CENTOS6, 7 User and Rights management
The reason for setting up user and Rights management mechanism is to realize the isolation between users and to form a separate space.
Each user has different access rights and cannot operate with more permissions
1. Start with the user's classification first
Users are divided into:
Administrator: Root
Ordinary users (also divided into):
System User: Only for running the service program;
Login User: Normal users of system resources;
If there is only a username, and the computer does not recognize the name, only the number is recognized, so each user name corresponds to a purely numeric
User ID, which is called User ID
User id: UserID, UID (16bits binary number:0-65535;)
Admin: 0
Normal User:
System users:
CentOS5, 6:1-499
centos7:1-999
Normal User:
centos5,6:500+
centos7:1000+
With the user name and user ID, how the computer makes one by one corresponds to a row by a file, this process is called the
User name resolution.
Name resolution: Name translation;
Parse Library: username<--> UID
/etc/passwd : User name, UID and other attribute information analysis Library;
2. Since there are so many users, how to manage the user, you need to have an organization to classify its management, so there is the concept of user groups, group name, group ID, group resolution and the process of creating a user the same
Group categories are divided into:
Administrators group:
Normal user group (also divided into):
System Group:
centos5,6:1-499
centos7:1-999
Login Group:
centos5,6:500+
centos7:1000+
Group name resolution: groupname<--> GID
Analytic Library:/etc/group
Group Category: User- centric
User's primary group: Basic Group;
Additional groups for users: additional groups;
Group Category: divided by users accommodated within the group
Private group: Same as user name, and only one user;
Public group: Multiple users are included in the group;
Authentication mechanism: The user is indeed the person he claims to be;
By comparing the prior storage, and the information provided at the time of login is consistent;
3. Location of user and group repositories:
User's certification information base:/etc/shadow
Certification information base for groups:/etc/gshadow
Password: Encrypted storage, using one-way encryption mechanism;
One-way encryption: Only can encrypt, cannot decrypt; extract data signature;
Same data: Encryption results are the same;
Fixed-Length output:
Types of algorithms for passwords:
Md5:message Digest, 128bits
Sha1:secure hash Algorithm, 160bits
sha224
sha256
sha384
sha512
4. Administrative commands for users and groups:
Group: Groupadd, Groupmod, Groupdel
Users: Useradd,usermod, Userdel
Certification: passwd
Note: The skillful use of commands and the flexibility of option
5. About permissions management for users and groups
User and Rights Management:
What is the process security context:
Process: Runs a program file, usually initiated by a user, and the process runs as the initiator;
determine whether the initiator of the process is the same as the owner of the file, and if so, access it in the owner's capacity, thus applying the master permission; otherwise
determines whether the initiator of the process belongs to a group of files and, if so, the group permission; Apply "Other" permissions
6. File System file permissions say what types of users are authorized:
Three types of users:
Master: Owner, U
Genus Group: Group, G
Others: Other, O
Permissions:
R:readable, readable
W:writable, writable
X:excutable, executable
7. Rights Management for files and directories:
File:
R: Can obtain the data of the file;
W: can modify the data of the file;
X: This file can be run as a process;
Directory:
R: You can use the LS command to get a list of all the files under it, but you can not use "ls-l" to get details, nor can you CD to this directory;
W: You can modify the list of files in this directory, that is, you can create or delete files in this directory;
X: You can use the "ls-l" command to get the detailed property information of the file under it, or CD to this directory;
8. The combination mechanism of the key Understanding authority is represented by numbers:
Take owner as an example:
---000 0
--x 001 1
-w-010 2
-WX 011 3
r--100 4
R-x 101 5
RW-110 6
RWX 111 7
The above should be remembered,
Example: drw_rw_r__ The corresponding permission number is 664
Flexible use of commands:
Chmod
Chgrp
Remark: Umask code is what, how to modify and use mechanism
Centos 6, 7 User Rights Management