf a2.sh
rm: cannot remove ‘a2.sh’: Operation not permitted
[user1@CentOS7 test]$
[user1@CentOS7 test]$ exit
exit
[root@CentOS7 test]# su user2
[user2@CentOS7 test]$ ll
total 4
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a1.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a2.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a3.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a4.sh
-rw-rw-r--+ 1 root root 18 Jan 3 22:58 f1.txt
[user2@CentOS7 test]$
[user2@CentOS7 test]$ rm -rf a3.sh
rm: cannot remove ‘a3.sh’: Permission denied
[user2@CentOS7 test]$ exit
exit
[root@CentOS7 test]# su user3
[user3@CentOS7 test]$ rm -rf a4.sh
rm: cannot remove ‘a4.sh’: Permission denied
[user3@CentOS7 test]$
[user1@CentOS7 test]$ rm -rf a3.sh
[user1@CentOS7 test]$ ll
total 4
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a1.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a2.sh
-rw-rw-r--. 1 user1 user1 0 Jan 3 23:04 a4.sh
-rw-rw-r--+ 1 root root 18 Jan 3 22:58 f1.txt
[user1@CentOS7 test]$
- user3增加附加组user1,同时要求user1不能访问/data/test目录及其下所有文件;
[root@CentOS7 test]# usermod -a -G user1 user3
[root@CentOS7 test]# id user3
uid=2005(user3) gid=2005(user3) groups=2005(user3),2003(user1)
[root@CentOS7 test]#
[root@CentOS7 test]# setfacl -m u:user1:--- -R /data/test
[root@CentOS7 test]# getfacl /data/test
getfacl: Removing leading '/' from absolute path names
# file: data/test
# owner: user1
# group: user1
user::rwx
user:user1:---
group::r-x
mask::r-x
other::r-x
[root@CentOS7 test]# getfacl /data/test/*
getfacl: Removing leading '/' from absolute path names
# file: data/test/a1.sh
# owner: user1
# group: user1
user::rw-
user:user1:---
group::rw-
mask::rw-
other::r--
# file: data/test/a2.sh
# owner: user1
# group: user1
user::rw-
user:user1:---
group::rw-
mask::rw-
other::r--
# file: data/test/a4.sh
# owner: user1
# group: user1
user::rw-
user:user1:---
group::rw-
mask::rw-
other::r--
# file: data/test/f1.txt
# owner: root
# group: root
user::rw-
user:user1:---
user:user2:rw-
group::r--
mask::rw-
other::r--
[root@CentOS7 test]# su user1
[user1@CentOS7 test]$ cat f1.txt
cat: f1.txt: Permission denied
[user1@CentOS7 test]$ exit
exit
[root@CentOS7 test]# su user3
[user3@CentOS7 test]$ cat f1.txt
user2_add_testing
[user3@CentOS7 test]$ echo 111 >> f1.txt
bash: f1.txt: Permission denied
[user3@CentOS7 test]$ exit
exit
[root@CentOS7 test]#
- 清理/data/test目录及其下所有文件的acl权限。
[root@CentOS7 test]# setfacl -b -R /data/test
[root@CentOS7 test]# getfacl /data/test
getfacl: Removing leading '/' from absolute path names
# file: data/test
# owner: user1
# group: user1
user::rwx
group::r-x
other::r-x
[root@CentOS7 test]# getfacl /data/test/*
getfacl: Removing leading '/' from absolute path names
# file: data/test/a1.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--
# file: data/test/a2.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--
# file: data/test/a4.sh
# owner: user1
# group: user1
user::rw-
group::rw-
other::r--
# file: data/test/f1.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--