Linux Fundamentals 03-Users and Permissions

(1) Documents:
R: Readable, you can use similar commands such as cat to view the contents of the file;
W: writable, can edit or delete this file;
X: Executable, exacutable, can be at the command prompt as a command to submit to the kernel to run;

(2) Catalogue:
R: You can perform LS on this directory to list all internal files;
W: Files can be created in this directory;
X: You can switch to this directory using a CD, or you can use Ls-l to view the details of the internal files;

0---: No permissions
1 001--x: Execution
2 010-w-: Write
3 011-wx: Write and Execute
4 r--: Read-only
5 101 R-x: Read and Execute
6 rw-: Read and Write
7 111 rwx: Read and write execution

(3)
User: UID,/etc/passwd//Store ID number of each user, password (not shown, security, will refer to shadow password), etc.
Group: GID,/etc/group//Store ID number, password, etc. for each group.

The location of the shadow password (user and group password):
Users:/etc/shadow
Group:/etc/gshadow

(4) User category (ID number range):
Admin: 0
Normal Users: 1-65535
System users: 1-499
General Users: 500-60000

User Group Category:
Administrators group:
Normal Group:
System Group:
General Group:

User Group Category:
Private group: When you create a user, a group that has the same name as the user name is automatically created if the group to which it belongs is not specified.
Basic group: The default group for the user.
Additional groups, additional groups: groups other than the default group.

(5)
/etc/passwd Field Description:
Account: Login Name
Password: password
Uid:
GID: Basic Group ID
Comment: Notes
Home dir: Home directory
Shell: User's default shell

/etc/shadow Field Description:
Account: Login Name
Encrypted Password: encrypted password

(6)
Encryption method:
Symmetric encryption: Encrypt and decrypt using the same password
Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key
One-way encryption, hash encryption: Extracting data signatures, often used for data integrity checks
1. Avalanche effect
2, fixed-length output
Md5:message Digest, 128-bit fixed-length output
Sha1:secure Hash algorithm, 160-bit fixed-length output

(7) Add Users and groups:
Ls-l $ (which useradd)//list Useradd
Useradd USERNAME
Groupadd GRPNAME//can view/etc/group view

View File type: File
To view the default append user's rule file: Cat/etc/default/useradd

User management:
Useradd, Userdel, Usermod, passwd, Chsh, CHFN, finger, id, chage

Group Management:
Groupadd, Groupdel, Groupmod, gpasswd

Rights Management:
Chown, Chgrp, chmod, umask

(8) The field meaning of the file associated with the user and group.
/ETC/PASSWD: (Go to the file, view user information)
User name: Password: uid:gid: Comments: Home directory: Default Shell

/etc/group (go to the file to view additional group information):
Group name: Password: GID: List of users with this group attached to the group

/etc/shadow:
User name: Password: Last time the password was modified: Minimum Age: Maximum Age: Warning Time: Inactive time: Expiry time:

(9) User management:
Useradd, Userdel, Usermod, passwd, Chsh, CHFN, finger, id, chage

useradd [Options] USERNAME
-U UID//manually specify user ID.
-G GID//(specify basic Group)
-G GID,...//(Specify additional groups, multiple when separated by commas.) ）
-C "COMMENT"
-d/path/to/directory//Specify home directory, default to/home/user name
The-s shell specifies the shell path used by the user (example:/bin/bash or Tcsh or CSH),
-m-k//When using the-K-M option, the Bash profile in/etc/skel is copied to the user's home directory.
-m//forces the user to create a home directory, even if the profile login.defs is defined to create a home directory for the user.
-R: Adding system users

/etc/shells: Specifies the security shell that is available for the current system

• View the shell of the current system.
$SHELL Example: Echo $SHELL

• Create a user's configuration information file (contains: password, home directory and other information)
/etc/login.defs

• Environment variables:
PATH
Histsize
SHELL
Example: $ PATH

(10)
Userdel:
Userdel [option] USERNAME
By default, only users are deleted and home directories are not deleted.
-r: Delete User's home directory at the same time

ID: View user's account attribute information
-U//view User ID number
-G
-G
-N//Combined with other options, the display name does not display an ID number.
Cases:
Id-u user1
Id-g user1
Id-g user1
Id-g
Id-u-N User1
ID-G-N User1
Id-gn

finger: View user account information
Finger USERNAME

(11)
To modify user account properties:
Usermod
-U UID//Modify User ID
-G GID//Modify Basic Group
-a-g GID: Do not use the-a option, will overwrite the previous additional group;
Use the-a option to add a new additional group.
-c//annotation information
-D-M: Two parameters to be in common with, and then guarantee to change the new home directory,
Copy the configuration from the original home directory to the new home directory.
-S
-L
-L: Lock account
-U: Unlock Account

(12)
CHSH: Modifying the user's default shell
Example: Chsh User01

(13)
CHFN: Modify User comment information

(14) Password management:
Ordinary users can only change their passwords by passwd.

passwd [USERNAME]
--stdin//Receive user input
-L//Lock user account
-u//Unlock user account
-D://delete user password

pwck: Checking user account Integrity

Cases:
Ech0 "MYPASSWD" | passwd--stdin User01//Avoid having the user enter the password manually

(15) Group Management
Create Group: Groupadd
Groupadd
-G GID//Specifies the group ID, which defaults to 500 after subsequent from the previous group ID.
-R: Added as System group

(16)
Groupmod
-G GID//modify group ID
-N GRPNAME
(17)
Groupdel//Delete group

(18)
GPASSWD: Setting a password for a group

(19) switch to the new group
Newgrp GRPNAME <--> Exit
Cases:
Newgrp MyGroup

Cases:
1, create a user Mandriva, whose ID number is 2002, the basic Group is distro (group ID 3003), the additional group is Linux;
# groupadd-g 3003 distro
# Groupadd Linux
# useradd-u 2002-g distro-g Linux Mandriva
2, create a user fedora, whose full name is Fedora Community, the default shell is tcsh;
# useradd-c "Fedora Community"-s/bin/tcsh Fedora
3, the change Mandriva ID number is 4004, the basic group is Linux, the additional group is distro and fedora;
# usermod-u 4004-g linux-g Distro,fedora Mandriva
4, to Fedora Plus password, and set its minimum password period of 2 days, the longest is 50 days;
# passwd-n 2-x Fedora

5. Change the default shell of Mandriva to/bin/bash;
Usermod-s/bin/bash Mandirva
6, add the system user HBase, and do not allow its login system;
# useradd-r-s/sbin/nologin HBase

(20) Modify User password expiration information
Chage
-D: Last modification time
-E: Expiration time
-I: Inactive time
-M: Minimum period of use
-M: Maximum lifespan
-W: Warning time

Linux Fundamentals 03-Users and Permissions