Article directory
- Operating systems and shells
- Linux users
-
- Creation and deletion of ordinary users
- User switching
- Linux permissions
-
- Linux permission classification
- File access permissions
- Modify file permissions
-
- permission mask
-
- sticky bit
Hello everyone, my name is Ji Ning.
This article will introduce the Linux shell program and the content of Linux users switching Linux permissions.
Operating system and shell
Strictly speaking, Linux is an operating system, which we call the “kernel”, but we ordinary users cannot use the kernel directly.
But through the kernel’s “shell” program, which is the so-called shell.
Linux user state and kernel state diagram
The operating system kernel and the shell are two different components, but they are closely related.
The operating system kernel is the core part of the operating system. It manages computer hardware and software resources and provides basic services of the computer system, such as process management, memory management, I/O management, file system, etc. The operating system kernel is the cornerstone of the operating system. Without it, the operating system cannot run properly.
The Shell shell is the main interface for users to interact with the operating system kernel. Shell can be understood as command interpreter, which accepts commands entered by users and calls the corresponding kernel services for execution. Shell provides a set of commands and scripting languages that allow users to easily access operating system kernel services and operate file systems and other resources.
In the operating system, Shell serves as an interactive interface between system users and the kernel, passing user requests and instructions through the command line or graphical interface. After receiving the instructions, the kernel performs corresponding operations and returns the results to the Shell. The interaction between the shell and the kernel can be achieved through system calls.
So to summarize, the role of the shell shell is: translates the user’s commands to the kernel for processing, and at the same time translates the kernel’s processing results to the user.
Will the shell definitely process the instructions entered by the user?
The answer is not necessarily. In order to consider the security and ease of use of the operating system, users must enter instructions through the shell program instead of directly accessing the operating system. But when the shell program is processing instructions, for risky instructions, the shell program will create a subprocess to let the subprocess execute the risky instructions (usually user-defined directive).
Creating a subprocess can isolate the instruction execution process in an independent process space. In this way, even if an error or accident occurs in the execution, it will not affect the shell itself and other processes. Secondly, the shell can control the process status and resources of the subprocess. Use conditions to limit the scope of influence of instructions, reduce risks, and greatly ensure the security and stability of the system.
Instructions to kill a process:
kill -9 process number
Linux users
Users of the Linux system are divided into root users and non-root users. The root user is the super administrator and has the highest authority of the system; while ordinary users can do things in their own system. Most of the things we can do using the Windows system can be done by ordinary users, but only root users can do the installation and deletion of system software, modifying system configurations, etc.
Creation and deletion of ordinary users
In a Linux system, there can only be one root user, but there can be multiple ordinary users, and resources between ordinary users are not shared.
Create a new user xxx is the user name to be created
adduserxxx
Set a password for the user xxxxx is the password (the terminal does not display the entered password, but will confirm it twice)
passwd xxxxx
Delete username and password
userdelxxx
Delete user data
userdel rm -r xxx
User switching
Switch to root user
su - #Log in again as root
su #Switch to root identity
Both of the above switching methods require you to enter the root account password again.
logout # Return to the normal user account
Switch to normal user
su xxx
You do not need to enter a password to switch the root account, but you need to enter the password to switch the account for a normal account.
exit
Exit the switched ordinary account
How to execute a command with the permissions of the root account without switching to the root account
sudo command
However, to use the sudo command, you need to add the ordinary user as root to the whitelist before you can use sudo.
sudo command whitelist tutorial
First, switch the user to the root account and run the following command under the root account
vim /etc/sudoers
After entering vim, find the command %whell ALL=(ALL) ALL
Copy this command and change whell to the username you want to add to the whitelist.
After entering the bottom row mode, press w! to force save and q! to force exit. In the future, when the Zyb account uses the sudo command, you only need to enter the password of the Zyb account once in a short period of time.
Linux permissions
Linux permission classification
File permission attributes: r (read) w (write) x (execute)
Linux file permission role groups: Owner, Group, other
File Owner: The file owner is the user specified when the file was created, usually the user who created the file. The file owner has ownership and full access to the file, including read, write, and delete operations.
Group to which the file belongs: Group to which the file belongs specifies the group to which the file belongs. When creating a file, the group to which the file belongs is usually set to the primary group to which the creating user belongs (“create a group”). Users in the group to which the file belongs can access the file, but do not have ownership.
Other of the file: It represents all other users or groups, that is, users or groups that are not the owner or group of the file.
How to modify permissions?
Modifying the owner and group of a file requires root permissions or the current user is the original owner of the file. You can use the command chown, newuser and newgroup are the new owner and new group of the file.
Change file owner
chown newuser file.txt
Modify the group to which a file belongs
chgrp newgroup file.txt
Modify the owner and group of the file at the same time
chown newuser:newgroup file.txt
File access permissions
Enter ll at the command line to view file details.
What is in the red box is the detailed permission information of the file role.
Modify file permissions
chomd ugoa + /- rwx file name
Explanation: u represents the owner of the file, user, g represents the group to which the file belongs, o represents the other of the file, a represents everyone who operates the file; + represents adding a certain permission, – represents removing a certain permission; r w x Then respectively represent the permission attributes of the file: read, write, execute, supporting continuous operations.
Example 1: If I want to remove the read permission of the owner of the file test.txt
chomd u-r test.txt
Example 2: If I want to remove the read permission of the owner of the file test.c, increase the write permission of the group it belongs to, and the read permission of other, the instructions are as follows:
chomd u-r,g + w,o + r test.c
Note: You must be the owner of the file or directory or the super user (root) to have modification permissions. To modify the file attributes, the owner must also have write permissions to the modified files. No matter what the permissions are, they are useless under the root account!
Permission mask
File masks can customize the default permissions when a file is created.
A directory file theoretically has read, write and execute rights when it is created (x permissions are required to enter a file), but sometimes not all of them have. In the same way, when an ordinary file is created, it should at least have read and write rights. .
The presence of this permission will be counted as 1, and the absence of this permission will be counted as 0.
The permissions of the file in the picture above are:
111111101
110110100
111111101
110110100
110110100
The order of permissions from left to right is read, write, and execute. The three permissions of each role of the file are regarded as an octal number, as follows
Then the starting permissions of the directory should be 777, and the actual permissions of ordinary files are 777. But why not? This has to do with permission masks. Specifies that the default permissions of a file are the starting permissions of the file – the permissions that appear in umask (octal subtraction)
The umask command can query the file mask of the current account. It can be found that the current file mask is 002.
umask permission number can modify the file mask of the current account
For example: umask 003 Change the file mask of this account to 005, create the files test.cc, code.cc, and the directory efootball. You can see that the permissions are reduced compared to the previously created files.
So how is this calculated?
At the principle level, it is to compare the binary number of total permissions with the permission mask. If there are the same bits, they will be removed, and if there are not, they will not be processed. It can also be calculated using the following formula:
Final permission = starting permission & amp;(~umask)
Note: Whether a file can be deleted does not depend on the file itself! Depending on the directory where the file is located, whether the owner has write permissions. Of course, the root account can do whatever it wants.
Sticky bit
In the shared file directory, without setting the group to which it belongs, we can add a sticky bit t to other in this directory to replace the last permission x of other. The specific meaning of x during the period is, At the same time, special restrictions are also placed on the permissions of this directory: the directory has the w attribute for other, but only root or the owner of the file has the right to delete the files in this directory, and no one else is allowed!
The sticky bit can be used to add special permissions to directories.