‹ 首页

user-permissions

@chaterm · 收录于 1 周前

Linux user and permission management

适合你,如果需要管理 Linux 系统的用户和权限。

/ 下载安装
user-permissions.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add chaterm/terminal-skills/user-permissions
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- chaterm/terminal-skills/user-permissions
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify chaterm/terminal-skills/user-permissions
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
48GitHub stars
~943上下文体积 · 单文件
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · Apache-2.0 · 464c295

User and Permission Management

Overview

Linux user management, group management, sudo configuration, ACL permissions and other skills.

User Management
View Users
# Current user
whoami
id

# User information
id username
finger username

# All users
cat /etc/passwd
getent passwd

# Logged in users
who
w
last                                # Login history
User Operations
# Create user
useradd username
useradd -m -s /bin/bash username    # Create home directory, specify shell
useradd -G group1,group2 username   # Specify supplementary groups

# Modify user
usermod -aG groupname username      # Add to group
usermod -s /bin/zsh username        # Change shell
usermod -L username                 # Lock user
usermod -U username                 # Unlock user

# Delete user
userdel username
userdel -r username                 # Also delete home directory

# Change password
passwd username
passwd -l username                  # Lock password
passwd -u username                  # Unlock password
chage -l username                   # View password policy
Group Management
View Groups
# User's groups
groups username
id -Gn username

# All groups
cat /etc/group
getent group

# Group members
getent group groupname
Group Operations
# Create group
groupadd groupname
groupadd -g 1001 groupname          # Specify GID

# Modify group
groupmod -n newname oldname         # Rename

# Delete group
groupdel groupname

# Manage group members
gpasswd -a username groupname       # Add user
gpasswd -d username groupname       # Remove user
gpasswd -M user1,user2 groupname    # Set member list
sudo Configuration
Basic Usage
# Execute as root
sudo command
sudo -i                             # Switch to root shell
sudo -u username command            # Execute as another user

# View permissions
sudo -l
sudoers Configuration
# Edit sudoers (recommended method)
visudo

# Or edit files under /etc/sudoers.d/
visudo -f /etc/sudoers.d/username
Common Configuration Examples
# /etc/sudoers.d/username

# Full privileges
username ALL=(ALL:ALL) ALL

# No password required
username ALL=(ALL) NOPASSWD: ALL

# Specific commands
username ALL=(ALL) /usr/bin/systemctl restart nginx

# Specific commands without password
username ALL=(ALL) NOPASSWD: /usr/bin/docker

# Group privileges
%groupname ALL=(ALL) ALL
ACL Permissions
View ACL
getfacl file
getfacl -R dir                      # Recursive view
Set ACL
# Set user permissions
setfacl -m u:username:rwx file
setfacl -m u:username:rx dir

# Set group permissions
setfacl -m g:groupname:rx file

# Set default ACL (new files inherit)
setfacl -d -m u:username:rwx dir

# Recursive set
setfacl -R -m u:username:rx dir

# Remove ACL
setfacl -x u:username file          # Remove specific
setfacl -b file                     # Remove all
Special Permissions
SUID/SGID/Sticky
# SUID (4) - Execute as file owner
chmod u+s file
chmod 4755 file

# SGID (2) - Execute as file group/directory inherits group
chmod g+s file
chmod 2755 dir

# Sticky (1) - Only owner can delete
chmod +t dir
chmod 1777 dir

# View
ls -la
# -rwsr-xr-x  SUID
# -rwxr-sr-x  SGID
# drwxrwxrwt  Sticky
Common Scenarios
Scenario 1: Create Developer User
# Create user and group
groupadd developers
useradd -m -s /bin/bash -G developers devuser

# Set password
passwd devuser

# Configure sudo
echo "devuser ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/systemctl" > /etc/sudoers.d/devuser
chmod 440 /etc/sudoers.d/devuser
Scenario 2: Shared Directory Permissions
# Create shared directory
mkdir /shared
groupadd shared
chown root:shared /shared
chmod 2775 /shared                  # SGID ensures new files inherit group

# Add users to group
usermod -aG shared user1
usermod -aG shared user2
Scenario 3: Restrict User to Specific Commands
# /etc/sudoers.d/limited-user
limited ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/journalctl
Troubleshooting

| Problem | Solution | |---------|----------| | sudo permission denied | Check /etc/sudoers.d/ configuration | | User cannot login | Check shell, password lock status | | Group permissions not working | Re-login or newgrp groupname | | ACL not working | Check if filesystem supports ACL |

按 Apache-2.0 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。