ACL means “access control list”.
Config file
/etc/default/useradd
/etc/skel
note:this config will add subdir under /etc/skel, it will automatically create the same dir when using useradd command to create a username
useradd
-u uid
-g default group, initial login group
-a -G append extra group
-r add a system users (uid < 100)
-s shell /bin/bash or /sbin/login or /sbin/nologin
newgrp username groupname set the effective group for user
userdel
1 | userdel anna |
only delete the username, keep the home dir and all other files
1 | userdel -r anna |
delete completely all the username’s file and dir, use “-r”
gpasswd
1 | gpasswd group name |
create a passwd for this group
1 | gpasswd -A username groupname |
Let username to be the administrator of groupname
Then user can use gpasswd to add new user to this group
Access control list
Aim to:
users not the owner of file
groups not the group of file
specific to file or dir
check the file or dir’s acl status
1 | getfacl filename |
let user anna has rx rights to file /etc/shadow
“d:” means let anna has rx rights all the way down to /srv dir
1 | setfacl -m u:anna:rx /etc/shadow |
1 | setfacl -x u:anna /etc/shadow |
delete user anna rights from ACL, doesn’t need to specific the rwx
1 | setfacl -b filename |
delete all acl config from file or dir
Some useful command to check the state of id or password
1 | id |
check the password
1 | pwck |
check the group status
1 | grpck |