Linux users, groups, rights management

Source: Internet
Author: User


First, the basic knowledge:

1, 3A Certification: User authentication (authentication), Authorization (authorization), Audit (audition)


Ii. user category, identity, and name resolution library database

1, User category: Administrators, ordinary users (ordinary users can also be divided into: System users, users logged in).

2, User id: UserID UID, generally with 16bits binary representation (its range is: 0-65535);

Administrator id:0;

Normal User ID Range: 1-65535

System User ID Range: 1-499 (CENTOS6), 1-999 (CENTOS7)

Login User ID Range: 500-60000 (CENTOS6), 1000-60000 (CENTOS7)

The login needs to be converted to UID when the user logs in, and the parsing method is to find the name resolution database within the system (/ETC/PASSWD)

passwd database information such as:

[Email protected] ~]# head-2/etc/passwd

Root:x:0:0:root:/root:/bin/bash

Bin:x:1:1:bin:/bin:/sbin/nologin

[Email protected] ~]#


Three, group category, group ID, group name Resolution Library

1. Group Category One: Admin group, Ordinary user group (general user group is divided into: System Group and login Group)

1.1, group identification: groupid,gid; generally used 16bits binary representation (its range is: 0-65535);

Administrators group id:0;

Normal user group ID range: 1-65535

System user group ID range: 1-499 (CENTOS6), 1-999 (CENTOS7)

Login User I Group D range: 500-60000 (CENTOS6), 1000-60000 (CENTOS7)

Groups are also required to resolve the group name to GID when they are used, and the parsing method is to find the name resolution database within the system (/etc/group)

Group databases such as:

[Email protected] ~]# head-2/etc/group

root:x:0://root for group name, 0 for group ID

Bin:x:1:

[Email protected] ~]#


2, group category two: The user's primary group, the user's additional group.

3, group category three: User private group (group name with user name, and only one user), public group (contains multiple users in the group)


IV. certification information: Through password Authentication (password)

Whether the information provided at login is consistent with the prior storage of the pair.

User Password storage location:/etc/shadow

[Email protected] ~]# head-n 2/etc/shadow

Root:$6$gekchjmidb8kmex2$uwylvnzwolmf7xyddqc5yp3cpd6grcw.abdsqm8o7a1q3pvomcxqpsal7b.e1tvl.gtoeo2rtkxcih3tgesuy .:: 0:99999:7:::

Bin:*:16659:0:99999:7:::

[Email protected] ~]#


Group Password storage location:/etc/gshadow

[Email protected] ~]# head-n 2/etc/gshadow

Root::

Bin::

[Email protected] ~]#




Linux users, groups, rights management

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.