Users, groups, and permissions
Token tokens
3 A authentication:
Authentication Certification
Authorization authorization
Accouting| Audition Audit
admin: Root, 0
Administrative group: root, 0
Normal Group:
System groups: 1-499, 1-999
General Group: 1000+
Linux security Contexts (context)
Running programs: Process processes
Run as the process initiator:
Root:/bin/cat
Mage:/bin/cat
The ability of a process to access a resource does not depend on the journey itself, but on the identity of the process's runner! ‘
Categories of Linux groups:
Primary Group of Users: (primary) Primary Group
The user must belong to one and only one
The group name is the same as the user name and contains only one
Additional groups for users: secondary (auxiliary group)
A user can belong to 0 or more groups
Primary profiles for users and groups:
/etc/passwd
Touch/run/nologin prohibit all normal users from logging in
The role of VIPW: changing the user's
VIGR Change the Master's
Cat/etc/shadow
Md5sum can calculate the hash value
Authconfig--passalgo=sha256--update Specify hash value
Generally with SHA512 encryption!
Salt
The number represents the algorithm, the second $ represents the salt salt, the third $ and the password and the salt.
BINGJUNXI:$6$QYOTZQZM$UUYMXFBOTXWB77YR3OH3J5LNKGAZAEBEONPGTSEV2NGSLBOU8DU8EZUDYCSKC66N2FDPSTEURVVXY16BZ40FP. : 16938:0:99999:7::: (Behind is the distance time is how many days
: 999999 Maximum Validity: 7 Indicates a few days before the alarm
If you want to lock your account, add one before $! Unable to login, lock account
PASSWD-E Bingjunxi causes user password to expire
Groupmems-a Bingjunxi-bin
Groups ID view the owning primary auxiliary group
Groupmems-a Bingjunxi-g Bin
-G = Group name
-a-d= User Name
-G increase user-a increased staff?
Chage command
Chage-d 0 Bingjunxi can get the command to expire immediately
-E Account Validity
-L Display Password policy
Chage-m 0-m 42-w 14-i 7 Bingjunxi
-E 2016-09-10
User Management commands
Useradd Create
Usermod modification
Userdel Delete-R Delete thoroughly
chmod 777 Giving all permissions
Getent passwd root can display this user's file directory
Cat/etc/default/useradd can view the user's default properties
Useradd-n do not create groups with the same name
-u can add ID number
-O can continue to add different in the group home directory
-g Specifies the primary group with the-G plus Auxiliary Group
-C User's comment information
-D plus directory auto-generated, automatically set attribute permissions
-s Specifies the shell type to use/bin/bash or/csh
-R
-D Display Properties
Usermod-a using additional append groups and-G mates auxiliary groups
-l Disable, shackle-u unlock
-L change user name Usermod-l Laoli li
-D new Home directory is not automatically created, the original directory files will not be moved to the new home directory at the same time, to create a new home directory with-M use
Groupadd Add a group
echo Redhat | passwd--stdin Natsha directly change the password to Redhat
/etc/default/useradd
/etc/skel/*
/etc/login.defs
NewUsers passwd format files for batch creation of users
CHPASSWD Batch Modify user commands
Newusers/path/to/file This file is the same character as the file format in passwd
Create users in bulk,
Batch password file
Format: User name: passwd
Cat/path/to/file | chpasswd
There is no home directory at this time. The beginning of the file,
Finally, all the files in the/etc/skel/directory are tested to each user's home directory, and the normal terminal displays
SU User Switching
Su-Switch completely
Su non-logon switch, will not read the configuration file, change the current working directory
echo "Password" |passwd--stdin USERNAME
Groupadd-n group_name New Name
Gruopdel Bingjunxi Delete a group
If you can't delete it, it proves that someone is treating this group as a primary group
Usermod-g bin Bingjunxi
When you change the properties of the primary group, you can immediately delete the
Gpasswd-a Wang Bin adding users to a specified group
Permissions: Permission
Right: Rights
Chmod:change Mode Modify Permissions
chmod opt per file
Who:u,g:o, all
U: Owner g: Owning group O: all others: All
opt:+,-, =, add permissions + Remove permissions--give more =rwx directly
Per:r W x
Chomd-r a=rwx dir2/-R equals recursion gives everyone a directory of DIR2
x only permissions on the directory are granted for execution, no permissions on the file
Chown
Change the file owner or directory
Chown Bin/var/tmp/fstab
CHGRP Reorganization Owner
Chown Bin:bingjunxi F1
Logoin.defs
Default permission + umask = 777 | 666
If this is the default permission for a directory, add Umask =777
If it is a file +umask=666
Umask-p >> BASHRC Direct effective output can be called
-S mode display
Su-root-c ' cat/etc/shadow ' direct command
Suid must be in
Basic command user management related content learning