Linux User group Permissions explained

User Category

• User Category
  • Administrator ID 0
  • Normal User ID 1-65535
    • System User ID centos7:1-999 centos6:1-499
    • Log in user ID centos7:1000-60000 centos6 500-60000
• User Information Sheet/etc/passwd

Group

• Group
  • Admins group GID 0
  • General user group GID 1-65535
    • System user group: GID 1-499 (CentOS6), 1-999 (CentOS7)
    • Login user group: GID 500-60000 (CentOS6), 1000-60000 (CentOS7)
  • Group Information Table/etc/group

Certification Information

• Certification Information
  • Whether the information provided by the login is consistent with the prior storage of the data;
  • Password
    • /etc/shadow
    • /etc/gshadow
  • Encryption algorithm:
    • Symmetric encryption: Encryption and decryption using the same key;
    • Asymmetric encryption: A pair of keys used to encrypt and decrypt; about 3 times times slower than symmetry.
      • Key pair:
        • Public key: Publicly key encryption
        • Private key: Decryption
    • One-way encryption: can only encrypt, not decrypt; extract data signatures; like MD5.
      • Fixed-length output: For example MD5 32-bit hex
      • Avalanche effect: Change a little, beyond recognition
      • Algorithm:
        • Md5:message Digest, 128bits 2**128
        • Sha, 160bits
        • sha224
        • sha256
        • sha384
        • sha512

/ETC/PASSWD User List Introduction

Get help

[[email protected] ~]# whatis passwdsslpasswd (1ssl)     - compute password hashespasswd (1)           - update user‘s authentication tokens[[email protected] ~]# man 1 passwd

Field Explanation:	name	Password	UID	GID	GECOS	Directory	Shell
User name	Can be an encrypted password, but also a placeholder x;	Uid	ID number of the primary group to which the user belongs;	Comment Information	User's home directory	The default shell of the user, the default shell program at logon;
Marvin	X	1000	1000	Marvin	/home/marvin	/bin/bash

/etc/shadow User account Information Introduction

Get help:

[[email protected] ~]# whatis shadowshadow (3)           - 加密密码文件工具函数shadow (5)           - 影子化了的密码文件

field interpretation and Settings:

Maximum

User name	Encrypted Password	last time the password was modified	minimum period of use	usage period	Period of warning	Expiration period	Absolute Expiration period
Marvin	$6$bo6gfcbnbxupeuqh$marp57l/uidh ...	17639	0	99999	7	10	--
Marvin	By $ split, the first paragraph represents the encryption method 6:sha512, the second is the salt, and the third is the encrypted data	17639 (from 1970 to last password days) 0: Indicates that the password must be changed, NULL indicates that the function is not enabled	How many days to use at least to change the password again	From last modified time + maximum usage days	7 Days Advance warning	Change Password time +99999+10 days have not been modified, account lockout can not be logged in, can only change the password	Expiry time
-	-	Passwd-e Zander	Passwd-n 6 Zander	Passwd-x Zander	Passwd-w Zander	Passwd-i Zander	USERADD-E 2018-04-25 Zander
-	-	Chage-d 1 Zander	Chage-m Zander	Chage-m Zander	Chage-w Zander	Chage-i 0 Zander	CHAGE-E 2018-04-25 Zander

/etc/group User Group Introduction

group_name	Password	GID	user_list
Marvin	X/etc/gshadow	1000	Marvin User members of the group; A list of users with this group as additional groups

Management Command Introduction Groupadd

To add a group:

[[email protected] ~]# groupadd mygrp1

To add a specified group:

[[email protected] ~]# groupadd   -g 1009 mygrp5

To add a system group:

[[email protected] ~]# groupadd   -r  mygrp6[[email protected] ~]# groupadd   -r  mygrp7mygrp6:x:996:mygrp7:x:995:

To add a system-specific group:

[[email protected] ~]# groupadd   -r -g 993  mygrp8mygrp8:x:993:[[email protected] ~]# groupadd   -r -g 13  mygrp10[[email protected] ~]# groupadd   -r   mygrp11mygrp10:x:13:mygrp11:x:991:

To modify a group:

[[email protected] ~]# groupmod -g 1011  mygrp11[[email protected] ~]# groupmod -n mygrp12  mygrp11

To delete a group:

[[email protected] ~]# groupdel mygrp9

Useradd

Common Options Description:

-U,--uid uid: Specifies UID;
-G,--gid Group: Specifies the base group ID, which must exist beforehand;
-G,--groups group1[,group2,... [, GROUPN]] : Indicates the additional group to which the user belongs, separated by commas between multiple groups;
-C,--comment Comment: Specify the annotation information;
-D,--home Home_dir: The user's home directory with the specified path,/etc/skel this directory by copying and renaming the implementation; The specified home directory path does not replicate the environment profile for the user if it exists beforehand;
-S,--shell Shell: Specifies the user's default shell, and all available shell lists are stored in the/etc/shells file;
-R,--system: Create System user;
-M create home directory, typically automatically created if this option is not available and the create_houme is not turned on, the home directory will not be created
-M do not create home directory

Default Create user adds a private group

[[email protected] ~]# useradd zanderzander:x:1001:1002::/home/zander:/bin/bashzander:!!:17640:0:99999:7:::   #密码zander:x:1002:                #组

