IT博客汇
  • 首页
  • 精华
  • 技术
  • 设计
  • 资讯
  • 扯淡
  • 权利声明
    • 登录 注册

    A Primer to System Administration - Users and groups

    Wilbeibi发表于 2016-04-21 22:26:31
    love 0

    How to create a user

    By useradd:

    useradd -m -d <HomeDir> -g <Group> username

    It’s optional to specify the new user’s home directory and group, but I strongly suggest to do so. -m stands for create home, -d to allocate a directory. (Warning, don’t mess up useradd and adduser, the later one is a higher level’s implementation. Here is a detailed explanation of these two’s differences.)

    How to create a group

    By groupadd:

    groupadd groupname

    How to add a user to a group

    By usermod:
    usermod -a -G username

    where usermod means modify a user account, -a stands for append, append this user to a group.

    Read more

    How to list all users in a group

    Well, there is not such a built-in command for that, but we can use:

    grep '^groupname' /etc/group

    or apt-get install members, then

    members groupname

    What is sticky bit

    What is sticky bit looks like

    Sticky bit is used for directories. As wikipedia said:

    When the sticky bit is set, only the item’s owner, the directory’s owner, or root can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.

    For example, if the professor create a /homework directory with sticky bit, every student can upload their homework, but they cannot rename or delete other students’ homework.

    How to set it

    chmod +t /path/to/directory

    or

    chmod 1755

    where 1 stands for sticky bit, 7 for owner has all privilege, 5 for read and execute privilege for the group, and for others.

    Now, /path/to/directory should looks like this (replaced last character):

    drwxr-xr-t   1 root     other          0 Nov 10 12:57 test

    As wikipedia said, if the sticky-bit is set on the directory without the execution bit set for the others category, it is indicated with a capital T:

    drwxr-xr-T   1 root     other          0 Nov 10 12:57 test

    Read more …

    What is setuid

    One sentence explanation: Regardless of who runs this program, run it as the user who owns it, not the user that executes it.

    How to set it

    chmod u+s /path/to/file

    And it is dangerous

    For instance, a simple shell script showfile.sh has set setuid as root privilege:

    #!/bin/sh
# showfile
ls -l | sort

    And If I am a bad guy, I could easily write script :

    rm -rf /some/where/important

    and saved as name ls, add my ls to the front of $PATH. Now when I tried to run showfile.sh, Boom ! The files are deleted.

    BTW

    If you found grammar errors or typos, please feel free to help me correct it.



沪ICP备19023445号-2号
友情链接