Users, Groups,

User ID, Password:

Authentication Certification

Authorzation Authorization

Audition Audit

This is the 3A mechanism,

User category: Divided into administrators and ordinary users, and the ordinary user can be divided into system users and login users

User ID: The system according to the UID to differentiate the user, its value range is 16bits binary number: 0-65535

Administrator: with 0 to indicate

Normal Users: 1-65535

System users: 1-499, is centos6;1-999 is centos7;

Login User: 500-60000CENTOS6; 1000-60000centos7

Name resolution: Name translation

Computer-designated binary numbers

Based on the name resolution library:/ETC/PASSWD

User Group Category 1: Divided into the Administrator group and the ordinary user group, the ordinary user group can be divided into the System user group and the logon user group

User group ID: the system according to GID to differentiate the user, its value range is 16bits binary number: 0-65535

Administrators group: 0 indicates

Normal User group: 1-65535

System User group: 1-499, is centos6;1-999 is centos7;

Login user group: 500-60000CENTOS6; 1000-60000centos7

Name resolution: Name translation

Computer-designated binary numbers

Based on the name resolution library:/etc/group

Group Category 2: Additional groups for users ' basic group users

Group Category 3: Private group, with user name, and contains only one user; public group, group contains multiple users;

Certification information:

Whether the information provided by the login is consistent with the prior storage of the data;

Password:/etc/shadow/etc/gshadow

Password Usage Policy:

1, use random password;

2. Minimum length not less than 8 bits

3. You should use at least three of the uppercase, lowercase letters, numbers, punctuation

4. Regular replacement

Plain text--> cipher text

Inscription cipher Text

Cryptographic algorithms:

Symmetric encryption: Encrypt and decrypt using the same password:

Asymmetric encryption: A pair of keys used for encryption and decryption:

Secret key pair:

Key: Public key

Private key:

Single encryption: Can only encrypt, cannot decrypt: proposed data signature:

Fixed-length output: It's okay with the original amount of data

An avalanche effect; a small change in initial state will cause a great change in the result, 650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M00/85/30/ Wkiom1ectc-rnhrbaaahkivndmg833.png "title=" 1.png "alt=" Wkiom1ectc-rnhrbaaahkivndmg833.png "/>

Algorithm:

Md5sum:message Digest

Sha1sum:secure Hash Algorithm 126 bits

Sha224sum:secure Hash Algorithm 224 bits

Sha256sum:secure Hash Algorithm-Bits

Sha384sum:secure Hash Algorithm 384 bits

Sha512sum:secure Hash Algorithm Bits

Add salt at the time of calculation, adding random numbers

/ETC/PASSWD: User's information base

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/30/wKioL1ecUQyCRSOaAAARFma5EBE522.png "title=" 1.png " alt= "Wkiol1ecuqycrsoaaaarfma5ebe522.png"/>d

7 fields separated by a colon

User name password placeholder UID GID Comment Home directory shell

/etc/shadow: User Password

9-character segments separated by a colon

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/30/wKiom1ecUkHCU3iLAAAnkezAaVw928.png "title=" 1.png " alt= "wkiom1ecukhcu3ilaaankezaavw928.png"/> Login name: encrypted password: Last password change: The minimum age of Password: maximum password Age: password warning Time: Password disable time: Account expiration Date: Reserved field

/etc/group

Four fields

Group name: Password placeholder: GID: List of users

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/30/wKioL1ecVZnTLBwiAAAPOspMJYk950.png "title=" 1.png " alt= "Wkiol1ecvzntlbwiaaapospmjyk950.png"/>

Linux User and Group management

The security context;

Process runs as initiator non-identity:

The process's access to the file depends on the permissions of the user initiating the process;

System User: In order to enable the background process or service process to run as a non-administrator, usually create a normal user, such users never log on to the system;

User Management commands

Useradd Usermod Userdel

useradd [Options] LOGIN

-U UID: [Uid_min, Uid_max] defined in/etc/login.defs

-O with-u option to not check UID uniqueness

-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID

-C "COMMENT": User's comment information

-D Home_dir: Home directory with the specified path (not present)

-S Shell: Indicates the user's default shell program

Available lists in the/etc/shells file

-G group1[,group2,...] : To indicate additional groups for the user, the group must exist beforehand

