user-permissions
@chaterm · 收录于 1 周前
Linux user and permission management
适合你,如果需要管理 Linux 系统的用户和权限。
/ 下载安装
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code
~/.claude/skills/(项目级 .claude/skills/)Codex CLI
~/.codex/skills/Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add chaterm/terminal-skills/user-permissions/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- chaterm/terminal-skills/user-permissions/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify chaterm/terminal-skills/user-permissions安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
48GitHub stars
~943上下文体积 · 单文件
镜像托管
怎么用
技能原文 SKILL.md
User and Permission Management
Overview
Linux user management, group management, sudo configuration, ACL permissions and other skills.
User Management
View Users
# Current user whoami id # User information id username finger username # All users cat /etc/passwd getent passwd # Logged in users who w last # Login history
User Operations
# Create user useradd username useradd -m -s /bin/bash username # Create home directory, specify shell useradd -G group1,group2 username # Specify supplementary groups # Modify user usermod -aG groupname username # Add to group usermod -s /bin/zsh username # Change shell usermod -L username # Lock user usermod -U username # Unlock user # Delete user userdel username userdel -r username # Also delete home directory # Change password passwd username passwd -l username # Lock password passwd -u username # Unlock password chage -l username # View password policy
Group Management
View Groups
# User's groups groups username id -Gn username # All groups cat /etc/group getent group # Group members getent group groupname
Group Operations
# Create group groupadd groupname groupadd -g 1001 groupname # Specify GID # Modify group groupmod -n newname oldname # Rename # Delete group groupdel groupname # Manage group members gpasswd -a username groupname # Add user gpasswd -d username groupname # Remove user gpasswd -M user1,user2 groupname # Set member list
sudo Configuration
Basic Usage
# Execute as root sudo command sudo -i # Switch to root shell sudo -u username command # Execute as another user # View permissions sudo -l
sudoers Configuration
# Edit sudoers (recommended method) visudo # Or edit files under /etc/sudoers.d/ visudo -f /etc/sudoers.d/username
Common Configuration Examples
# /etc/sudoers.d/username # Full privileges username ALL=(ALL:ALL) ALL # No password required username ALL=(ALL) NOPASSWD: ALL # Specific commands username ALL=(ALL) /usr/bin/systemctl restart nginx # Specific commands without password username ALL=(ALL) NOPASSWD: /usr/bin/docker # Group privileges %groupname ALL=(ALL) ALL
ACL Permissions
View ACL
getfacl file getfacl -R dir # Recursive view
Set ACL
# Set user permissions setfacl -m u:username:rwx file setfacl -m u:username:rx dir # Set group permissions setfacl -m g:groupname:rx file # Set default ACL (new files inherit) setfacl -d -m u:username:rwx dir # Recursive set setfacl -R -m u:username:rx dir # Remove ACL setfacl -x u:username file # Remove specific setfacl -b file # Remove all
Special Permissions
SUID/SGID/Sticky
# SUID (4) - Execute as file owner chmod u+s file chmod 4755 file # SGID (2) - Execute as file group/directory inherits group chmod g+s file chmod 2755 dir # Sticky (1) - Only owner can delete chmod +t dir chmod 1777 dir # View ls -la # -rwsr-xr-x SUID # -rwxr-sr-x SGID # drwxrwxrwt Sticky
Common Scenarios
Scenario 1: Create Developer User
# Create user and group groupadd developers useradd -m -s /bin/bash -G developers devuser # Set password passwd devuser # Configure sudo echo "devuser ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/systemctl" > /etc/sudoers.d/devuser chmod 440 /etc/sudoers.d/devuser
Scenario 2: Shared Directory Permissions
# Create shared directory mkdir /shared groupadd shared chown root:shared /shared chmod 2775 /shared # SGID ensures new files inherit group # Add users to group usermod -aG shared user1 usermod -aG shared user2
Scenario 3: Restrict User to Specific Commands
# /etc/sudoers.d/limited-user limited ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/journalctl
Troubleshooting
| Problem | Solution | |---------|----------| | sudo permission denied | Check /etc/sudoers.d/ configuration | | User cannot login | Check shell, password lock status | | Group permissions not working | Re-login or newgrp groupname | | ACL not working | Check if filesystem supports ACL |
按 Apache-2.0 许可原样转载,未经改动 · 在 GitHub 查看 →
评论
登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。
…