1, the security of Linux
1.1/etc/passwd File
Store user's login name and related information
#cat/etc/passwdroot:x:0:0:root:/root:/bin/bash
The root user account is the system administrator, UID and GID are 0,1-500 for the system users, 501-65535 for ordinary users.
The file contains seven fields: User name; password; uid;gid; description; home directory; default Shell. Field contents can be modified by command
1.2/etc/shadow file
Password file, and provide more control, only the root to access the/etc/shadow, each user has a corresponding record
#cat/etc/shadowbin:*:15980:0:99999:7:::d aemon:*:15980:0:99999:7:::
The file contains nine fields: User name, password after encryption, the number of days since the last change of password, how many days before the password can be changed, how long it will take to change the password;
1.3 Adding a new user
/usr/bin/useradd Add user defaults stored in/etc/default/useradd,-d option to view default values
[[email protected] ~]# useradd -dgroup=100 #GID为100的公共组HOME =/home #HOME存放于 /home/usernameinactive=-1 #用户密码过期后不会被禁用EXPIRE = #未设置过期日期SHELL =/bin/bash #默认SHELLSKEL =/etc/skel #系统将/etc/skel files are copied to the home directory, When the prompt appears bash1.1 is lost home directory files, can be copied over create_mail_spool=yes # Create a file to receive mail in the Mail directory
Useradd command-line arguments
-C Comment
|
Add a note to a new user
|
-D Home_dir
|
Specify home directory Location
|
-E Expire_date
|
Specify an account expiration date with YYYY-MM-DD
|
-F Inactive_days
|
The number of days after the password expires disable the account, 0 means immediate, 1 means disable this feature
|
-G group_name
|
Specify the owning group name or GID
|
-U UID
|
Assigning a unique UID to an account
|
-G Group ...
|
Specify additional groups
|
-M
|
Create a home directory
|
-K
|
Copy the/etc/skel/* to the account home directory, which must be used with-m
|
-M
|
Do not create home directory
|
-N
|
Create a new group with the same login name
|
-R
|
Create a System account
|
-P passwd
|
Set a default password
|
-S Shell
|
Set the default shell
|
Useradd parameters for modifying default values
-B Default_home
|
Modify default Home Directory
|
-E Expiration_date
|
To modify the default expiration time
|
-F Inactive
|
Change the default password expiration to the number of days disabled
|
-G Group
|
Modify the default ancestor name or GID
|
-S Shell
|
Modify the default shell
|
# useradd-d-s/bin/bash Modify Default Shel
1.4 Deleting a user
Userdel User name only deletes the corresponding user information in/etc/passwd
Userdel-r User name the home directory and the Mail directory are deleted together. Use with caution
1.5 Modifying users
Usermod
Modify the Account field, commonly-C modify the notes,-e Modify the expiration date,-G Modify the login group,-l modify the logon name,-L lock account cannot be modified and deleted,-p Change Password,-u unlock
passwd and CHPASSWD
passwd username
CHPASSWD read the user password pair from the file and change the password
CHPASSWD < User.txt
Chsh quickly modify the default Shell,shell must use the full path
Chsh-s/bin/bash Test
CHFN Modifying notes
CHFN Test
Chage Set User validity period
-d The number of days the password was last modified to now
-e Set Password expiration date
-I set the number of days the password expires to locked
-m minimum number of days between password changes
How long before the-w password expires
2. Using a Linux Group
2.1/etc/group File
Save User Group Information
[Email protected] ~]# Cat/etc/grouproot:x:0:bin:x:1:bin,daemondaemon:x:2:bin,daemonsys:x:3:bin,adm
Group name: Group Password: GID: Five fields belonging to the reorganized user list
Note: When a user group is specified in the user's/etc/passwd, that user does not appear in/etc/group as a group member
2.2groupadd Creating a new group
2.3 Modifying a group
Groupmod-g Modifying an existing group of GID
-N Modify the name of an existing group
3. File permissions
[Email protected] ~]# ls-ltotal 44-RW-------. 1 root root 1149 Oct 23:20 anaconda-ks.cfg-rw-r--r--. 1 root root 25830 Oct 23:20 install.log-rw-r--r--. 1 root root 7345 Oct 23:18 install.log.syslog
The first character is file type:-ordinary file; d directory; L represents link; C character device; B device; n Network device
The following three groups of 3 characters of the encoding corresponds to the owner: Genus Group: Other users Read and write permissions, R for readable, W writable, x executable
3.1 Default file permissions Umask
[Email protected] ~]# umask0022
Umak more complex simple introduction, the first bit is sticky bit, followed by octal, directory default permissions 777, normal file default 666
777-022 is the default permission to create a directory 755 create default permissions for normal files 644
4. Change Permissions
chmod permissions File
Two types: 1, digital form r->4 w->2 x->1
chmod 777 File
2, the character represents u user G Group O other A above all
+ Add permission-delete Permission = Set permission to
chmod a+x file full Add execution permissions
Change the ownership relationship
Chown User:group File
Chown User.group File
Chown. group File
SUID SGID need further information
Linux File Permissions learning record