1 Linux security Model: (Multi-tasking, multi-user operating system)
1) Use user and group to control the user's storage permissions on the file.
2) User login to Linux using account and password
3) Each file has owner (creator), owner belongs to a group
4) Each program has owner and group
2 User Overview
1) Each user has a unique userid---UID
2) User information is stored in/etc/passwd
/ETC/PASSWD: Store user name and home directory information (name, X (for password) UserID, group Id,home information)
/etc/shadow: The current user's password is stored (the password database of the system's current account)
The 8 colons are divided into 9 columns:
Account name (corresponds to password)
Password: (MD5 algorithm encryption)
Date Modified: (starting from 1970.1.1 to 0, 1 per day)
The number of days the password cannot be modified, 0 means any time
The number of days the password has been modified, referring to the time when the password was enforced, 99999 means no
Number of days the password needs to be modified
Days of grace after password expiration
The expiration date of the account will not be available after the specified date
Reserved extensions
3) Each USR has a home directory
4) User unauthorized will prohibit read and write to execute other user's files
5) Root user interpretation: Super Administrator account, with the supremacy of the authority; generally do not use the root login and operating system (the cost of error is very large)
3 User Groups Overview
1) Each user belongs to a group with a unique identifier GID
2) group information stored in/etc/group
/etc/group: Storing information such as GID members
/etc/shadow: Can set the password, the password is saved here, user belongs to group, has group's permission
3) Each user is associated with a group with the same name as the user: Each user exists at least in the group with their own name (the system automatically creates a group with the same name when the new user is added); The user can join other group, can belong to more than one group at the same time
4) Members of the same group can share files of other members; Group cannot be arbitrarily modified, resulting in confusion of correspondence
Linux users, groups and other users