Basic command user management related content learning

Users, groups, and permissions

Token tokens

3 A authentication:

Authentication Certification

Authorization authorization

Accouting| Audition Audit

admin: Root, 0

Administrative group: root, 0

Normal Group:

System groups: 1-499, 1-999

General Group: 1000+

Linux security Contexts (context)

Running programs: Process processes

Run as the process initiator:

Root:/bin/cat

Mage:/bin/cat

The ability of a process to access a resource does not depend on the journey itself, but on the identity of the process's runner! ‘

Categories of Linux groups:

Primary Group of Users: (primary) Primary Group

The user must belong to one and only one

The group name is the same as the user name and contains only one

Additional groups for users: secondary (auxiliary group)

A user can belong to 0 or more groups

Primary profiles for users and groups:

/etc/passwd

Touch/run/nologin prohibit all normal users from logging in

The role of VIPW: changing the user's

VIGR Change the Master's

Cat/etc/shadow

Md5sum can calculate the hash value

Authconfig--passalgo=sha256--update Specify hash value

Generally with SHA512 encryption!

Salt

The number represents the algorithm, the second $ represents the salt salt, the third $ and the password and the salt.

BINGJUNXI:$6$QYOTZQZM$UUYMXFBOTXWB77YR3OH3J5LNKGAZAEBEONPGTSEV2NGSLBOU8DU8EZUDYCSKC66N2FDPSTEURVVXY16BZ40FP. : 16938:0:99999:7::: (Behind is the distance time is how many days

: 999999 Maximum Validity: 7 Indicates a few days before the alarm

If you want to lock your account, add one before $! Unable to login, lock account

PASSWD-E Bingjunxi causes user password to expire

Groupmems-a Bingjunxi-bin

Groups ID view the owning primary auxiliary group

Groupmems-a Bingjunxi-g Bin

-G = Group name

-a-d= User Name

-G increase user-a increased staff?

Chage command

Chage-d 0 Bingjunxi can get the command to expire immediately

-E Account Validity

-L Display Password policy

Chage-m 0-m 42-w 14-i 7 Bingjunxi

-E 2016-09-10

User Management commands

Useradd Create

Usermod modification

Userdel Delete-R Delete thoroughly

chmod 777 Giving all permissions

Getent passwd root can display this user's file directory

Cat/etc/default/useradd can view the user's default properties

Useradd-n do not create groups with the same name

-u can add ID number

-O can continue to add different in the group home directory

-g Specifies the primary group with the-G plus Auxiliary Group

-C User's comment information

-D plus directory auto-generated, automatically set attribute permissions

-s Specifies the shell type to use/bin/bash or/csh

-R

-D Display Properties

Usermod-a using additional append groups and-G mates auxiliary groups

-l Disable, shackle-u unlock

-L change user name Usermod-l Laoli li

-D new Home directory is not automatically created, the original directory files will not be moved to the new home directory at the same time, to create a new home directory with-M use

Groupadd Add a group

echo Redhat | passwd--stdin Natsha directly change the password to Redhat

/etc/default/useradd

/etc/skel/*

/etc/login.defs

NewUsers passwd format files for batch creation of users

CHPASSWD Batch Modify user commands

Newusers/path/to/file This file is the same character as the file format in passwd

Create users in bulk,

Batch password file

Format: User name: passwd

Cat/path/to/file | chpasswd

There is no home directory at this time. The beginning of the file,

Finally, all the files in the/etc/skel/directory are tested to each user's home directory, and the normal terminal displays

SU User Switching

Su-Switch completely

Su non-logon switch, will not read the configuration file, change the current working directory

echo "Password" |passwd--stdin USERNAME

Groupadd-n group_name New Name

Gruopdel Bingjunxi Delete a group

If you can't delete it, it proves that someone is treating this group as a primary group

Usermod-g bin Bingjunxi

When you change the properties of the primary group, you can immediately delete the

Gpasswd-a Wang Bin adding users to a specified group

Permissions: Permission

Right: Rights

Chmod:change Mode Modify Permissions

chmod opt per file

Who:u,g:o, all

U: Owner g: Owning group O: all others: All

opt:+,-, =, add permissions + Remove permissions--give more =rwx directly

Per:r W x

Chomd-r a=rwx dir2/-R equals recursion gives everyone a directory of DIR2

x only permissions on the directory are granted for execution, no permissions on the file

Chown

Change the file owner or directory

Chown Bin/var/tmp/fstab

CHGRP Reorganization Owner

Chown Bin:bingjunxi F1

Logoin.defs

Default permission + umask = 777 | 666

If this is the default permission for a directory, add Umask =777

If it is a file +umask=666

Umask-p >> BASHRC Direct effective output can be called

-S mode display

Su-root-c ' cat/etc/shadow ' direct command

Suid must be in

Basic command user management related content learning