Lesson 3, LInux directory structure and user identity
Everything is a file under LInux, everything starts from “/” (inverted tree structure) and uses a tree structure to store files according to the file system hierarchy standard (FHS), and defines the purpose of common directories. Linux is strictly case-sensitive. File names must not contain slashes / .
Abstract everything in the system into files.
[root@yzh ~]# tree /
tree structure display directory
The easiest way to set up partitions is the three boot swap / partitions.
Key directory:
boot The files required for booting – the kernel, the boot menu, and the required configuration files.
dev Store any device and interface (Device) in the form of a file
etc configuration file
home home directory
bin binary executable command /usr/bin
sbin system administrator command /usr/sbin
lib Dynamic link shared library, library function
tmp public temporary file storage point
(Share some files in the local area network. SBIT, sticky bit, only the owner of the file can delete his own file)
root System administrator’s home directory
opt Third Party Software Directory
media The directory where device files are mounted
mnt The directory where the CD-ROM drive and USB device are mounted.
srv Data file directory for some web services
usr/local User-installed software (source code deployment, –prefix = /usr/local/installation name)
/usr/share Some shared files. (linux font
/var mainly stores files that change frequently,
Such as the log file /var/log
Syslog messages
Service log /var/log/httpd/access_log | errpr_log
If you want to check the file or service error message, you can find it under /var/log.
/lost + fountain When a file system error occurs, some lost file fragments are stored here.
proc Virtual file system, such as system kernel, process, external device and network status, etc.
( cat /proc/cpuinfo ) cpu information
( cat /proc/meminfo ) memory information
Link:
Prerequisite knowledge: inode -directory
Hard link: Links to “directories” are not allowed, only files. is a full copy of the file. Each hard-linked file is an independent entity.
- ln source purpose
[root@yzh ~]# ln c.txt d.txt
Soft links: both for files & amp; for directories. ? Equivalent to the shortcut in win (only one inode)
- ln -s source destination
[root@yzh ~]# ln -s /etc/sysconfig s1
Green: Script
yellow:
Green background: public directory
Absolute path: From the original directory “/” to the target location
Relative path: From the current directory to the target location
When we install and deploy some services, it is best to create the files in advance.
- mkdir -p /usr/local/nginx
User and Usergroup Concepts & Capabilities
Linux is a multi-user operating system. It is convenient for multiple people to use. The concept of user groups is introduced for security. Users with the same attributes are called groups.
Linux system users are identified by user ID. The default ID length is 32 bits. Starting from the default ID number 0, but in order to be compatible with the old system, the user ID is limited to less than 65535. There are three types of Linux users, as follows:
Superuser: (ID 0) In the Linux distribution, the default is root, and the real superuser is UID=GID=0
System user: (ID 1-999) is used to run the service, but this user has no home directory and cannot log in.
Ordinary user: (default ID 1000-65535) Must be assigned as a super user.
Each file or folder in the Linux system has a user and a group to which it belongs. Use the id command to display the information of the current user, and use the passwd command to modify the current user password.
[root@yzh ~]# cat /etc/passwd
h:x:1001:1001::/home/h:/bin/bash Username: encrypted password: user UID: user GID: user: directory: shell type Shell type difference: /bin/bash -> loginable user /sbin/nologin -> non-loginable user Prevent penetration.
passwd command root can modify for himself Add | modify password for ordinary users Ordinary users can only modify their own passwords (ordinary users must follow the requirements) Settings -- Usage Period -- All users are only valid for 7 days and will be automatically deleted after 7 days
The characteristics of Linux operating system users are as follows:
- Each user has a UserID, and the operating system actually reads the UID instead of the user name.
- Each user belongs to one main group and one or more subgroups, and a user can have up to 31 subgroups.
- Each group has a GroupID
- Each process runs as a user who can have resource control permissions on the process.
- Each loginable user has a designated shell environment. ( /bin/bash etc)
Linux user management
Related configuration files involved in daily maintenance management:
/etc/passwd save user information /etc/shadow shadow file, save user password /etc/group holds group information /etc/gshadow holds group password information /etc/login.defs User attribute restrictions, password expiration time, password maximum length and other restrictions. /etc/default/useradd Display or change the default useradd configuration file (useradd creates by default user, automatically create a home directory, add a subsidiary group) If you need to create a new user, you can use the command useradd, and execute the command useradd yzh to create a user for yzh account, and create a group yzh with the same name, and the user belongs to the yzh group by default.
useradd yzh command creates user yzh by default, and will operate according to the following steps.
- Add user information to the /etc/passwd file
- Use the passwd command to create a password, which will be encrypted and stored in /etc/shadow
- Create a home directory for user yzh, /home/yzh
- Copy the files starting with .bash in /etc/skel to the /home/yzh home directory
- The yzh group information is stored in the /etc/group configuration file.
When using the useradd command to create a user, the following parameters can be supported.
