Linux User groups and permissions

If we want to access the system resources, we need to log into the system as a user, the user identity has a unique identifier (UID) in the system, when accessing a file resource, it will first detect whether the user has access permissions, and then detect whether the file is open to this user access.

First, the user

    什么是用户？用户在系统中是能够访问资源的标识符。一个用户可以属于多个组。    用户分类：            管理员root，UID为0            普通用户：UID范围1-65536                    系统用户：UID范围1-499                    一般用户：UID范围500-65535            （如果用户的数量超过65535，就使用32进制做标识符）

Second, the group

    什么是组？组是一个容器，用来存放用户的容器，一个组可以有多个用户。    用户组类别，可以分为：系统组和一般组，也可以分为：私有组，基本组和附加组；私有组：创建用户时，如果没有指定用户所属组，那么系统会自动为其出创建一个与用户名相同的组；一般组：用户的默认组；附加组：默认组以外的其它组。

Third, the Authority

Determines whether the user has access to the resource.

    Use ls-l/etc/passwd to analyze the listed content: [[[email protected] ~]# ls-l/etc/passwd-rw-r--r--. 1 root root 856 June 10:45/etc/passwd First-: Indicates the type of file rw-: Represents the user's rights, r indicates that the user has Read permission, W indicates that the user has Write permission,-indicates that the user has not            Row permissions.            r--: Represents the permissions that the user of the owning group has, and R indicates that the user of the owning group has Read permissions-indicating that the user of the owning group does not have write permissions-the user who represents the group does not have permission to execute.            r--: Represents the permissions that other users have, and R indicates that other users have read permissions-that other users do not have write permissions-that other users do not have permission to execute.            Root root: Represents the users and groups to which the/etc/passwd file belongs.            856: File size, Unit bytes.            June 12 10:45: File last modified (modify) time.            /etc/passwd: File name.                   (Above is just an example, different file information different) permissions in detail: Permission binary represents octal representation---000 0               No permissions--x 001 1 Execute Permissions-w-010 2 Write permissions-wx 011 3 Write and Execute permissions r              -100 4 Read access R-x 101 5 Read and Execute Permissions rw-110 6 read and Write permissions rwx 111 7 Read and write execution permissions for a file, such as 755 for the Rwxr-xr-x permission, to indicate that the user to which the file belongs has read and write execution permissions, the user of the owning group has reading and execution permissions, and the other user has read and Execute permissions    , where x indicates that the file has permission to run, and for the directory x means that it can go to this directory, you can use the LS and other commands to enumerate the view file, write W permission for the file to delete, modify the file content, r Read permission can use the cat and other commands to view the contents of the file. For user student, if you want to use a command such as cat to view the contents of a file, first see if the user has permission to execute the cat command, and if so, to see the user and group of the file files, if the file belongs to the student user and has R permissions, Then you can view the contents of the file, if it does not belong to the student user, but this student user in the file files belong to the group, and this group has R permissions, then student can also view the contents of the file, in addition, if the file files have other user-readable permissions,    You can also view the contents of a file. It is important to note that the root user is not constrained by permissions.

Iv./etc/passwd,/etc/group,/etc/shadow Documents

1./ETC/PASSWD files that store user-related information

    如 root:x:0:0:root:/root:/bin/bash 冒号作为分隔符    root表示用户名    x表示密码占位符    0用户uid    0用户组gid    root所属组    /root家目录    /bin/bash登陆后运行的bash程序    （查看哪些是系统中的合法shell，可以查看/etc/shells）

2./etc/group Group related Information

    查看内容如：bin:x:1:bin,daemon 冒号分隔符    bin组名称    x密码占位符    1组gid    bin，daemon属于bin组的用户

3./etc/shadow

    部分内容：student:$6$XeP2QJOX$Po/4iCJKdoWX4tTytGCG4022pFZ5oK53vzdW7Gt7AsiAh1mtyKm1xnAwdw/7B6517D02anKwZmToQR04L87n41:17698:0:99999:7::: ，冒号分隔    第一段student表示用户名    第二段中$6$XeP2QJOX$，XeP2QJOX这个密码标识，6表示加密算法；Po/4iCJKdoWX4tTytGCG4022pFZ5oK53vzdW7Gt7AsiAh1mtyKm1xnAwdw/7B6517D02anKwZmToQR04L87n41这段表示加密后的密码    第三段17698表示从1970-1-1开始到最近一次修改密码的时间    第四段0表示密码最短使用期限，0表示不做限定    第五99999段表示密码最长使用期限，99999表示不做限制    第六段7表示密码快失效的警告时间，7意味着距离密码失效还剩7天就发出警告    第七段表示密码非活跃时间，也就是说你可以登陆，但必须更改密码    第八段密码失效时间    第九段保留字段，没其他作用    （在第二段中有些是！！或者 * 号，这表示禁止此用户登录）

V. Summary

root管理员用户不受任何权限的约束，需要注意。加密方法：        对称加密：加密和解密使用同一个密码        公钥加密：每个密码都成对儿出现，一个为私钥(secret key)，一个为公钥(public key)        单向加密，散列加密：提取数据特征码，常用于数据完整性校验                    1、雪崩效应                    2、定长输出                            MD5：Message Digest, 128位定长输出                            SHA1：Secure Hash Algorithm, 160位定长输出

Linux User groups and permissions