---------- other genera
Security contexts (Secure context)
Any time a user operates a computer is nothing more than initiating a process, so the process is the agent of the user operating the computer, so when the process runs, it must be running as the user who initiated it. Therefore, the process can access which files, depending on the process's own permissions and the resources or files that it wants to access the permissions, the process is determined by the security management of the system resources of the properties of the automatic completion, of course, is actually managed by the kernel to complete.
Permissions: R,w,x
File:
R: Readable, you can view the contents of the file using commands like Cat
W: writable, can edit or delete this file
X: Executable, exacutable, can be submitted to the kernel at the command prompt as a command to run
Directory:
R: You can perform LS on this directory to list all internal files
W: You can create files in this directory
X: You can switch to this directory using a CD, or you can use Ls-l to view the details of internal files
Rwx
0---: No permissions
1 001--x: Executable
2 010-w-: Write
3 011-wx: Write and Execute
4 r--: Read-only
5 101 R-x: Read and Execute
6 rw-: Read and Write
7 111 rwx: Read and write execution
Users: UID,/ETC/PASSWD
Group: Gid,/etc/group
Shadow Password:
Users:/etc/shadow
Group:/etc/gshadow
User Category:
Super User (Admin): id=0
Normal User: id=1-65535
System User: id=1-999
General Users: id=1000~
User Group Category:
Administrators group:
Normal Group:
System Group:
General Group:
User Group Category:
Private group: When a user is created, a group with the same name as the user name is automatically created if the group to which it belongs is not specified
Basic groups: Default values for users
Additional groups, additional groups: groups other than the default group
# cat /etc/passwd:
Account: Login Name
passwd: Password (displayed as x placeholder, password information stored in/etc/shadow)
UID: User ID
GID: Basic Group ID
Comment: Notes
Home dir: Home directory
Shell: User's default shell
# cat /etc/group:
Account: Login Name
passwd: Password placeholder
UID: User ID
The list of users with this group as a supplement, without which is empty
# cat /etc/shadow:
Login Name: Login name
Encrypted passwd: encrypted password
Date Password change: Password Last modified
Minimum password Age: Minimum password life
Maximum password Age: Maximum password lifetime
Password warning Period: Warning time to user when password is about to expire
Password inactivity period: grace period (Intermediate period of time before account is disabled after password expires)
Account Expiration Date: Accounts disabled time
Reserved field: Reserved fields
# cat /etc/gshadow:
Group Name: Team Name
Encrypted Password: encrypted password
Administrators: Managing person
Members: Group member
# cat /etc/default/useradd: Useradd configuration file
Useradd defaults file
group=100
Home=/home (Specify home directory for users)
Inactive=-1 (grace period for password modification)
expire= (empty stands for indefinite use)
Shell=/bin/bash
Skel=/etc/skel
Create_mail_spool=yes
Encryption method:
|
Symmetric encryption |
Public Key Cryptography |
One-way encryption (hash encryption) |
|
Encrypt and decrypt using the same password |
Each password appears in pairs, one for the private key (Serect key) and one for the public key |
Extract data signatures (unique), often used for data integrity checks |
Encryption speed |
Fast |
Slow |
1. Avalanche effect 2, fixed-length output (MD5, SHA1) |
Key length |
Short |
Long |
Md5:message Digest (Information Digest), 128-bit fixed-length output
Sha1:secure Hash algorithm,160 bit fixed-length output (more secure)
Linux user profiles and permissions