Linux File Permissions learning record

1, the security of Linux

1.1/etc/passwd File

Store user's login name and related information

#cat/etc/passwdroot:x:0:0:root:/root:/bin/bash

The root user account is the system administrator, UID and GID are 0,1-500 for the system users, 501-65535 for ordinary users.

The file contains seven fields: User name; password; uid;gid; description; home directory; default Shell. Field contents can be modified by command

1.2/etc/shadow file

Password file, and provide more control, only the root to access the/etc/shadow, each user has a corresponding record

#cat/etc/shadowbin:*:15980:0:99999:7:::d aemon:*:15980:0:99999:7:::

The file contains nine fields: User name, password after encryption, the number of days since the last change of password, how many days before the password can be changed, how long it will take to change the password;

1.3 Adding a new user

/usr/bin/useradd Add user defaults stored in/etc/default/useradd,-d option to view default values

[[email protected] ~]# useradd -dgroup=100                      #GID为100的公共组HOME =/home                     #HOME存放于 /home/usernameinactive=-1                    #用户密码过期后不会被禁用EXPIRE =                        #未设置过期日期SHELL =/bin/bash                #默认SHELLSKEL =/etc/skel                 #系统将/etc/skel files are copied to the home directory, When the prompt appears bash1.1 is lost home directory files, can be copied over create_mail_spool=yes        # Create a file to receive mail in the Mail directory

Useradd command-line arguments

-C Comment	Add a note to a new user
-D Home_dir	Specify home directory Location
-E Expire_date	Specify an account expiration date with YYYY-MM-DD
-F Inactive_days	The number of days after the password expires disable the account, 0 means immediate, 1 means disable this feature
-G group_name	Specify the owning group name or GID
-U UID	Assigning a unique UID to an account
-G Group ...	Specify additional groups
-M	Create a home directory
-K	Copy the/etc/skel/* to the account home directory, which must be used with-m
-M	Do not create home directory

-N	Create a new group with the same login name
-R	Create a System account
-P passwd	Set a default password
-S Shell	Set the default shell

Useradd parameters for modifying default values

-B Default_home	Modify default Home Directory
-E Expiration_date	To modify the default expiration time
-F Inactive	Change the default password expiration to the number of days disabled
-G Group	Modify the default ancestor name or GID
-S Shell	Modify the default shell

# useradd-d-s/bin/bash Modify Default Shel

1.4 Deleting a user

Userdel User name only deletes the corresponding user information in/etc/passwd

Userdel-r User name the home directory and the Mail directory are deleted together. Use with caution

1.5 Modifying users

Usermod

Modify the Account field, commonly-C modify the notes,-e Modify the expiration date,-G Modify the login group,-l modify the logon name,-L lock account cannot be modified and deleted,-p Change Password,-u unlock

passwd and CHPASSWD

passwd username

CHPASSWD read the user password pair from the file and change the password

CHPASSWD < User.txt

Chsh quickly modify the default Shell,shell must use the full path

Chsh-s/bin/bash Test

CHFN Modifying notes

CHFN Test

Chage Set User validity period

-d The number of days the password was last modified to now

-e Set Password expiration date

-I set the number of days the password expires to locked

-m minimum number of days between password changes

How long before the-w password expires

2. Using a Linux Group

2.1/etc/group File

Save User Group Information

[Email protected] ~]# Cat/etc/grouproot:x:0:bin:x:1:bin,daemondaemon:x:2:bin,daemonsys:x:3:bin,adm

Group name: Group Password: GID: Five fields belonging to the reorganized user list

Note: When a user group is specified in the user's/etc/passwd, that user does not appear in/etc/group as a group member

2.2groupadd Creating a new group

2.3 Modifying a group

Groupmod-g Modifying an existing group of GID

-N Modify the name of an existing group

3. File permissions

[Email protected] ~]# ls-ltotal 44-RW-------. 1 root root 1149 Oct 23:20 anaconda-ks.cfg-rw-r--r--. 1 root root 25830 Oct 23:20 install.log-rw-r--r--. 1 root root 7345 Oct 23:18 install.log.syslog

The first character is file type:-ordinary file; d directory; L represents link; C character device; B device; n Network device

The following three groups of 3 characters of the encoding corresponds to the owner: Genus Group: Other users Read and write permissions, R for readable, W writable, x executable

3.1 Default file permissions Umask

[Email protected] ~]# umask0022

Umak more complex simple introduction, the first bit is sticky bit, followed by octal, directory default permissions 777, normal file default 666

777-022 is the default permission to create a directory 755 create default permissions for normal files 644

4. Change Permissions

chmod permissions File

Two types: 1, digital form r->4 w->2 x->1

chmod 777 File

2, the character represents u user G Group O other A above all

+ Add permission-delete Permission = Set permission to

chmod a+x file full Add execution permissions

Change the ownership relationship

Chown User:group File

Chown User.group File

Chown. group File

SUID SGID need further information

Linux File Permissions learning record