rche 033----unit 10-----advances topics in users,groups and permissions

unit 10-----advances topics in users,groups and permissions

1.user and group id numbers    ===================
      .mapping user names to user id numbers
      .mapping group names to group id numbers
      .data stored on the hard disk is stored numerically
     
 2. /etc/passwd ,/etc/shadow,/etc/group files
 
       /etc/passwd   =====user database
       /etc/shadow   =====password database
       /etc/group    ===== group 资料库
 3. change    your dentity
    .to change your password ,run passwd
         .insecure passwords are rejiected
    .to start a new shell as a different user
              .su user1
              .su - user1
              .su
              .su -
             
[root@mycentos ~]# passwd --status u1
u1 LK (Password locked.)==============说明没有设置密码
[root@mycentos ~]#  
[root@mycentos ~]# whoami
root
[root@mycentos ~]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@mycentos ~]# su u1 ================显示的是root变数
[u1@mycentos root]$ echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[u1@mycentos root]$ exit
exit
[root@mycentos ~]# su - u1=====================u1的变数
/etc/profile
-bash: exho: command not found
[u1@mycentos ~]$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/u1/bin 

4.user informations commands
   .find out who you are        ================
      .whoami
   .find out what groups you belong to  =============
      .groups,id
             [root@mycentos ~]# groups
            
            
root bin daemon sys adm disk wheel
[root@mycentos ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@mycentos ~]#
    .find out who is logged in=========================
        .users,who,w
       
        [u1@mycentos root]$ users
root root
[u1@mycentos root]$ who
root     tty1         2009-04-28 14:25
root     pts/0        2009-04-28 14:28 (192.168.0.17)
[u1@mycentos root]$ w                                 ===========目前登陆的用户
 14:49:35 up 27 min,  2 users,  load average: 0.00, 0.00, 0.08
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                14:25   21:07   0.45s  0.04s nslookup
root     pts/0    192.168.0.17     14:28    0.00s  0.64s  0.05s w
       
    .login/reboot history             ===============================
            .last=================最近的登录情况

        [root@mycentos ~]# last==之前user登陆时间
root     pts/0        192.168.0.17     Tue Apr 28 14:28   still logged in  
root     tty1                          Tue Apr 28 14:25   still logged in  
reboot   system boot  2.6.18-128.el5   Tue Apr 28 14:23          (00:28)   
root     pts/0        192.168.1.100    Tue Apr 28 04:35 - 04:53  (00:18)   
root     pts/1        192.168.1.100    Tue Apr 28 03:08 - down   (01:45)   
root     pts/0        192.168.1.100    Tue Apr 28 03:07 - 04:35  (01:27)   
root     tty1                          Tue Apr 28 03:05 - down   (01:47)   
reboot   system boot  2.6.18-128.el5   Tue Apr 28 02:57          (01:55)   
root     pts/1        192.168.0.17     Tue Apr 28 00:41 - down   (00:00)   
root     pts/1        192.168.0.17     Mon Apr 27 21:59 - 00:09  (02:09)   
root     pts/0        192.168.0.17     Mon Apr 27 21:55 - down   (02:45)   
root     tty1                          Mon Apr 27 21:55 - down   (02:46)   
reboot   system boot  2.6.18-128.el5   Mon Apr 27 21:53          (02:48)   
wtmp begins Mon Apr 27 21:53:22 2009

5.default permissions  ================================
    .default permission for file is 666
    .default permission for directories is 777
    .have the umask of blocked from default to determine new file/directory permissions
    .non-privileged users have the umask of 002
    .root has the umask of 022
=========================================================
[root@mycentos ~]# umask
0022
[root@mycentos ~]# su u1
[u1@mycentos root]$ umask
0002
===========================================================
普通用户产生的文件
file  666   rw----rw---rw--
umask 002   ------------w--
------------------------------------------
      664   rw     rw   r
     
