I. Users and Groups
1. User
The system is used to authenticate (authentication), authorize (Authorization), Audit (autition) accounts. Log in to the system by logging in to the user. The operating system invokes a process or program that corresponds to a permission by logging in to different users, or it can be said that the user is a collection of permissions that can obtain system resources.
2. Classification of users
Linux users are divided into 2 categories, namely administrator users and ordinary users.
Administrator User: Root, the user with the greatest privileges, can invoke any resource of the system. Its uid is 0
Ordinary users: Ordinary users are also divided into 2 categories, respectively, the system users and users logged in.
System users: To ensure that the system starts the basic service normal operation of the user, generally cannot log in. Note that there are also system users who can log in to ensure that important programs run. Its UID is 1-499 (CentOS6) or 1-999 (centos7+)
Logged in User: General user, used to log in and use the system. Its UID is 500-60000 (CentOS6) or 1000-60000 (centos7+)
3. Group
A group is a collection or container of users who can inherit the permissions of a group using system resources.
4. Classification of groups
There are 3 ways to categorize groups.
Group Category 1:
Administrators group: Root group, the most privileged group, with GID of 0
Normal User group:
System Group: A group of system users whose GID is 1-499 (CentOS6) or 1-999 (centos7+
Logon group: A group of logged-in users whose GID is 500-60000 (CentOS6) or 1000-60000 (centos7+)
Group Category 2:
Basic Group: A group of the same user name generated when the user was created, with only one
Additional groups: In addition to groups outside the base group, you can have a number of
Group Category 3:(feeling is another term for basic groups and additional groups)
Private groups.
Public groups.
5. Password
Passwords are the credentials that users need to log on to the system or switch groups, which are stored in/etc/shadow and/etc/gshadow files.
Password recommends using a random password, the shortest length is not less than 8 bits, while using uppercase letters, lowercase letters, numbers, punctuation characters of at least 3 classes, and regularly replaced.
Linux uses one-way encryption, with md5,sha1,sha224,sha256,sha384,sha512 a total of 6 encryption algorithms.
6./etc/passwd,/etc/shadow,/etc/group,/etc/gshadow, documents
UID (UID), GID (GID): Because the computer hardware can recognize only binary code, the memory used to store users and groups of information is 16bits, so the total value is 0-65536. Uid,gid are user names and group names that are stored in computer memory, and they are parsed by configuration files/etc/passwd and/etc/group.
(1)/etc/passwd: User's information base
The format is:
Name:passwd:uid:gid:gecos:directory:shell
Name: User Name
passwd: Password, can be an encrypted password, or it can be a placeholder x
UID: User ID number
GID: The ID number of the primary group to which the user belongs
Gecos: Comment Information
Directory: User's home directory
Shell: Default shell for the user, default shell program at logon
(2)/etc/shadow: User's password Vault
Format is
Username: encrypted Password: The last time the password was modified: Minimum Age: Maximum Age: Warning Period: Password disable period: Expiration period: Reserved field
(3)/etc/group: Information base of the group
The format is:
Group_name:password:GID:user_list
Group_name: Group Name
Password: group password (used when different groups of users switch groups, CHGRP command)
GID: Group ID number
User_list: User member of this group, the user list of users with this group as a supplement
(4)/etc/gshadow: Password vault for the group
7. Related commands
(1) useradd: Add User
Format: useradd [options] Login
-u,--uid UID: Specify UID
-g,--gid Group: Specifies the base group ID, which must exist beforehand
-c,,--comment Comment: Specifying annotation information
-g,--groups group1[,group2, ... [, GROUPN]] : Indicates the additional group to which the user belongs, separated by commas between multiple groups
-d,--home Home_dir: The home directory of the user with the specified path, copy/etc/skel this directory and rename the implementation, if the specified home directory path exists beforehand, the environment profile will not be copied for the user
-s,--shell Shell: Specifies the user's default shell, and all available shell lists are stored in/etc/shells
-r,--system: Creating a System User
-M: Do not create user home directory
Note: Many of the default configuration files when creating a user are /etc/login.defs
Useradd-d: Displays the default configuration for creating users
Useradd-d Options: Modify the value of the default option
The modified results are saved in the /etc/default/useradd file
(2) Usermod: Modify user-related properties
Format: usermod [options] Login name
-u,--uid UID: Modify UID number
-g,--gid Group: Modify the base group to which the user belongs, must exist
-g,--groups group1[,group2, ... [, GROUPN]] : Modify the additional group to which the user belongs: The original additional group is overwritten
-a,--append: Used with-G to append a new additional group to the user
-c,--comment Comment: Modifying annotation information
-d,--home Home_dir: Modify the user's home directory
-m,--move-home: Can only be used with the-D selection to move the original home directory to a new home directory
