10-linux Basic Primer (eight)-user and group and timestamp basis for file and directory attributes and permissions

I. Overview

Linux is a multi-user, multi-tasking operating system, for Linux systems, because of different roles, the permissions and the tasks completed are different. The user's role is identified by UID and GID, the UID of the user is equivalent to our ID card, the user name is the equivalent of our name. These include:

The UID (user identity), which is the equivalent of your ID, is unique in the system.

GID (group Identity), set ID, equivalent to your family or your school ID.

Second, the user

1. Super User

The default is the root user, whose UID and GID are all 0. Root user in each Linux operating system is unique and real, through he can log on to the system, the operating system can be any file and command in the operating system, with the highest administrative rights.

In a production environment, it is generally forbidden to connect to the server remotely via SSH, or to improve the security of the system by changing the default SSH port.

2, ordinary users

is added by operations or systems administrators who have administrator root privileges, so that users can log on, but with minimal permissions. He can manipulate the files in his home directory, and he can't do anything else.

3. Virtual User

In contrast to real-world users, the biggest feature of this type of user is that the system is installed by default and most of them cannot log on to the system by default.

Add: Linux Security optimization

① Install the system can remove the use of virtual users, but it is best not to delete, but comments out, in case the problem can be recovered.

② when we deploy our own services, we also create virtual users to meet the needs of our services.

Example: Apache, Nginx, MySQL, NFS, rsync, Nagios, Zabbix, Redis

4. UID description for different user roles in Linux system

0 super users

1-499 Virtual Users

500-65535 General Users

Third, the user group

Each user also belongs to a group, if the user does not add the group is the same name as the user group, the user-group relationship is divided into a pair of one or one-to-many, many-to-one, many-to-many.

Iv. user and group configuration files

1. User Configuration file/etc/passwd

/etc/passwd file Each row defines a user account, how many lines to indicate how many accounts, in a row can be clearly seen, the content by using the ":" number divided into several characters, a total of 7 parts, the 7 sections respectively defined the attributes of the account, passwd the actual contents of the file as follows:

[Email protected] ~]# head-5/etc/passwd #通过head命令查看 The first 5 lines of/etc/passwd

Root:x:0:0:root:/root:/bin/bash

Bin:x:1:1:bin:/bin:/sbin/nologin

Daemon:x:2:2:daemon:/sbin:/sbin/nologin

Adm:x:3:4:adm:/var/adm:/sbin/nologin

Lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

The meaning of each column is as follows:

Root	: X	: 0	: 0	: Root	:/root	:/bin/bash
Account name	: Account password	: Account UID	: Account GID	: User Description	: User Home Directory	: Shell Interpreter

Attention:

① account name is unique and cannot be duplicate.

② password because it is not safe, go to/etc/shadow.

2. User Shadow password file/etc/shadow

Because the passwd file must be readable by all users, it poses a security risk. The shadow file is added to address this security risk. You can view the permissions for the/etc/shadow file through Ls-l.

[Email protected] ~]# ls-l/etc/shadow

----------. 1 root root 699 February 5 04:28/etc/shadow

Small conclusion:

①useradd is the Add User command, which changes/etc/passwd,/etc/shadow,/etc/group,/etc/gshadow.

②PASSWD is the set User Password command, which changes the/etc/shadow.

V. Configuration files related to user groups

/etc/group #用户组配置文件

/etc/gshadow #用户组影子文件

Small conclusion:

①groupadd Add user will change/etc/group,/etc/gshadow.

② Use the ID user name to view user information.

Six, time stamp

1. Overview

With Ls-lhi, the 7th, 8, and 93 columns are time (the default is the modification time), generally divided into three categories:

Modify Modify time-mtime generally modify the contents of the file

Change time-ctime file property changes

Access time-atime accessing file contents

2. Format display time attributes

[Email protected] ~]# ls-l--time-style=long-iso/root

Total Dosage 40

-RW-------. 1 root root 1140 2018-02-05 04:28 anaconda-ks.cfg

-rw-r--r--. 1 root root 21736 2018-02-05 04:28 Install.log

-rw-r--r--. 1 root root 5890 2018-02-05 04:25 install.log.syslog

3. View the time properties of a file

[Email protected] ~]# Stat/root

File: "/root"

size:4096 blocks:8 IO block:4096 Directory

device:803h/2051d inode:2359297 Links:3

Access: (0550/dr-xr-x---) Uid: (0/root) Gid: (0/root)

access:2018-02-06 20:18:54.888133301 +0800

modify:2018-02-05 05:54:15.286465595 +0800

change:2018-02-05 05:54:15.286465595 +0800

Vii. Other

The 10th column file name is not in the inode, but in the block of the machine directory.

Welcome Attention
Sina Weibo: https://weibo.com/yougazhang0506
Public platform: Zhang Yujia

My site: http://www.zhangyujia.cn
51CTO Blog: http://blog.51cto.com/11099293
csdn Blog: http://blog.csdn.net/u013260195
github:https://github.com/zhangyujia0506/

10-linux Basic Primer (eight)-user and group and timestamp basis for file and directory attributes and permissions