Review and improvement of small white 5

Review and improvement of Xiao Bai

User and file Rights management

File

R ability to perform view file contents of commands such as Cat

W ability to edit and delete file contents

X can commit the kernel to run

Directory

R can use LS to view the files in the directory (can not use LL)

W can create files within the directory

X You can use CD to switch into this directory, or you can use Ls-l to view detailed information about internal files.

User UID/etc/passwd

Group GID/etc/group

Shadow password /etc/shadow user Password

/etc/gshadow Group password

Uid

Admin: 0

Normal Users: 1-65535

System User: 1-499 (no login system allowed)

General Users: 500-6000

User Group classification

Administrators group

Normal Group

System Group

General Group: Basic Group (default group), private group (when creating a user, if the owning group is not specified for it,

A group with the same name as the user is automatically added to it), additional groups (groups other than the default group)

cat/etc/passwd

Account Login name

passwd Password (not visible)

UID User ID

GID Group ID

Comment notes

Home Directory

Shell User Default shell

Cat/etc/shadow

Account: Login Name

passwd: "The password (asterisk means the account is locked, double exclamation mark indicates that the password has expired.) Strange string is beginning with $6$, indicating that it is encrypted with SHA-512, $1$ indicates that it is encrypted with MD5, $2$ is Blowfish encryption, $5$ "is encrypted with SHA-256. ）

Password modification Time: (indicates the date that the password was last modified and the number of days apart from 1970-1-1)

Password can not change the number of days: If the number is 8, the 8 days cannot change the password, if it is 0, it is ready to change.

The password needs to be modified for the duration: if it is 99999 then never change. If it is another number such as 12345, then the password must be changed within 12,345 days from 1970-1-1, otherwise the password is invalid.

N days before the modification deadline warning: For example, you specify in the fifth of this year that the password must be modified, the system will be 6-20 from the n days before the corresponding user issued a warning.

Password expiration Grace: If this number is set to M, then the account expires within m days change password can be modified, after the account can continue to use.

Account Expiration Date: Assuming this date is X, as in the third, the date indicated by X is still the number of days apart from 1970-1-1, after X, the account expires. 】

User

(The content from the above "" is from the Internet)

Useradd Adding users

- u UID (>500, and not used)

- G GID (Basic Group) (Group to exist)

- G GID (additional group) (can have multiple)

-C Comment Comment

-d+ path Specifies home directory (default/home/username)

-S path Specifies shell

- m do not create home directory

- R Add a system user

Userdel Deleting a user

- R Delete user at the same time delete user home directory (without the-R , the default does not delete the user home directory)

ID View user account information

-U

-G

-G

-N

Usermod Modify the account information

- u UID (>500, and not used)

- G GID (Basic Group) (Group to exist)

- G GID (Overwrite the original add-on group)

-a-g Append additional group, does not overwrite the original additional Zu

-C Comment Comment

-d+ path Specifies a new home directory (no access to content in the old home directory)

-d-m Specify the new home directory and move the old home directory files to the new home directory

-S path Specifies the shell (/sbin/nologin this shel does not allow the user to log on)

- L Rename

- L Lock Account

- u unlock Account

passwd [UserName]

--stdin reading passwords from standard input

- L Lock User

- u unlock user

- d Delete user password (linux disable blank password login)

- N Shortest use period

- x maximum lifespan

Group

Groupadd Adding groups

-G GID

- R Add System group (System user no home directory)

Groupmod Modifying group properties

-G GID

- N Modify Group name

Groupdel Deleting a group

GPASSWD add password to group

chage changing password information

- D most recent modification time

- m minimum term of use

- m maximum lifespan

- W warning time

-I inactivity time (after password change)

- E Expiration Time

Rights Management

Chown Change the owner of the file (only administrators can use it)

- R Modify the owner of the directory and its internal files

--reference=/path/to/somefile file Change the owner of the back to the same as before

Chownusername:groupnamefile1,file2 ' ... Change the owner of the genus Group at the same time

Chown: groupNamefile1,file2 ' ... Change the genus Group

chmod changing file permissions

U owner

G Same group of users

o Other People

A everyone

777

744

75--"075

chmodMODEfile,file1 ....

- R permissions to modify the directory and its internal files

--reference=/path/to/somefile file Change the following permissions to the same as before

Modify permissions for a class of users

chmod User category =modefile1,file2.

chmodU=rwx,go=rx file1

chmod User category + (-) MODE file,file2 ...

Umask: Masking Code

Default: Root 022

Normal 002

File 666-umask (file default does not have EXECUTE permission, if the result of the calculation contains EXECUTE permission, then its permissions are automatically added 1)

Catalogue 777-umask

Review and improvement of small white 5