Linux Learning Sixth Lesson-user, group permissions

Linux Learning Sixth session

--------------------------------------------------------------------------------------------------------------- -------------------------------------------------

34, Security 3A

Certified Authentication

Authorized authorization

Audit accounting

35. User and group configuration files

/ETC/PASSWD: User and its attribute information, where the user's primary group information is located;

/etc/group: Group and its attribute information, only additional group information;

/etc/shadow: User password and its related attributes;

/etc/gshadow: group password and its related attributes;

/etc/default/useradd: Create the default file used by the user;

/etc/skel: The new user is calling the configuration within this folder;

/etc/login.defs: Set the user account limit of the file, where we can configure the maximum number of days to expire password, password maximum length constraints, and other content ;

36. Password File description

The following statements are obtained after CAT/ETC/PASSWD

Format is

(1) Account name: (2) Password: (3) User id: (4) Group ID: (5) User annotative Description: (6) Work start directory: (7) Login shell (if set to not login to /sbin/nologin)

This statement can be obtained after Cat/etc/shadow,

Format is

(1) Account name:(2)Password (after sha512 encryption algorithm):(3)The last time the password was changed (the value of 17738*86400 is then converted using date [email protected]):(4)The minimum number of days to change the password again:(5)Maximum number of days to continue:(6)How many days in advance warning Change Password:(7)How many days can you use your password after it expires:(8)Account Expiration Date:(9)Reserved

37. Permission related

Ll/root can be obtained after the figure

The second row of the first line as an explanation use case

-rw-------. 1 root root 1825 date Time file name

D rwx r-x r-x. 2 root root 6th period Time file name

File is-, the directory is D; three bit a look, rwx for the readable writable executable, root user rights, R-x read-only executable, root group permissions; r-x read-only executable, other others permissions; represents the security context in which the file has SELinux

Cannot set permissions under the FAT file system because the file system is not supported;

After creating a folder, umask its value, the larger the umask, the smaller the directory can operate;

Umask Value Related calculations: umask+ default = Directory 777 | File 666, when a file umask a value of 022, its permission is 666-022=644, that is read-write-reading-read, if the reduction of each bit odd, odd +1 is the value; The value of the catalog minus is not added and subtracted;

Special permissions:

SUid: When the file is accessed, it will allow the visitor to inherit the owner's permissions, only for binary executable programs;

SGid: When the role is in the directory, the group that owns the new file automatically inherits the owning group of this directory; When the user executes the program, the user inherits the permissions of all the groups in the file.

Sticky: Sticky key, the directory subdirectory or file can be newly modified delete, but only for their own new files;

Linux Learning Sixth Lesson-user, group permissions