-s,--shell Shell: Modifying the user's default shell
-l,--login new_login: Modify user Name
-l,--lock: Lock user password: That is, before the original password string to add a '! ’
-u,--unlock: Unlocking the user's password
(3) Userdel: Delete User
Format: Userdel [options] Login
-R: Delete the user's home directory while deleting it
(4) Groupadd: Add Group
Format: groupadd [options] Group_name
-G GID: Specifies GID, default is gid+1 of previous group
-R: Creating a System Group
(5) Groupmod: Modifying the related properties of a group
Format: groupmod [options] GROUP
-G GID: modifying GID
-N new_name: Modify Group name
(6) Groupdel: Deleting a group
Format: Groupdel GROUP
(7) passwd: Modify user Password
Format: passwd [-K] [-l] [-u [-f]] [-d] [-e] [-N mindays] [-X Maxdays] [-W warndays] [-I inactivedays] [-S] [--stdin] [Username]
1, passwd Modify the user's own password
2, passwd USERNAME: Modify the password of the specified user, but only root has this permission
-l,-u: Lock, unlock user password
-D: Clear user password
-e Date: Expiration period, date
-I days: inactivity period
-N days: Minimum period of use
-X days: Most frequently used period
-W Days: Warning period
--stdin:echo "PASSWORD" | passwd--stdin USERNAME
(8) gpasswd: Adding a password to a group
Format: gpasswd [options] Group
-A USERNAME: adding users to a group
-D USERNAME: Removing users from a group
(9) NEWGRP: Temporarily switch the specified group to the base group
Format: newgrp [-] [group]
-: Impersonate the user to log back in to initialize their working environment
(Ten) ID: Displays the user's true and valid ID
Format: ID [OPTION] ... [USER]
-U: Show only valid UID
-G: Displays only the user's base group ID
-G: Displays only the IDs of all groups to which the user belongs
-N: Display name instead of ID
(one) su:switch user
Logon switching: Re-initialized by reading the user's configuration file
Su-username
Su-l USERNAME
Non-logon switchover: Initialization of the target user's profile is not read
Su USERNAME
Common methods:-C ' COMMAND ': run the command specified here only as the specified user
II. Rights Management
1. Permissions
As mentioned earlier, users log on to the system to invoke the process to implement the system, based on security considerations, not every user can call the same process or important system background process, which requires permissions to manage. At the same time, one of the principles of liunx, everything is a file, so in essence is the right management of the file.
And the process applies the model to the access rights of the file
Whether the owner of the process and the owner of the file Same, if you want to, apply Master permissions
Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, apply the group permissions
Otherwise, you can only apply other permissions
2. Combination of permissions
Display mode for permissions: rwxrwxrwx
Top three: Represents the permissions of a master user
Medium Three-bit: represents permissions for group users
Post three-bit: Indicates permissions for other users
The conversion of the combination and the 8 binary to
---0
--x 1
-w-2
-WX 3
r--4
R-x 5
Rw-6
RWX 7
3 . Permissions for Files
take/etc/passwd as an example , execute ll/etc/passwd
-rw-r--r--. 1 root root 1801 December 10:36/etc/passwd
R:readable, which represents the data that can be obtained from a file
W:writable, which represents the data of a modifiable file
X:excutable, which indicates that this file can be run as a process
4 . Permissions for the directory
Take/etc/rc.d as an example, perform ll-d/etc/rc.d
Drwxr-xr-x. Root root 4096 March 6 2015/etc/rc.d/
R:readable, which means you can use the LS command to get a list of all the files under it
W:writable, which means that you can modify the list of files in this directory, that is, create or delete files
X:excutable, which means you can CD to this directory, and you can use Ls-l to get detailed property information for all files
5. Related Commands
(1)chmod: Modify file Permissions
Format: chmod [OPTION] ... Mode[,mode] ... FILE ...
chmod [OPTION] ... Octal-mode FILE ...
chmod [OPTION] ...--reference=rfile FILE ...
3 Types of user shorthand: U: Owner, G: Group, O: Other, A: all
1. chmod [OPTION] ... Mode[,mode] ... FILE ...
Mode notation:
Empowerment notation: Direct manipulation of the ownership limit for a class of users
u=
g=
o=
A=
Authorization notation:
u+,u-
g+,g-
o+,o-
a+,a-
2. chmod [OPTION] ... Octal-mode FILE ...
(Octal is 0-7)
3. chmod [OPTION] ...--reference=rfile FILE ...
(citation modified)
Options:
-R,--recursive: Recursive modification (authorization notation used more)
(2) Chown: The owner and the group
Format: chown [OPTION] ... [OWNER] [: [GROUP]] FILE ... (or the.)
chown [OPTION] ...--reference=rfile FILE ...
Options:
- R: Recursive modification
(3) chgrp: Change Group
format: chgrp [OPTION] ... GROUP FILE ...
CHGRP [OPTION] ...--reference=rfile FILE ...
(4) umask: File permissions reverse mask, mask code
File:
666-umask
Directory:
777-umask
Note: The file is reduced by 666 because the file cannot have Execute permission by default: Add 1 if the number minus has execute permission.
Format: umask: View current Umask
Umask MASK: Set umask
Note: This type of setting is only valid for the current shell process
Reference: http://linuxme.blog.51cto.com/1850814/347086/
This article is from the "give me a piece of two-foil" blog, please be sure to keep this source http://theneverland.blog.51cto.com/10714090/1722615
Analysis of Linux users, groups and rights management