Linux users, groups, rights management

First, the basic knowledge:

1, 3A Certification: User authentication (authentication), Authorization (authorization), Audit (audition)

Ii. user category, identity, and name resolution library database

1, User category: Administrators, ordinary users (ordinary users can also be divided into: System users, users logged in).

2, User id: UserID UID, generally with 16bits binary representation (its range is: 0-65535);

Administrator id:0;

Normal User ID Range: 1-65535

System User ID Range: 1-499 (CENTOS6), 1-999 (CENTOS7)

Login User ID Range: 500-60000 (CENTOS6), 1000-60000 (CENTOS7)

The login needs to be converted to UID when the user logs in, and the parsing method is to find the name resolution database within the system (/ETC/PASSWD)

passwd database information such as:

[Email protected] ~]# head-2/etc/passwd

Root:x:0:0:root:/root:/bin/bash

Bin:x:1:1:bin:/bin:/sbin/nologin

[Email protected] ~]#

Three, group category, group ID, group name Resolution Library

1. Group Category One: Admin group, Ordinary user group (general user group is divided into: System Group and login Group)

1.1, group identification: groupid,gid; generally used 16bits binary representation (its range is: 0-65535);

Administrators group id:0;

Normal user group ID range: 1-65535

System user group ID range: 1-499 (CENTOS6), 1-999 (CENTOS7)

Login User I Group D range: 500-60000 (CENTOS6), 1000-60000 (CENTOS7)

Groups are also required to resolve the group name to GID when they are used, and the parsing method is to find the name resolution database within the system (/etc/group)

Group databases such as:

[Email protected] ~]# head-2/etc/group

root:x:0://root for group name, 0 for group ID

Bin:x:1:

[Email protected] ~]#

2, group category two: The user's primary group, the user's additional group.

3, group category three: User private group (group name with user name, and only one user), public group (contains multiple users in the group)

IV. certification information: Through password Authentication (password)

Whether the information provided at login is consistent with the prior storage of the pair.

User Password storage location:/etc/shadow

[Email protected] ~]# head-n 2/etc/shadow

Root:$6$gekchjmidb8kmex2$uwylvnzwolmf7xyddqc5yp3cpd6grcw.abdsqm8o7a1q3pvomcxqpsal7b.e1tvl.gtoeo2rtkxcih3tgesuy .:: 0:99999:7:::

Bin:*:16659:0:99999:7:::

[Email protected] ~]#

Group Password storage location:/etc/gshadow

[Email protected] ~]# head-n 2/etc/gshadow

Root::

Bin::

[Email protected] ~]#

Linux users, groups, rights management