Linux Basics (vii)

Users, Groups, permissions

Security context

Permissions
R,w,x

File:
R: Readable, you can view the contents of the file using commands like Cat
W: writable, can edit or delete this file
X: Executable, can be submitted to the kernel at the command prompt as a command to run

Directory:
R: You can perform LS on this directory to list all internal files
W: You can create a file for this directory
X: You can switch to this directory using a CD, or you can use Ls-l to view the internal

R:4
W:2
X:1

Three types of users
U: Owner
W: Genus Group
O: Other users

Users: UID,/ETC/PASSWD
Group: Gid/etc/group

Shadow password
Users:/etc/shadow
Group:/etc/gshadow

User type
Admin: 0
Normal Users: 1-65535
System users: 1-499
General Users: 500-60000

User Group Category:
Administrators group:
Normal Group:
System Group
General Group

User Group Category:
Basic group: Default group for users
Private group: When a user is created, a group with the same name as the user name is automatically created if the group to which it belongs is not specified
Additional groups, additional groups: groups other than the default group

cat/etc/passwd
User name, login password, uid,gid, comment, home directory, user default shell

Cat/etc/shadow
Login name, encrypt password,

Cat/etc/group
Group name, password locator, group ID, List of users with this group as additional groups
Encryption method
Symmetric encryption: Encrypt and decrypt using the same password
Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key
Single encryption: Hash encryption, extract data signatures
Cat/etc/shells
Specifies the installation shell that is available on the current system

User management:
Useradd Userdel usermod passwd chsh chfn finger ID chage
Group Management
Groupadd Groupdel Groupmod gpasswd
Rights Management
Chown chgrp chmod umask

Useradd
-U UID
-G GID (Basic Group)
-G GID, ... (Additional groups)
-C "COMMENT" specifies annotation information
-d/path/to/somedirectory Specify home Directory
-S Shell environment variables
-M does not create home directory when creating
-R
Environment variables:
PATH
Histsize
SHELL



Useradd-g MyGroup User3
Tail-l/etc/passwd
Tail/etc/group

#useradd-M User7
#su-user7
-bash-3.2$ pwd
/root



Userdel
Add user name, do not delete their home directory
-R Delete User's home directory while deleting



Id
User name of the-NU user
Group name of the-ng user group
-ng group name for each group

Modify user account Properties
Usermod
-U UID
-G GID
-a-g GID adds additional groups to the user in the case of the original additional group. Not applicable-A will overwrite previous additional groups
-C
-d-m; Specify the location of the new home directory, and move the previous file to the new home directory
-S
-L change user name
-L Lock Account
-U Unlock Account




Finger: User account information
Finger username
CHSH: Modifying the user's default shell
CHFN: Modify Information
Finger,chsh,chfn the three of them are mutually used.

Password Management:
passwd
--stdin not used interactively
-L Lock
-U unlock
-D Remove Password

Echo ' 123 ' |passwd--stdin User3

PWCK: Checking user account Integrity

Groupadd
-G GID
-R Add a system group with no home directory for system users


Groupmod
-G GID
-n Specifies the new group name

Groupdel

GPASSWD Group name: Set password for group

NEWGRP Group name: Log in to the new group and exit with exit

Practice:
1 Create user Mandriva,id for 2002, Basic Group distro (group id3003), additional group Linux
# groupadd-g 3003 distro
#groupadd Linux
#useradd-u 2002-g distro-g linux Mandriva

2 Create user Fedora, full name Fedora COMMENT, default shell is tcsh
# useradd-c "Fdora Community"-s/bin/tcsh Fedora

3 modified Mandriva ID 4004, Basic Group Linux, additional group distro and Fedora
#usermod-u 4004-g linux-g distro,fedora Mandriva

4 Add a password to Fedora and set its password to a minimum of 2 days and a maximum of 50 days
# passwd-n 2-x Fedora
5 Change the default shell of Mandriva to/bin/bash
#usermod-S/bin/bash mandirva
6 Add the System user HBase and do not allow it to log on to the system
# useradd-r-s/sbin/nologin HBase

Chage
-D time of last modification
-E Expiration Time
-I inactivity time
-m minimum term of use
-M maximum lifespan
-W Warning Time

Three types of users
U: Owner
W: Genus Group
O: Other users

Chown: Change file Owner (Administrator use this command)
-R: Modify the owner of the directory and its internal files
--reference=/path/to/somfile file
Change the/tmp/abc property to match the/tmp/dfe property
Chown--reference=/tmp/abc/tmp/dfe

chmod: Modify File permissions
-R
--reference=/path/to/somefile file

Modify a user or some class user right, a bit or some bit permission
u,g,o,a+,-

The type of shell that stands in terms of user login:
Log-in Shell:
Log in to a terminal normally
Su-username
Su-l username

Non-sign-on shell
Su USERNAME
Open Command Window under graphics terminal
Automating shell Script Execution


Bash's configuration file
Global configuration
/etc/profile,/etc/profile.d/*.sh,/ETC/BASHRC
Personal configuration
~/.bash_profile, ~/.BASHRC

File for Profile class:
Setting environment variables
Run a command or script (one login)

The BASHRC class is a file:
Setting Local Variables
Defining command aliases

How the login shell reads the configuration file:
/etc/profile-->/etc/profile.d/*.sh---~/.bash_profile, ~/.BASHRC--/ETC/BASHRC

How to configure a file for a non-logon shell:
~/.BASHRC--/ETC/BASRC-/etc/profile.d/*.sh

Linux Basics (vii)