User and Rights Management:
1. What is the user?
User is the basis of implementing rights management, can indicate which users can be used (read, write, execute), resource allocation, is one of the core elements of security rights model.
2, no users, can you? OK
The role of password: User authentication, in multi-user operating system:
How to save Users---Repository: 1 users, 2 passwords
Name resolution: User IDentifier, UID
User containers: Groups, roles (role)
Group name, IDentifier, GID
Parse: Find the corresponding entry in the database according to the search code, and find the corresponding additional data process
can be used to store user data in the following ways:
Database
Text file
SQL database
LDAP database
User data file:/etc/passwd:
Encryption method:
Symmetric encryption: DES, 3DES, AES
Public Key cryptography: DSA, RSA
One-way encryption: Avalanche effect, fixed-length output, irreversible
MD5: Message digest message Digest algorithm, 128bits
SHA1: Secure hashing algorithm, secure hash algorithm 160bits
SHA256:
SHA512:
Password repository:/etc/shadow
TOM:MAGEEDUABCE, $6$ABCE$FKDLAGJDKALGHIO3QU4389QJTRKIEJGR
Jerry:mageeduxyzm $6$xyzm$878956ukijotrjiytoeutyvimyeuiore
Md5sum, Sha1sum
Group: User containers, roles
/etc/group
/etc/gshadow
Security context:
The running process has its owner and owner group:
Outline: Useradd, id, passwd, usermod, Chsh, Chage, CHFN, Userdel, Groupadd, Groupmod, Groupdel, Su
To create a user:
Useradd UserName
/ETC/PASSWD:
User name: x:uid: Basic Group Id:comment Info: HOME: Default shell
Useradd:adduser
-u uid: Specify UID
-G GID: Specifies the GID, which is the basic group of the specified user, but the GID must exist beforehand
-G GID: Specifies the user's additional group, the group must exist beforehand;
-d/path/to/somewhre:
-C "Comment":
-s/path/to/shell: Specifies the default shell, which should be specified using the shell that appears in the/etc/shells file;
-M: Forces the user to create a home directory when creating a user;
-M: Create user, but do not create home directory;
-r: Create a System user
id:1-499
Does not create a home directory for users
Default Shell is/sbin/nologin
-d:default, specifying a new default value for the user created by the Useradd command
Groupadd GrpName
-G GID: Create groups and assign GID to them
User Category:
Admin: 0
Normal Users: 1-65535
System users: 1-499
Login User: Researcher
User groups:
Administrators group
Normal Group
From a user perspective, groups can be of two types:
Basic Group: The Group of GID fields displayed in/etc/passwd, the basic group for the user;
Additional groups, additional groups:/etc/group
Userdel: Delete user, home directory is reserved by default
Format: Userdel UserName
-R: Delete home directory together
Summarize:
/etc/passwd:username:x:uid:gid:comment:home:shell
/etc/group:groupname:x:gid:user List
/etc/skel,/etc/default/useradd
Set User password: passwd
Normal User: passwd
Administrator:
Change your password: passwd
Change other user password: passwd UserName
Password security Policy: complex enough
long enough;
Cross-apply numbers, uppercase letters, small letters and at least three of the special types;
Try to avoid using easy-to-guess passwords;
Regular replacement;
/etc/shadow file Format:
UserName: Encrypted password: Last password modification time: Minimum lifespan: Maximum Age: Warning Interval: Inactive interval: Account expiration: Reserved segment
-L: Lock user
-U: Unlocking
Set group password: gpasswd GroupName
How to modify a user's property definition:
Modify user default Shell:chsh view current system available Shell #cat/etc/shells
Modify User comments: Chfn
Usermod:
-U UID:
-G GID:
-G GID: Default overrides the original additional group , and if it is added, use the-a option as well;
-C String:
-d/path/to/new_home: The user's home directory is not migrated by default , and if you are migrating, use-M
-S SHELL:
-L New_login_name:
-L: Lock user account
-U: Unlocking
How to modify a group property definition:
Groupmod:
-G GID
-N new_group_name:
Modify Account Date attribute: chage
-e--expiredate EXPIRE Date expired
-I--inactive inactive
-M--mindays
-M--maxdays
-W--warndays Warning date
To view user-related information ID:
ID UserName
-U: Display uid, used with-N to display user name
-G: Displays the base group ID, which is used with-N to display the base group name
-G: Show all group IDs, use with-N to display all group names
Summary of group Management related commands:
Groupadd
Groupmod
Groupdel
gpasswd
newgrp Pre-logon user temporarily added to an existing group
Su:switch User
To switch users:
Su Username
-L--login make the shell a login shell
-C--command ' command ' pass a single command to the shell With-c
# su-l User1-c ' ls-l-a '
Practice:
1, create a user Mandriva, whose ID number is 2002, the basic Group is distro (group ID 3003), the additional group is Linux;
# Groupadd Linux
# groupadd-g 3003 distro
# useradd-u 2002-g distro-g Linux Mandriva
2, create a user fedora, whose full name is Fedora Community, the default shell is tcsh;
# useradd-c "Fedora Community"-s/bin/tcsh Fedora
3, the change Mandriva ID number is 4004, the basic group is Linux, the additional group is distro and fedora;
# usermod-u 4004-g linux-g Distro,fedora Mandriva
4, to Fedora Plus password, and set its minimum password period of 2 days, the longest is 50 days;
# passwd Fedora
# chage-m 2-m Fedora
5. Change the default shell of Mandriva to/bin/bash;
#chsh-S/bin/bash mandriva
Linux User Management Class command summary