Centos 6, 7 User Rights Management

CENTOS6, 7 User and Rights management

The reason for setting up user and Rights management mechanism is to realize the isolation between users and to form a separate space.

Each user has different access rights and cannot operate with more permissions

1. Start with the user's classification first

Users are divided into:

Administrator: Root

Ordinary users (also divided into):

System User: Only for running the service program;

Login User: Normal users of system resources;

If there is only a username, and the computer does not recognize the name, only the number is recognized, so each user name corresponds to a purely numeric

User ID, which is called User ID

User id: UserID, UID (16bits binary number:0-65535;)

Admin: 0

Normal User:

System users:

CentOS5, 6:1-499

centos7:1-999

Normal User:

centos5,6:500+

centos7:1000+

With the user name and user ID, how the computer makes one by one corresponds to a row by a file, this process is called the

User name resolution.

Name resolution: Name translation;

Parse Library: username<--> UID

/etc/passwd : User name, UID and other attribute information analysis Library;

2. Since there are so many users, how to manage the user, you need to have an organization to classify its management, so there is the concept of user groups, group name, group ID, group resolution and the process of creating a user the same

Group categories are divided into:

Administrators group:

Normal user group (also divided into):

System Group:

centos5,6:1-499

centos7:1-999

Login Group:

centos5,6:500+

centos7:1000+

Group name resolution: groupname<--> GID

Analytic Library:/etc/group

Group Category: User- centric

User's primary group: Basic Group;

Additional groups for users: additional groups;

Group Category: divided by users accommodated within the group

Private group: Same as user name, and only one user;

Public group: Multiple users are included in the group;

Authentication mechanism: The user is indeed the person he claims to be;

By comparing the prior storage, and the information provided at the time of login is consistent;

3. Location of user and group repositories:

User's certification information base:/etc/shadow

Certification information base for groups:/etc/gshadow

Password: Encrypted storage, using one-way encryption mechanism;

One-way encryption: Only can encrypt, cannot decrypt; extract data signature;

Same data: Encryption results are the same;

Fixed-Length output:

   

Types of algorithms for passwords:

Md5:message Digest, 128bits

Sha1:secure hash Algorithm, 160bits

sha224

sha256

sha384

sha512

4. Administrative commands for users and groups:

Group: Groupadd, Groupmod, Groupdel

Users: Useradd,usermod, Userdel

Certification: passwd

Note: The skillful use of commands and the flexibility of option

5. About permissions management for users and groups

User and Rights Management:

What is the process security context:

Process: Runs a program file, usually initiated by a user, and the process runs as the initiator;

determine whether the initiator of the process is the same as the owner of the file, and if so, access it in the owner's capacity, thus applying the master permission; otherwise

determines whether the initiator of the process belongs to a group of files and, if so, the group permission; Apply "Other" permissions

6. File System file permissions say what types of users are authorized:

Three types of users:

Master: Owner, U

Genus Group: Group, G

Others: Other, O

Permissions:

R:readable, readable

W:writable, writable

X:excutable, executable

7. Rights Management for files and directories:

File:

R: Can obtain the data of the file;

W: can modify the data of the file;

X: This file can be run as a process;

Directory:

R: You can use the LS command to get a list of all the files under it, but you can not use "ls-l" to get details, nor can you CD to this directory;

W: You can modify the list of files in this directory, that is, you can create or delete files in this directory;

X: You can use the "ls-l" command to get the detailed property information of the file under it, or CD to this directory;

8. The combination mechanism of the key Understanding authority is represented by numbers:

Take owner as an example:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7

The above should be remembered,

Example: drw_rw_r__ The corresponding permission number is 664

Flexible use of commands:

Chmod

Chgrp

Remark: Umask code is what, how to modify and use mechanism

Centos 6, 7 User Rights Management