Linux Users and Groups

Source: Internet
Author: User
Tags decrypt parent directory stdin asymmetric encryption

Linux users and Groups


Security 3 A:

Authentication: Certification

Authorization: Authorization

Accouting| Audition: Audit


User:


User Category:: Administrator and regular user


Ordinary users are divided into: System Users and login users


User's identity: UID

Admin: 0

Normal Users: 1-65535

System User: 1-499 (CENTOS6) 1-999 (CENTOS7)

Login User: 500-60000 (CENTOS6) 1000-60000 (CentOS)


Group Category 1: Administrators group and normal group


Administrators group: Root 0

Normal User group: 1-65535

System User group: 1-499 (CENTOS6) 1-999 (CENTOS7)

Login User group: 500-60000 (CENTOS6) 1000-60000 (CentOS)


Group Category 2:

User's primary group, basic group, primary group:

The user must belong to one and only one primary group


Additional groups for users, secondary groups:

A user can belong to 0 or more secondary groups


Group Category 3:

Private group: The group name is the same as the user name and contains only one user

Public groups: Groups contain multiple users


Security context:

Running the program ==> process


Root:/bin/cat

Qiuwei:/bin/cat

When two users run the above program, the permissions of the process to access the resource depend on the identity of the process's runner,


How large a user's permissions are to access the resources



passwd

Use the man command to see the passwd format

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/50/wKioL1ef_afg1SnTAACOuFd_j34353.png "title=" Picture 1.png "alt=" Wkiol1ef_afg1sntaacoufd_j34353.png "/>

Name: Login user name (Qiuwei)

passwd: Password (X)

UID: User's identity number (1000)

GID: User Default group number (1000)

GECOS: User's full name or comment

Dierctory: User's home directory (/home/qiuwei)

Shell: The shell that the user uses by default

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/50/wKiom1ef_szD4V8DAAAyVceh9zA127.png "title=" Picture 1.png "alt=" Wkiom1ef_szd4v8daaayvceh9za127.png "/>

Take Sarah's user as an example:


Name: Login user name (Sarah)

passwd: Password (X)

UID: User's identity number (1241)

GID: User Default group number (1241)

GECOS: User's full name or comment (No comment information)

Dierctory: User's home directory (/home/sarah)

Shell: Shell==>/sbin/nologin used by the user by default


From the above can see passwd is not, the user's password is not stored in the/etc/passwd, but in the special store in/etc/shadow, and only the administrator user can view, because is the password, if the ordinary user can see that there is a problem


Shadow file format:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/85/50/wKioL1egAE7xkGzoAABrRvM28Ks349.png "title=" Picture 1.png "alt=" Wkiol1egae7xkgzoaabrrvm28ks349.png "/>

Or take the Sarsh user as an example:

Login User name: Sarah

User Password code: $6$wmpzucds$g9lv.f1ktfhuyzyglygpckhr7kvzcxi7q.

B8vymzm8osfafkqwmtiyuguftdhutliqdzxiqjzxw5dzww8ckz0. (now generally using SHA512 encryption)

Date of January 1, 1970 password last changed: 17014

Minimum password usage period: 0

The maximum age of the password; 9999

Days before password expiration reminder time: 7

Password expiration days The account will be locked:

From January 1, 1970 onwards, the number of days after the account expires


Password Duration:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/85/51/wKioL1egCoWBTQCLAAEVW854fLA157.png "title=" Image 3.png "alt=" wkiol1egcowbtqclaaevw854fla157.png "/> Password encryption:


Encryption mechanism:

Encryption: Clear-and redaction

Decryption: ciphertext-to-plaintext

Single encryption: hash algorithm, different text, different ciphertext

The same as the legal long output, get ciphertext irreversible push the original data

Avalanche effect: Small changes in initial conditions, resulting in a dramatic change in results

Symmetric encryption: Encrypt and decrypt using the same password

Asymmetric encryption: Encrypt and decrypt a useful pair of keys

Key pair:

Key: Public key

private key:


Types of cryptographic algorithms:

md5:128 bit

sha1:160 bit

sha224:224 bit

sha256:256 bit

sha384:384 bit

sha512:512 bit ==> is now commonly used


Change the encryption algorithm: Authconfig--passalgo=sha256--update

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/51/wKioL1egB4PAXcQmAACejzkqfqg835.png "title=" Picture 1.png "alt=" Wkiol1egb4paxcqmaacejzkqfqg835.png "/>

