Linux Learning Diary--Basic Commands (5)--User and group concepts and management--file permissions

User and group management:

The following intervals differ from CENTOS6, and Centos7

          admin: root, 0
          Normal User: 1-65535
             System User: 1-499, 1-999
                 The permissions assigned to the daemon to get resources;
              Login User: 1000+,
                  Interactive login;

Linux Group: Groupname/gid
         Administrators group: root, 0
          Normal Group:
             System Group: 1-499, 1-999
              Normal group: 1000+

categories of groups :
Basic Group of users (primary group):
#组名同用户名, and contains only one user: private group
Additional Groups for users (additional groups): One user may belong to more than one group

Linux User and group related configuration files:
/ETC/PASSWD: User and its attribute information (name, UID, base group ID, etc.);
/etc/group: Group and its attribute information;
/etc/shadow: User password and its related attributes;
/etc/gshadow: group password and its related attributes;

  Linux security context:
          Running programs: Process

             Run as Process initiator:
                root:cat  Then cat runs
                tom:cat  with system administrator root privileges The permissions of the cat to run

             All resources that the process can access depend on the identity of the initiator of the process, with normal user Tom privileges;

Linux User and group related configuration files:
/ETC/PASSWD:Name:password:UID:GID:GECOS:directory:shell ( user name: Password: UID:GID:GECOS: Home directory: Default shell)
/etc/group:group_name:password:GID:user_list [group name: Group Password: GID: List of users with the current group as additional groups (comma delimiter)]
/etc/shadow: User password and its related attributes;

Username: encrypted Password: the date of the most recent password change: Minimum password Age: Maximum password Age: password warning Period: Password Disable period: Account expiration Date: Reserved field
/etc/gshadow: group password and its related attributes;

user and group-related administrative commands:
user created: Useradd
useradd [Options] LOGIN
-U UID: [Uid_min, Uid_max], defined in/etc/login.defs
-G GID: Indicates that the user belongs to the basic group, can be a group name, can also GID;
-C "COMMENT": User's comment information;
-d/path/to/home_dir: The home directory with the specified path;
-S Shell: Indicates the user's default shell program, the available list is in the/etc/shells file;
-G group1[,group2,... [, GROUPN]] : Specifies additional groups for the user, and the group must exist beforehand;
-r: Create a System user
CentOS 6:id<500
CentOS 7:id<1000

Default setting: In the/etc/default/useradd file

Delete User: Userdel
Userdel [OPTION] ... login
-r: Delete user home directory;

Group creation: Groupadd
Groupadd [OPTION] ... group_name

-G GID: Specifies the GID number; [Gid_min, Gid_max]
-r: Create a system group;
CentOS 6:id<500
CentOS 7:id<1000

Group deletion: Groupdel
Groupdel GROUP

User Property Modification: Usermod
usermod [OPTION] Login

-U uid: New UID
-G GID: New Basic Group
-G group1[,group2,... [, GROUPN]] : The new add-on group, the original additional group will be overwritten, if the original, you want to use the-a option at the same time, indicating append;
-S shell: new default shell;
-C ' COMMENT ': new annotation information;
-D Home: New home directory, files in the original home directory will not be moved to the new home directory at the same time, to move, then use the-M option;
-L login_name: new name;

-l:lock the specified user
-u:unlock the specified user

-E YYYY-MM-DD: Indicates the user account expiration date;
-F INACTIVE: set inactivity period;

add password to User: passwd
passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights
passwd: Modify your password;

Common options:
-L: Lock the specified user
-U: Unlock the specified user

-N mindays: Specifying the shortest period of use
-X maxdays: Maximum lifespan
-W Warndays: How many days in advance to start warning
-I inactivedays: inactivity period;

--stdin: Receive user password from standard input;
echo "PASSWORD" | passwd--stdin USERNAME

Group Password: gpasswd
GPASSWD [OPTION] GROUP

-A User: Adds the user to the specified group;
-D User: Removes additional groups of users with the current group as the group name