Specify group: Group must exist

[[email protected] ~]# useradd -g 1001  zander1

Add Comment

[[email protected] ~]# useradd -c ‘for test‘  zander2zander2:x:1003:1003:for test:/home/zander2:/bin/bash

Adding additional groups

[[email protected] ~]# useradd -g 1001 -G 1002,1003  zander3[[email protected] ~]# useradd -g 1001 -G 1002,1003  zander34zander3:x:1004:1001::/home/zander3:/bin/bashmygrp:x:1001:zander:x:1002:zander3,zander34     组名：x:id:附加成员zander2:x:1003:zander3,zander34

Specify home Directory

[[email protected] ~]# useradd -d /tmp/zander4 znader4[[email protected] ~]# cat /tmp/zander4/.bash.bash_logout   .bash_profile  .bashrc

Specify Shell

[[email protected] ~]# cat /etc/shells/bin/sh/bin/bash               #登入用户/sbin/nologin           #不能登入/usr/bin/sh/usr/bin/bash/usr/sbin/nologin[[email protected] ~]# useradd -s /usr/sbin/nologin  zander5marvindeMacBook-Pro:~ marvin$ ssh [email protected][email protected]‘s password:This account is currently not available.Connection to 192.168.1.102 closed.

Create a system user (does not create a home directory)

[[email protected] ~]# useradd -r  zander6zander6:x:998:996::/home/zander6:/bin/bash

Do not create home directory

[[email protected] ~]# useradd -M  zander7marvindeMacBook-Pro:~ marvin$ ssh [email protected][email protected]‘s password:Could not chdir to home directory /home/zander7: No such file or directory-bash-4.2$

Setting a password expiration period does not set a permanent period

[[email protected] ~]# useradd -f 8 zander9zander9:!!:17640:0:99999:7:8::

Set an absolute expiration time

[[email protected] ~]# useradd -e 2018-01-20 zander14

Usermod

Common Options Description:

-U,--uid UID: Modifies the user's ID to the new UID specified at this point;
-G,--gid Group: Modifies the basic group to which the user belongs;
-G,--groups group1[,group2,... [, GROUPN]] : Modify the additional group to which the user belongs, and the original additional group will be overwritten;
-A,--append: used in conjunction with-G to append new additional groups to the user;
-C,--comment Comment: Modify the annotation information;
-D,--home Home_dir: Modify the user's home directory, the user's original files will not be transferred to the new location;
-M,--move-home: can only be used with the-D option to move the original home directory to a new home directory;
-L,--login new_login: Modify user name;
-S,--shell Shell: Modifies the user's default shell;
-L,--lock: Lock the user password, i.e. add a "!" before the user's original password string. ；
-U,--unlock: Unlocks the user's password;

Modify Home Directory

[[email protected] test]# usermod  -d  /home/test/3 -m  zander11

Lock

[[email protected] test]# usermod -L zander17

Unlock

[[email protected] test]# usermod -U zander17

Change an additional group

[[email protected] test]# usermod -G  1016 zander17

Append additional groups

[email protected] test]# usermod -a -G  1016 zander17[[email protected] test]# id zander17uid=1016(zander17) gid=1016(zander17) groups=1016(zander17),1015(zander15)

Userdel

Remove Common options R Delete home directory

[[email protected] test]# userdel -r zander17userdel: user zander17 is currently used by process 70106

File and folder permission descriptions

1. File:
   2. R: Can obtain the data of the file;
   3. W: can modify the data of the file;
   4. X: This file can be run as a process;
2. Directory:
   6. R: You can use the LS command to get a list of all the files under it;
   7. W: Can modify the list of files in this directory, that is, create or delete files;
   8. X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;

Talk about the meaning of additional groups in the file folder

GPASSWD Set additional group password if the attached group does not have a password, users who are not in the attached group cannot switch to the additional group

[[email protected] ~]# gpasswd marvinChanging the password for group marvinNew Password:Re-enter new password:

Normal user deletes the root file under the additional group directory

[[email protected] tmp]# pwd/tmp#test 目录组属于zander用户[[email protected] tmp]# ll -d testdrwxrwxr-x. 2 root zander 6 Apr 21 15:48 test[[email protected] tmp]# cd test/#创建一个root的文件[[email protected] test]# touch a[[email protected] test]# ll-rw-r--r--. 1 root root 0 Apr 21 15:50 a#切换到marvin用户[[email protected] test]$ iduid=1000(marvin) gid=1000(marvin) 组=1000(marvin)[[email protected] test]$ echo 888 >> a-bash: a: 权限不够[[email protected] test]$ rm arm：是否删除有写保护的普通空文件 "a"？yrm: 无法删除"a": 权限不够#切换到zander组[[email protected] test]$ newgrp zander密码：[[email protected] test]$ iduid=1000(marvin) gid=1006(zander) 组=1006(zander),1000(marvin)[[email protected] test]$ echo 888 >> abash: a: 权限不够#删除成功[[email protected] test]$ rm arm：是否删除有写保护的普通空文件 "a"？y[[email protected] test]$ ls[[email protected] test]$

Linux User group Permissions explained