Usage: useradd [options] login useradd -D [options] options: -b, --base-dir BASE_DIR specifies the home directory of the new account; -c, --comment COMMENT GECOS field of new account; -d, --home-dir HOME_DIR new account's home directory; -D, --defaults display or change the default useradd configuration; -e, --expiredate EXPIRE_DATE expiration date for new accounts; -f, --inactive INACTIVE Password inactivity period for new accounts; -g, --gid GROUP The name or ID of the main group of the new account; -G, --groups GROUPS List of additional groups for new accounts; -h, --help display this help message and exit; -k, --skel SKEL_DIR use this directory as skeleton directory; -K, --key KEY=VALUE don't use the default value in /etc/login.defs; -l, --no-log-init do not add this user to the recent logins and failed logins database; -m, --create-home create user's home directory; -M, --no-create-home do not create user's home directory; -N, --no-user-group do not create a group with the same name; -o, --non-unique allow creating users with duplicate UIDs; -p, --password PASSWORD Encrypted new account password; -r, --system create a system account; -R, --root CHROOT_DIR directory to chroot into; -s, --shell SHELL The login shell for the new account; -u, --uid UID User ID of the new account; -U, --user-group create a group with the same name as the user; -Z, --selinux-user SEUSER Use specified SEUSER for SELinux user mapping. ****
cat /etc/shadow
h:!!:19295:0:99999:7::: User: MD5 encryption algorithm Password:
cat /etc/group
************************************************ ***********************************************h:x:1001 : User group name: User group password: User GID: Member name *************************************** ***************************************************** *****
cat /etc/gshadow
h:!:: Group Name:Group Password::
- useradd cisco creates users who can log in by default.
Useradd case demo:
(1) Create a new thinkmo user and join the thinkmo1 and thinkmo2 subgroups;
useradd -G thinkmo1,thinkmo2 thinkmoedu
(2) Create a new thinkmo3 user, specify a new home directory, and specify its login shell;
[root@yzh ~]# useradd thinkmo3 -d /tmp/ -s /bin/bash
Linux user and group case
Use usermod to modify the attributes of existing users and groups. The detailed parameters of usermod are as follows:
Usage: usermod [options] login
options:
-c, --comment comment new value of GECOS field;
-d, --home HOME_DIR user's new home directory;
-e, --expiredate EXPIRE_DATE Set the account expiration date to EXPIRE_DATE;
-f, --inactive INACTIVE Set the password to be invalid after INACTIVE days expire;
-g, --gid GROUP force GROUP to be the new primary group;
-G, --groups GROUPS new list of additional groups GROUPS;
id username --- view user information
-a, --append GROUP Append the user to the additional group mentioned in -G above,
does not remove the user from other groups;
-h, --help display this help message and exit;
-l, --login LOGIN new login name;
-L, --lock lock user account;
-m, --move-home move home directory content to new location (use with -d only);
-o, --non-unique allow duplicate (non-unique) UIDs;
-p, --password PASSWORD set encrypted password (PASSWORD) as new password;
-R, --root CHROOT_DIR directory to chroot into;
-s, --shell SHELL The new login shell environment for this user account;
-u, --uid UID The new UID of the user account;
-U, --unlock unlock user account;
-Z, --selinux-user New SELinux user mapping for the SEUSER user account.
Example demo of usermod:
(1) Change the yzh user group to yzh1, yzh2 affiliated group
- usermod -G yzh1,yzh2 yzh
(2) Add yzh users to yzh3 and yzh4 subgroups, -a is a newly added group, and the original group is reserved:
- usermod -a -G yzh3,yzh4 yzh
(3) Modify the yzh user, specify a new home directory, and specify a login shell;
- usermod -d /tmp/ -s /bin/bash yzh
(4) Change the yzh user name to yzh1
- usermod -l yzh1 yzh
(5) Lock yzh1 user and unlock yzh1 user method:
- usermod -L yzh1
- usermod -U yzh1
userdel case demo
Use userdel to delete the specified user and its user’s mailbox directory or selinux mapping environment.
userdel yzh keep the user's home directory userdel -r yzh Delete the user and its user home directory, the user login system cannot be deleted userdel -rf yzh Forcefully delete the user and the user's home directory, regardless of whether the system is logged in
Linux group management
Features:
- Each group has a group id
- Group information is stored in /etc/group
- Each user has at least one main group, and can also have 31 subsidiary groups
We manage groups through commands **groupadd, groupdel, groupmod, **.
The detailed parameters are as follows:
group add
-f, --force Exit successfully if group already exists;
and cancel -g if the GID already exists;
-g, --gid GID use GID for new group;
-h, --help display this help message and exit;
-K, --key KEY=VALUE don't use the default value in /etc/login.defs;
-o, --non-unique allow creating groups with duplicate GIDs;
-p, --password PASSWORD use this encrypted password for the new group;
-r, --system create a system account;
groupmod usage
-g, --gid GID change group ID to GID;
-h, --help display this help message and exit;
-n, --new-name NEW_GROUP Rename to NEW_GROUP;
-o, --non-unique allow duplicate GIDs;
-p, --password PASSWORD change password to (encrypted) PASSWORD;
groupdel usage
groupdel thinkmoedu delete thinkmoedu group;
Groupadd case demo
(1) groupadd creates a linux group
- groupadd linux
- groupadd -g 1000 linux
- groupadd -r linux //Create a system user
(2) groupmod modify the group name, change the linux group name to linux1
- groupmod -n linux1 linux
- groupmod -g 1000 linux
Detailed permission
**
**
drwxr-xr-x. 3 root root d rwx r-x r-x . root root 109 Oct 5 01:52 tuned File Type Owner Owner Group Others Hidden Attribute Owner Owner Group Size Creation Time Directory Name
- id yzh View id information
passwd command
usermod -L yzh lock
usermod -U yzh unlock
Set user life cycle
Only valid for 7 days, automatically deleted after 7 days
(Privilege + User Management) = Minimization principle. → Authorize downstream users. If the authority is too large and causes problems, everyone from the bottom to the top will be responsible at the same time.
chmod 777 root group This authority is too large.
755 644 Too many permissions.
Owner rwx
Genus group r–
other rw-