-A user1,user2,...: Set up a list of users with administrative rights

NEWGRP command: temporarily switch base Group;
If the user does not belong to this group, then the group password is required;

Group Property Modification: Groupmod
Groupmod [OPTION] ... group
-N group_name: New name
-G GID: New Gid;

To switch users or execute commands as other users: Su

How to switch users:
Su UserName: Non-login switch, that is, the target user's configuration file will not be read;
Su-username: Login switch, will read the target user's configuration file; switch completely;

Note:root Su to other users do not need a password, non-root user needs a password when switching;

To change the identity of the execution command:
Su [-] username-c ' COMMAND '

Options:
-L: "Su-l UserName" equals "Su-username"

File Rights Management:

The permissions for a file are defined primarily for three types of objects:
Owner: Master, u
Group: Genus, G
Other: Additional visitors, O

Each file has three permissions defined for each type of visitor:
R:readable Read
W:writable Write
X:excutable execution

File:
R: You can use the File View class tool to get its contents;
W: can modify its contents;
X: This file can be brought to the kernel to boot into a process;

Directory:
R: You can use LS to view the list of files in this directory;
W: You can create files in this directory, or delete files in this directory;
X: You can use Ls-l to view the list of files in this directory, CD access to this directory;

---000 0
--x 001 1
-w-010 2
-WX 011 3
r--100 4
R-x 101 5
RW-110 6
RWX 111 7

For example:
640:rw-r-----
Rwxr-xr-x: 755

Modify file permissions: chmod
chmod [OPTION] ... Octal-mode FILE ...

-R: Recursive Modify permissions

chmod [OPTION] ... Mode[,mode] ... FILE ...
MODE:
To modify all permissions for a class of users:
u=
g=
o=
ug=
A=
u=,g=

Modify one or some bit permissions for a class of users
u+
U-

chmod [OPTION] ...--reference=rfile FILE ...
Refer to the permissions of rfile file, change file to the same rfile;


Modify the owner of the file: Chown only the root is available;
chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

Usage:
OWNER
Owner:group
: GROUP

Note: The colon in the command is available. Replace;

-R: Recursive

chown [OPTION] ...--reference=rfile FILE ...

Modify the genus Group of files: Chgrp
CHGRP [OPTION] ... GROUP FILE ...
CHGRP [OPTION] ...--reference=rfile FILE ...

-R

Request Process Execution Permissions:

Premises: The process has a group of owners and genera;
(1) Any executable program file can be started as a process: depending on whether the initiator has EXECUTE permission on the program file;
(2) After initiating as a process, the owner of the process is the initiator, and the group of the process belongs to the initiator;
(3) When a process accesses a file, it depends on the initiator of the process:
(a) The initiator of the process, the owner of the same document: The application file is the master authority;
(b) The initiator of the process, belonging to the group of documents, the application file is a group of permissions;
(c) Application of the file "other" permission;

There are 3 special permissions on a Linux file or folder: Suid,sgid,sticky

      SUID
        
        files that have suid, when the user has execute permissions, is started as a process, the owner of its process is is the owner of the original program file ;

         permission settings:
            chmod u+s FILE ...
            chmod u-s FILE ...

       SGID
          By default, when a user creates a file, the group is the base group to which this user belongs;
         Once a directory has been set to Sgid, The group to which the user who has write permission to this directory belongs to a file that is created in this directory the genus group for this directory ;

         Permission settings:
            chmod g+s DIR ...
            chmod g-s DIR ...

        Sticky
          For a multi-person writable directory, if Sticky is set, each user can only delete their own files;
         #/tmp has sticky permissions by default to prevent users from deleting non-self files
         permission settings:
             chmod o+t DIR ...
            chmod o-t DIR ...

Masking code when a file or directory is created: Umask
File:0666-umask
Note: If there is an X permission in the result of a user with a class that has the permissions reduced, its permissions +1
Dir:0777-umask
The first of these is (SUID, SGID, Sticky)
Umask: View
Umask #: Setting

Linux Learning Diary--Basic Commands (5)--User and group concepts and management--file permissions