Change the encryption algorithm to SHA256, and then change back to sha512, by contrast, sha512 password complexity far more than sha256


In the second $ and the third $ middle there are a few characters, called Salt, is a random number, so even if you two users set the same password but the home salt, shadow reality password is completely different

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/51/wKiom1egCWnxipfiAACoghywL6Q650.png "title=" Picture 2.png "alt=" Wkiom1egcwnxipfiaacoghywl6q650.png "/>

Set the password for a,b,c users CentOS, but shadow show the password is completely different


Password Usage Policy:

1. Using random passwords

2. Minimum length not less than 8 bits

3. Should use capital letters, lowercase letters, numbers and punctuation characters in at least three classes

4. Regular replacement


Set random number:

OpenSSL rand-base64 20

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/52/wKiom1egDX6R6PWUAAAp5ONXue8880.png "title=" Picture 3.png "alt=" Wkiom1egdx6r6pwuaaap5onxue8880.png "/>


Group file Format:


Group Name: Group name

Group password: usually do not need to set the password, password in/etc/gshadow

GID: The ID of the group

List of users with the current group as additional groups (comma-delimited)

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/85/51/wKiom1egC-_wJd2TAAAUGo-V7sE849.png "title=" Picture 3.png "alt=" Wkiom1egc-_wjd2taaaugo-v7se849.png "/>

Group Name: Admins

Password: X

gid:503

Users with admins as additional groups: Natasha,harry



Gshadow file Format:


Group Name: Group name

Group password: usually do not need to set the password, password in/etc/gshadow

Group Admins list: List of group admins, change groups passwords and members

List of users with the current group as additional groups (comma-delimited)

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/85/51/wKiom1egDMHC7KpbAAALlI-Wp14327.png "title=" Picture 3.png "alt=" Wkiom1egdmhc7kpbaaalli-wp14327.png "/>

Group Name: Admins

Password: X

List of group administrators:

Users with admins as additional groups: Natasha,harry



VIPW: Edit User Password file

VIGR: Editing a group file

PWCK: Checking the integrity of user passwords

GRPCK: Checking the integrity of user groups and password files


User and Group Management commands

User:

Useradd: Create User

-u: Specify UID for user

-O: With the-u option, do not check UID uniqueness (i.e. two users can use the same UID)

-G GID: Indicates the user's basic group, group name or GID.

-C: User's comment information

-G: Indicates the user's added value, can be multiple, separated by commas

-D: Home directory with specified path (not present)

Note: When the-D option is present, the parent directory must exist, and the subdirectories do not have

-S: Indicates the user's default shell program

In the/etc/shells file

-N: Do not create private group master group, use the Users group

-r: Create System User CENTOS6 id<500 Centos7 id<1000

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/85/52/wKioL1egEq2gkQ5UAABMl6otRD0862.png "title=" Picture 3.png "alt=" Wkiol1egeq2gkq5uaabml6otrd0862.png "/>650) this.width=650; src=" Http://s4.51cto.com/wyfs02/M00/ 85/52/wkiol1ege2rbhzp3aabml6otrd0224.png-wh_500x0-wm_3-wmp_4-s_1328763679.png "title=" image 3.png "alt=" Wkiol1ege2rbhzp3aabml6otrd0224.png-wh_50 "/>

Description

User name: Bietianshen

uid:5000

Basic Group: Root

Additional group: Bin Qiuwei

Note Information: Yongrenzirao

Default Shell:/bin/csh

Home directory:/qiuwei


Default Value setting:/etc/default/useradd

useradd-d Display or change the default settings

Useradd-d-S/BIN/CSH: When creating a new user, the default shell is CSH


Practice:

1, create user Gentoo, additional group is bin and root, the default shell for

/BIN/CSH, Annotated message "Gentoo distribution"

Useradd-g bin,root-s/bin/csh-c "Gentoo distribution" gentooid gentoogetent passwd Gentoo


650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/85/53/wKiom1egHWjCrE9AAAAxUHHxaU4388.png "title=" Picture 3.png "alt=" Wkiom1eghwjcre9aaaaxuhhxau4388.png "/>

2. Create the following user, group, and group memberships

A group with a name of admins

User Natasha, using admins as a subordinate group

User Harry, also use admins as a subordinate group

User Sarah, cannot log on to the system interactively, and is not a member of admins,

Natasha, Harry, Sarah, the code's all CentOS.

