Concepts of Linux users, groups, and permissions

Users, groups, and permissions

Security context:

1. Permissions

Examples of permission definitions:

File:

Tom and Jerry Run/tmp/inittab.new Tom (owner) Tom (group)

TOM:
Ls/tmp/inittab.new
Jerry:
Ls/tmp/inittab.new
Will only run Tom because the owner of the process is Tom.

Three primary permissions for the user:

R,w,x

File:
R: Readable, you can use similar commands such as cat to view the contents of the file;
W: writable, can edit or delete this file;
X: Executable, excutable, can be at the command prompt as a command to submit to the kernel to run; (File not recommended)

Directory:
R: You can perform LS on this directory to list all internal files;
W: can create a file in this directory (can delete depending on the permissions of the file itself)
X: You can switch to this directory using the CD, or you can use Ls-l to view the details of the internal files; (no x permission can only use LS cannot use-l) (directory can have)

An example of a permission description:
Rwx
r--: Read-only
R-x: Read and Execute
---: No permissions

0 000. ---: No permissions

1 001,--x: Execute Permissions

2 010,-w-: Only Write permission

3 011,-wx: Write and Execute

4, r--: Read Only

5 101, R-x: Read and Execute

6, rw-: Read and Write

7 111, Rwx: Read and write execution

Permissions Example:

755:
111 101 101
RWX r-x R-x

Rw-r-----
110100000
640

660:110.11 million
RW-RW----

rwxrwxr-x:775

2. User

Users: UID,/ETC/PASSWD
Group: GID,/etc/group

Parsing: Name resolution, www.sohu.com--"IP

Shadow password (user password is usually stored below):
Users:/etc/shadow
Group:/etc/gshadow

User categories for Linux:
Admin: 0

Normal Users: 1-65535
System users: 1-499

General Users: 500-60000

3. User groups

Administrators group:
Normal Group:
System Group:
General Group:

User Group Category:
Private group: When you create a user, a group that has the same name as the user is automatically created if the owning group is not established for it
Basic group, (default group): Default group for users
Additional groups, additional groups: groups other than the default group

Off-topic: The process is an executable file, and whether the file can run depends on the identity of the initiator.

What is passwd can see how many man in the cipher data
Man 5 passwd can query Help information

The password (/etc/passwd) attribute is detailed (left to right):

1.account: Login Name
2.password: Password (if display x placeholder proof password not shown in shadow)
3.UID: User ID number
4.GID: Basic Group ID
5.comment: Note The user release information (some are empty)
6.HOME dir: Home directory
7.SHELL: User's default SHELL

Cat/etc/shell can see which shells are legitimate

Cat/etc/shadow View Shadow

The password (/etc/shadow) attribute is detailed (left to right):
1.account: Login Name
2.encrypted Password: encrypted password, $XXXXX $ (ID) after the password

Encryption method:
Symmetric encryption: Encrypt and decrypt using the same password
Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key
One-way encryption (hash encryption): Extract data Signature---also known as fingerprint encryption, often used for data integrity check
1, Avalanche effect (butterfly Effect): Change a little bit can affect the check code
2. Fixed length output
Common algorithms:
Md5:message digest,128 bit fixed-length output (md5sum file name)
Sha1:secure Hash algorithm,160 bit fixed length output

Encrypt password The first eight bits of impurities can distinguish the password
See shadow inside Password account is * or!! Indicates a user lock cannot log on

3. Number of days since the password was changed from 1970 to the last modified time

4. Minimum password usage period

5 . Maximum password usage period

6. Number of warning days before the password expires

7. Number of days (grace period) that can elapse after the password expires before the user is disabled

8. Clearly defined starting from 1970 to one period password is disabled

9. Reserved fields

This article is from the "My Redhat Study Record" blog, so be sure to keep this source http://xanxus21.blog.51cto.com/10829527/1951253

Concepts of Linux users, groups, and permissions