-N Do not create private group master group, use the Users group master Group

-r: Create System user CentOS 6:id<500,centos 7:id<1000

Example: 1, create user Gentoo, additional group is bin and root, default shell is/BIN/CSH, annotated message is "Gentoo distribution"

Useradd-g root,bin-s/bin/csh-c "Gentoo distribution" Gentoo

Examples:

2. Create the following user, group, and group memberships

Group with the name Admins

User Natasha, using admins as a subordinate group

User Harry, also use admins as a subordinate group

User Sarah, no interactive login system, and not a member of admins, Natasha,harry,sarah password is CentOS

[Email protected] ~]# groupadd Admins

[Email protected] ~]# useradd-g admins Natasha

[Email protected] ~]# useradd-g admins Harry

[Email protected] ~]# useradd-s/sbin/nologin Sarah

[Email protected] ~]# echo "CentOS" | passwd--stdin Natasha

Changing password for user Natasha.

Passwd:all authentication tokens updated successfully.

[Email protected] ~]# echo "CentOS" | passwd--stdin Harry &>/dev/null

[Email protected] ~]# echo "CentOS" | passwd--stdin Sarah &>/dev/null

Usermod command:

Usermod[option] Login

-U uid: New UID

-G GID: New Basic Group

-G group1[,group2,... [, GROUPN]] : The new add-on group, the original additional group will be overwritten, if the original, you want to use the-a option at the same time, indicating append;

-S shell: new default shell;

-C ' COMMENT ': new annotation information;

-D Home: The new home directory will not be created automatically, the files in the home directory will not be moved to the new home directory at the same time, to create a new home directory and move the original home data, while using the-m option

-L login_name: new name;

-l:lock Specify the user, add in the/etc/shadow password bar!

-u:unlock Specify the user, will/etc/shadow the password bar! Take it off.

-E YYYY-MM-DD: Indicates the user account expiration date;

-F INACTIVE: set inactivity period;

Useradd command:

-R: Delete home directory;

Examples:

5. The contents of the File1 file are: "1 2 3 4 5 6 7 8 9 10" Calculates the sum of all numbers

[[email protected] ~]# echo {1..10} | TR "" + "|BC

55

6, processing string "Xt.,l 1 jr#! $mn 2 c*/fe3 uz4", keep only the numbers and spaces

7. Display the path variable in a separate row for each directory

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/85/34/wKioL1eckGuS_UUYAAAKE0FFgfo317.png "title=" 1.png " alt= "Wkiol1eckgus_uuyaaake0ffgfo317.png"/>

8. Delete blank lines of the specified file

9. Display each word (letter) in the file in a separate line with no blank lines

[[email protected] ~]# echo "AA bb cc dd EE ff" | Tr ' \ n '

Aa

Bb

Cc

Dd

Ee

Ff

us

passwd command:

-L: Lock user

-U: Unlocking the user

-D: Remove user password

-E: Expiration period, date

-I: Inactive time

-N: Minimum password usage period

-X: Maximum password lifetime

-W: Warning period

--stdin:

echo "passwd" | passwd--stdin Name

GPASSWD command

Group Password file:/etc/gshadow

GPASSWD [Options] Group

-a USERNAME: adding users to a group

-D USERNAME: Removing users from a group

NEWGRP command:

Log in to a new group

NEWGRP [-] [group]

-: Will impersonate the user to log in to this group again

Chage command:

Change the expiration information for a user's password

Chage

-D: Date of last change

-E: Account expiry date: The account is not available for this day 1

-M: Minimum Password change time

-M: How many days will the password be retained cha

ID Command: Displays the user's real and valid information

ID neme other users '

ID shows itself

-U: Show only valid UID

-G: Show only basic GID

、

-G: Displays the ID of all groups

-N: Display name instead of ID

SU command: Swith user

Logon switching: Re-initialized by reading the user's configuration file

Su-name

Su-l Name

Do not log on switch: The user's configuration file is not read for initialization

Su Name

Note: An administrator can switch to another user without a password, and the other user switches to root with a password

su name-c ' command ': Run the commands specified here only as the specified user;

Users, Groups,