First, the user group
1. User
1) Token token,identity
2) Linux Users: Username/uid
3) Administrator: root,0
4) Normal Users: 1-65535
System User: 1-499 (CentOS6), 1-999 (CentOS7) Assign permissions to the daemon to get resources
Login User: CENTOS6, 1000+ (CentOS7) Interactive Login
2 Group
1) Linux Group: Groupname/gid
2) Administrators group: root,0
3) General Group:
System Group: 1-499 (CentOS6), 1-999 (CentOS7)
General group: CentOS6, 1000+ (CentOS7)
3. Security context
Linux security context
Running programs: Processes (process)
Run as the process initiator:
Root:/bin/cat
Mage:/bin/cat
The permissions that a process can access resources depend on the identity of the process's runner
4. Categories of groups
Categories of Linux groups:
User's primary group (primary group):
The user must belong to one and only one primary group
The group name is the same as the user name and contains only one user: private group
Additional groups for users (supplementary group):
A user can belong to 0 or more secondary groups
5. Configuration files for user sessions and groups
Primary configuration files for Linux users and groups:
1)/etc/passwd: User and attribute information (name, UID, primary group ID, etc.)
Pwconv maps the passwords in the passwd to the/etc/shadow
Pwunconv de-mapping, password still in/etc/passwd
2)/etc/group: Group and its attribute information
3)/etc/shadow: User password and its related attributes
User Name Login name
Password bit passwd
The last modification time of the password
Minimum duration of password survival
Maximum lifetime of a password
How many days in advance before the password expires to remind users that they will expire
The number of days after the password expires after the user still does not change the password, triggers an account expiration
Account Expiration Time
Reserved bits
4)/etc/gshadow: group password and its related attributes
6. Group file format
1) Group name: is the group name
2) group password: usually do not need to set, password is recorded in/etc/gshadow
3) GID: Is the ID of the group
4) List of users with the current group as additional groups (comma delimiter)
7. Set the password
1) passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights
2) passwd: Change your password
3) Common options:
-L: Lock the specified user
-U: Unlock the specified user
-E: Force user to change password at next logon
-N mindays: Specifying the shortest period of use
-X maxdays: Maximum lifespan
-W Warndays: How many days in advance to start warning
-I inactivedays: Inactivity period
--stdin: Receive user password from standard input
8. User and Group management commands
1) User management commands Useradd, Usermod, Userdel
2) Group account maintenance Commands Groupadd, Groupmod, Groupdel
9. Switch users or execute commands as other users
SU Username represents a non-logon switch
Su-username indicates a login switch
Su-Indicates login root
When the current user is root, switch to another user without a password
Ii.. File permissions
1. File permissions
1) The permissions of the file are mainly defined for three types of objects: ower (owner, U), group (genus, G), Other (others, O).
2) Each file has three permissions defined for each type of visitor: r:readable, W:writeable, x:excutable
3) File:
R: Use the File View class tool to get its contents
W: can modify its contents
X: This file can be brought to the kernel to start as a process
4) Catalogue:
R: You can use LS to view the list of files in this directory
W: You can create files in this directory or delete files in this directory
X: You can use Ls-l to view a list of files in this directory, and you can enter this directory by CD
X: Only the directory and some X-permission files with x permission, do not give three permission bits completely without x file plus X
5) for documents
When only R permissions are on the file, the user can read the contents of the file: Cat less more head tail
Users can modify the contents of a file when only W permissions are on the file:>>
When only x permission is used on the file, no action is taken.
When RW permissions are on the file, the user can read and modify: Cat less more head tail vim nano > >>
When the RX permission is on the file, the user can execute the file
When WX permissions are applied to a file, permissions are equivalent to W permissions only.
Note: Common permissions for files are r--rw-rwx
6) for the catalogue
When only R permissions are in the directory, the user can list the file names in the directory in short.
When only W permissions function on the directory, nothing is used.
When only x permissions are in the directory, the user can access the directory, and the child file can be accessed if the specific file name is known and has relevant permissions.
When the RW permission is applied to the directory, the permissions are equivalent to the R permission only.
When the RX permission functions on the directory, the user enters, long lists.
When WX permissions are in the directory, users can enter and can create and delete files. But you cannot use the file name wildcard character
Note: Common Permissions for directories r-x rwx
Linux user groups and administrative permissions