Instructions:

Groupadd adminsuseradd-g Admins natashauseradd-g admins harryuseradd-s/sbin/nologin sarahecho CentOS |passwd--stdin N Atashaecho CentOS |passwd--stdin harryecho CentOS |passwd--stdin Sarah

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/85/53/wKioL1egHp2iDYiVAAB1qs5jjNA745.png "title=" Picture 3.png "alt=" Wkiol1eghp2idyivaab1qs5jjna745.png "/>


User Property Modification

Usermod:

Options:

-U: New UID

-G GID: New Basic Group

-G group1[group2,....]: New additional group, the original group will be overwritten, if the original. You must also

Use the-a option to indicate append, append

-S shell: new default shell

-C: New annotation information

- D: The new home directory is not created automatically, and the files in the home directory are not moved to the new home directory at the same time, to create a new home directory and move the original home data, using the-m

-L: New name

-l:lock Specify the user, add in the/etc/shadow password bar!

-u:unlock, will/etc/shadow the password bar! Take it off.

-E YYYY-MM-DD: Specify user account expiration date

-F 10: Set inactivity period 10 days


Instructions

Usermod-u 4567-g root-ag qiuwei-s/bin/bash-l DJ Gentoo

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/53/wKioL1egItmBqHsLAAAwmzInHTA667.png "title=" Picture 3.png "alt=" Wkiol1egitmbqhslaaawmzinhta667.png "/> Changed as follows:

uid:4567

Basic group: Root

Additional group: Bin,qiuwei

Default Shell:/bin/bash

User name: DJ



Delete User

Userdel:

-R option: Delete User home directory




View user-related ID information: ID

Options:

-U: View UID

-G:

-G:

-n:name

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/53/wKioL1egJIDC3EFHAAAuqZ0_4IE556.png "title=" Picture 3.png "alt=" wkiol1egjidc3efhaaauqz0_4ie556.png "/> User dj's

uid:4567

gid:0

Group: Basic group Root (0), additional group bin (1) and Qiuwei (500)



SU: User Switching


Su usernam: switch when not logged on, that is, the target user's profile is not read and the current working directory is not changed

Su-usernam: Switch at login, will read the target user's profile, switch to home directory, switch completely


Login shell, config file and order:
/etc/profile--/etc/profile.d/*.sh--and ~/.bash_profile--~/.BASHRC--/ETC/BASHRC

Non-logon Shell:
~/.BASHRC--/ETC/BASHRC-/etc/profile.d/*.sh


Set Password


passwd [options]username: Modify the password of the specified user, only the root user rights

passwd: Change your password

Options:

-L: Lock the specified user

-U: Unlock the specified user

-E: Force user to change password at next logon

-N mindays: Specifying the shortest period of use

-X maxdays: Maximum lifespan

-W Warndays: How many days in advance to start warning

-I inactivedays: Inactivity period

--stdin: Accept user password from standard input

echo "CentOS" |passwd-stdin username


Create a group

Groupadd [Options]...groupname

-G: Indicates GID

-R: Creating a System Group

centos6:id<500

centos7:id<1000


Modify and delete a group

Groupmod [Option]...group

-N groupname: Change group name

-G GID: Change Group ID


Groupdel: Deleting a group

Groupdel groupname: Deleting a specified group


Change the group password:

Group Password: gpasswd

GPASSWD [Option]group


-A User: Adds user to the specified user

-D User: Remove users from the specified user

-A User1,user2, ...: Set up a list of users with administrative privileges


newgrp: temporarily switch Base Group

If the user does not belong to this group, a group password is required



groupmems: List Group members


Groupmems-a User_name | -D user_name | [-G group_name] | -L | -P


650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/85/55/wKiom1egPDmyTTb-AAA5yxgoJHI954.png "title=" Picture 1.png "alt=" Wkiom1egpdmyttb-aaa5yxgojhi954.png "/>

List group members Groupmems-l-G Qiuwei Add Group member groupmems-a root-g qiuwei Remove Group member groupmems-d root-g Qiuwei


Linux Users and Groups

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.