Users, groups, and permissions
I. Permissions: r, w, x
1. File Permissions:
R: readable. You can use commands like cat to view the file content;
W: writable. You can edit or delete this file;
X: executable, eXacutable, which can be submitted to the kernel as a command at a command prompt;
2. directory permissions:
R: You can execute ls for this directory to list all internal files;
W: You can create files in this directory;
X: You can use cd to switch to this directory, or you can use ls-l to view the details of internal files;
3. Three permissions:
Rwx: readable and executable
R --: Read-Only
R-x: read and execute
---: No permission
4. octal representation:
0 000 ---: no permission
1 001 -- x: Run
2 010-w-: Write
3 011-wx: Write and execute
4 100 r --: Read-Only
5 101 r-x: read and execute
6 110 rw-: read/write
7 111 rwx: read/write execution
Example: 755: rwxr-xr-x
Rw-r -----: 640
660: rw-rw ----
Rwxrwxr-x: 775
2. Users and user groups
1. File paths of users and groups:
User: UID,/etc/passwd
Group: GID,/etc/group
2. Shadow password: (path of the real password file)
User:/etc/shadow
GROUP:/etc/gshadow
3. user category:
Administrator: 0
Common users: 1-65535
System User: 1-499
Average User: 500-60000
4. User Group category:
Administrator group: 0
Common group: 1-65535
System group: 1-499
General group: 500-60000
5. User Group category:
Private Group: if you do not specify a group for a user, the system automatically creates a group with the same name as the user name.
Basic group: default group of the user
Additional group: other than the default group
6. Explanation of 7 paragraphs in/etc/passwd: (username: Password: UID: GID: Note: Home Directory: default SHELL)
1). account: Login Name
2). password: password
3). UID:
4). GID: basic group ID
5). comment: comment
6). home dir: HOME Directory
7). SHELL: the user's default shell
7. The meaning of section 4 in/etc/group: group name: Password: GID: list of users in the group attached to this group
8. explanation of the meaning of section 8 in/etc/shadow: (username: Password: last password change time: shortest term: maximum term of use: warning time: inactive time: expiration time :)
1). account: Login Name
2). encrypted password: the encrypted password, $ in the middle of which is salt
9. encryption method:
Symmetric encryption: the same password is used for encryption and decryption.
Public key encryption: Each password becomes a pair. One is a private key and the other is a public key)
One-way encryption and hash encryption: extracts data signatures, which are often used for data integrity verification.
1. avalanche effect
2. fixed-length output
MD5: Message Digest, 128-Bit fixed-length output
SHA1: Secure Hash Algorithm, 160-Bit fixed-length output
Iii. management commands
1. User management commands: useradd, userdel, usermod, passwd, chsh, chfn, finger, id, chage
1). useradd [options] USERNAME
-U UID
-G GID (basic group)
-G gid,... (additional group)
-C "COMMENT"
-D/path/to/directory
-S SHELL
-M-k
-M
-R: Add a system user
2). userdel [option] USERNAME
-R: Delete the user's home directory at the same time.
3). id: view the user's account attributes
-U
-G
-G
-N
4). finger: view User Account Information
Finger USERNAME
5). usermod: Modify user account attributes
-U UID
-G GID
-A-g gid: If the-a option is not used, the existing additional group is overwritten;
-C
-D-m:
-S
-L
-L: locked the account
-U: Unlock the account
6). chsh: Modify the user's default shell
7). chfn: Modify the comment.
8). passwd: Password Management
Passwd [USERNAME]
-- Stdin
-L
-U
-D: Delete the user password.
9). pwck: Check the integrity of the user account
2. group management commands: groupadd, groupdel, groupmod, and gpasswd
1). groupadd: Creates a group.
-G GID
-R: Add as system group
2). groupmod
-G GID
-N kgname
3). groupdel
4). gpasswd: set a password for the group.
5). newgrp attributes <--> exit
6). chage: change the password usage time
-D: last modification time
-E: expiration time
-I: inactive time
-M: minimum service life
-M: maximum service life
-W: warning time
3. permission management: chown, chgrp, chmod, umask
1). chown: Change the file owner (Only Administrators can use this command)
Format: chown USERNAME file ,...
Chown USERNAME: Maid file ,...
Chown USERNAME. kgname file ,...
-R: Modify the owner of the Directory and its internal files
-- Reference =/path/to/somefile file ,...
2). chgrp: Change the file group
Format: chgrp kgname file ,...
-R: Recursion
-- Reference =/path/to/somefile file,... modify the group that is the same as the somefile file
3). chmod: Modify file permissions
Format: chmod MODE file ,...
-R: recursive change
-- Reference =/path/to/somefile file,... modify the same permissions as the somefile file
4) modify the permissions of a certain type of users or certain types of users: u, g, o,
Format: chmod user category = MODE file ,...
5) modify the permissions of a certain user: u, g, o,
Format: chmod user category + |-MODE file ,...
Iv. Special Permissions
The special permissions are also three: s, s, t
1. SUID: when running a program, the owner of the corresponding process is the owner of the program file rather than the initiator;
Format: chmod u + s FILE, chmod u-s FILE
Note: If the FILE itself has the execution permission, the SUID is displayed as s; otherwise, the execution permission is displayed as S;
2. SGID: when running a program, the group of the corresponding process is the group of the program file itself, rather than the basic group of the initiator;
Format: chmod g + s FILE, chmod g-s FILE
Note: If the FILE itself has the execution permission, the SUID is displayed as s; otherwise, the execution permission is displayed as S.
3. Sticky: In a public directory, each file can be created and deleted, but other files cannot be deleted;
Format: chmod o + t DIR, chmod o-t DIR
Note: If the FILE itself has the execution permission, SUID is displayed as t; otherwise, T is displayed.
V. umask: mask code
Default file permission: 666-umask
Default Folder permission: 777-umask
The default value of special permissions is 0.
Default mask code: umask = 0022
Change mask code: umask 0023
Note: by default, a file cannot have the execution permission. If the calculation result has the execution permission, add 1 to the permission;
Recommended reading:
The Linux system administrator must not know the command: sudo
Add Administrator Account in Ubuntu
How to use commands forcibly kicked out of users by administrators in Linux
11 Common commands for Linux/Unix administrators
New Linux administrator Guide
Ubuntu-Super administrator root login