Linux User and permissions detailed

Encryption method:

Symmetric encryption: Encrypt and decrypt using the same password

Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key

One-way encryption, hash encryption: Extracting data signatures, often used for data integrity checks

1. Avalanche effect

2, fixed-length output

Md5:message digest,128 fixed-length output

Sha1:secure Hash algorithm,160 bit fixed length output

Useradd NAME

Groupadd GROUPNAME

User management:

Useradd,userdel,usermod,passwd,chsh,chfn,finger,id,chane

Group Management:

gourpadd,groupdel,groupmod,gpasswd

Rights Management:

Chown,chgrp,chmod,umask

useradd [Options] USERNAME

-U UID, uniqueness, ≥500

-G GID (Basic Group)

-G GID, ... (Attachment group, additional group) can have multiple attachment groups

-C "COMMENT"

-d/path/to/somedirectory, specify home directory

-s Specifies the shell path

-m-k Creating a home directory

-M does not create home directories for users

-K

/etc/login.defs

[Email protected] default]# useradd-c "Tony blare"-d/home/blare user4

[Email protected] default]# tail-1/etc/passwd

User4:x:1003:1003:tony Blare:/home/blare:/bin/bash

/etc/shells: Specifies the security shell that is available for the current system

Userdel:

Userdel [option] USERNAME the user's home directory is not deleted by default.

-R: Delete the user's home directory at the same time.

ID: View the user's account attribute information.

-U

-G

-G

-N

Finger: View user account information

Finger USERNAME

How to modify the account attribute information:

Usermod:

-U Modify UID

-G GID

-G GID Change the additional group, if there are additional groups, and then change the additional group, the preceding additional group is lost, if you do not want to lose, with option-a

-C Display annotation information

-D-M: Move the previous home directory to the new home directory

-S

-L: Change user login name

-L lock account, similar to disable

-U Unlock Account

CHSH: Changing the user shell

CHFN: Modifying annotation information

Password Management:

passwd [USERNAME] Modify user password

--stdin receives password information from other locations, for example: pipe information.

-L Lock Password

-U unlock Password

-D Delete account password

Pam:

PWCK: Checking the integrity of user accounts

Group Management:

Create Group: Groupadd

Groupadd

-g Specifies GID, if not specified, greater than 500, from the largest GID plus 1

-R Add a system user, System group usually does not have home directory, cannot log on system

Groupmod: Modifying groups

-G GID

-N GRPNAME

Groupdel: Deleting a group

GPASSWD: Add password to group, followed by group name

Newgrp GRPNAME <--> Exit

Chage: Change user password expiration information.

-D: Last modification time

-E: Expiration time

-I: Inactive time

-M: Minimum period of use

-M: Maximum lifespan

-W: Warning time

Rights Management:

There are three types of users per file

Three types of permissions

R: Readable

W: Writable

X: Executable

Three types of users:

U: Owner

G: Genus Group

O: Other users

Chown: Change file owner (only administrators can use this command)

#chown USERNAME file ....

-R: Modifies the owner of the directory and its internal files.

--reference=/path/to/somefile file

Chown username:grpname file .... If the username before the colon is removed, only the genus Group is changed, and the owner is not changed.

Chown USERNAME. GRPNAME file .... equals Username:grpname

CHGRP: Change file group, only administrator has permission

# chgrp GRPNAME file ....

-R

--reference=/path/to/somefile file

chmod: Modify File permissions

Modify permissions for three categories of users

chmod MODE file ..... Specify permissions, octal permissions

-R

--referrence=/path/to/somefile file ....

Modify permissions for a user or some class of user

U,g,o,a (All users)

chmod user category =mode file ....

[Email protected]/]# chmod U=RWX/TMP/ABC

Modify a bit or some bit permission for a certain type of user

chmod user category + permissions | File ....

chmod user Category-Permissions | File ...

Umask: Masking Code

666-umask

777-umask

The file cannot have execute permissions by default, and if the result has Execute permissions, add 1 to its permissions:

umask:023

File: 666-023=643 x

Catalog: 777-023=754

Don't want others to have permission to execute, umask027.

User's login:

User Shell login type, standing in the user's view:

1. Landing shell

A shell that is normally landed through a terminal

Su-username

Su-l USERNAME

2. Non-landing shell

Su USERNAME

The command window opened in the graphics terminal is also non-logged

Automatically executed shell scripts are also non-logged-in

Bash configuration file:

Two categories:

1. Full Distance configuration

/etc/profile,/etc/profile.d/*.sh,/ETC/BASHRC configuration files, which are configured for all users.

2. Personal configuration

~/.bash_profile, ~/.BASHRC

The smaller the scope, the more effective

File for Profile class:

Setting environment variables

Run a command or script to do some preparatory work before the user logs in.

Files of the BASHRC class

Setting Local Variables

Defining command aliases

Log-in Shell How to read a configuration file

/etc/profile--/etc/profile.d/*.sh--and ~/.bash_profile--~/.BASHRC--/ETC/BASHRC

How do I configure a file for a non-logged-in shell?

~/.BASHRC--/ETC/BASHRC-/etc/profile.d/*.sh

BASH: script interpreter

Environment variables

PATH

Histsize

SHELL

The group must implement the existence

Linux User and permissions detailed