 ----------------------------------
 root产生的文件
 
file  666   rw----rw---rw--
umask 022   ------------w-- 
-----------------------------------
      644
 用减法做是错误的
 
 file  666   rw----rw---rw--
 umask 033   rw    -wx  -wx
 --------------------------------
       644   rw    r    r
      
 [root@mycentos ~]# umask 033
[root@mycentos ~]# touch test1.txt
[root@mycentos ~]# ls -l test1.txt
-rw-r--r-- 1 root root 0 Apr 28 15:03 test1.txt
[root@mycentos ~]#

通过umask可以在建立文件时指定权限

6.special permissions==================================
.special permissons:a fourth permission set
.set with chmod or nautilus
----------------------------------------------------------
 suid    sgid    sticky
-r w x   r - x    r - x

    4       2        1
 ---------------------------------------------
  [root@mycentos doc1]# chmod 755 test1.txt
[root@mycentos doc1]# ls -l
total 28
-rwxr-xr-x 1 root root 142 Apr 28 04:02 test1.txt
-rw-r--r-- 1 root root  60 Apr 27 23:16 test2.txt
-rwxr-sr-- 1 root root  42 Apr 27 23:16 test3.txt
-rw-r--r-- 1 root root   0 Apr 27 23:14 text1.txt
[root@mycentos doc1]# chmod 7755 test1.txt=============第一个7代表suid+sgid+sticky=============加在最前面
[root@mycentos doc1]# ls -l
total 28
-rwsr-sr-t 1 root root 142 Apr 28 04:02 test1.txt
-rw-r--r-- 1 root root  60 Apr 27 23:16 test2.txt
-rwxr-sr-- 1 root root  42 Apr 27 23:16 test3.txt
-rw-r--r-- 1 root root   0 Apr 27 23:14 text1.txt
-----------------------------------------------------------------------------
 
特殊权限的使用:
例子:/bin/ping
[root@mycentos ~]# chmod u+s /bin/ping
[root@mycentos ~]# ls -l /bin/ping
-rwsr-xr-x 1 root root 35864 Jan 21 12:40 /bin/ping==================默认情况下有s,也就是说其他的                            用户可以以root的身份运行ping cmd   icmp封包
[root@mycentos ~]# su u1
[u1@mycentos root]$ ls -l /bin/ping=======================================
-rwsr-xr-x 1 root root 35864 Jan 21 12:40 /bin/ping
[u1@mycentos root]$ ping 192.168.0.1 -c4
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=3.06 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.94 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=2.56 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=2.63 ms
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 1.942/2.551/3.066/0.402 ms
[u1@mycentos root]$ exit
exit
[root@mycentos ~]# ls -l /bin/ping
-rwsr-xr-x 1 root root 35864 Jan 21 12:40 /bin/ping
[root@mycentos ~]# chmod u-s /bin/ping=======================去掉s参数
[root@mycentos ~]# ls -l /bin/ping
-rwxr-xr-x 1 root root 35864 Jan 21 12:40 /bin/ping
[root@mycentos ~]# su u1              ================就没有权限控制icmp封包,可以执行ping
[u1@mycentos root]$ ping 192.168.0.1
ping: icmp open socket: Operation not permitted
[u1@mycentos root]$
----------------------------------------------------------
special permissions for directories================
.special permissions for directories
   .sticky bit:files in directories with the sticky bit set  can only be removed by the owner and root,regardless of the write
   .sgid:file created in directories with the sgid bit set have group affiliations of the group of the directory
   .often  both the sticky bit and the sgid permission will be set on a project directory=======专用目录中设置sticky
  
   新建的目录只有ower root才能删除,其他用户不能删除
  
  

both the sticky bit and the sgid permission will be set on a project directory==========
     
      
                 

本文出自 “www.51cto.com” 博客,谢绝转载!

你可能感兴趣的:(linux,users,groups,033,rche,permitions)