program consists of instruction + data
High-level language-compiler--assembly language--compiler--Machine languages
Linux refers to the gun tools+linux kernel
System structure
Hardware
Kernel (the kernel hides the hardware features, abstracting the computing power of the computer for use by the application)
Applications (Programs implemented by kernel-based systemcal)
Shell (also application)
A library function (. A or. So----is a program, but no entry is executed and can only be called)
Application, a program based on library function implementation
All programs are run to the kernel, requesting access to the hardware through the kernel.
Space---User space to run the application
The memory space of the running kernel---system space
application's execution Interface API
interface of the development program---ABI
Different APIs dictate that applications of different types of operating systems cannot be executed on other platforms
Systemcal was too low, and later someone developed the advanced implementation--the library
Proprietary Library--. A
Shared library--. So
How the program is compiled
Static compilation--inline library
Dynamic compilation--Using shared libraries
Type of process
Terminal-related, boot via terminal
Regardless of terminal, the operating system starts automatically during boot boot
Linux kernel Features
Process Management
Memory management
File system
Network functions
Hardware Drivers
Security mechanisms
The Basic Law of Linux
Composed of small programs with a single purpose, combining small programs to complete complex tasks
All documents
Avoid capturing user interfaces and interacting with users as little as possible
The configuration file is saved in text form
Linux root file system--tree structure
FHS File Hierarchy Standard
/
├──bin Basic Command Program files for all users
├──boot boot loader must use static files, Kernel,initramfs (INITRD), Grub
├──dev storing special files or device files
├──ETC the configuration file of the system program, can only be static
├──home home directory for ordinary users
├──lib bit system boot or application on root file System (Bin,sbin) provides shared library
and kernel modules provided for the kernel/lib/modules
├──lib64
├──media Portable Device mount point
├──mnt temporary mount points for other file systems
├──opt installation directory For additional applications (third-party software)
├──proc pseudo-File system---are kernel parameters, abstract to file format
├──root home directory for Super admin
├──run
├──sbin tool program for administrators to use
├──srv data provided by the current host for the service
├──sys pseudo File System--used primarily to manage devices
├──tmp Storing temporary files---system will periodically clean up
/usr itself is also a hierarchical structure
├──bin
├──etc
├──games
├──include
├──lib
├──lib64
├──libexec
├──local Install a directory of third-party programs and also a hierarchy to install local applications
├──sbin
├──share
├──src
└──tmp. /var/tmp
/var itself is a hierarchical structure, where the data is often changed
├──adm
├──cache
├──crash
├──db
├──empty
├──games
├──gopher
├──kerberos
├──lib
├──local
├──lock. /run/lock
├──log
├──mail-Spool/mail
├──nis
├──opt
├──preserve
├──run. /run
├──spool
├──tmp
└──yp
--------------------------------------------------------------------------------
Linux User Rights Management
Mans 5 Shadow
Mans 5 passwd
Users, the computer's consumers, each user has an ID, the computer is easier to identify the number
User id: User name
User password: Authentication means
Operating system provides
Certification
Authorized
Audit
Group: User group, User's container, easy to implement permission assignment
User Category
Administrator
Normal User
System users
Login User
User id: Userid--uid
Binary number 0-65535 for 16bits
Administrator for 0
Normal User: 1--65535
System User: 1--499 (centos5,6)
1--999 (CENTOS7)
Login User: 500--60000 (CENTOS6)
1000--60000 (CENTOS7)
Name resolution:
User name <---->uid
/ETC/PASSWD based on the name resolution library
Categories of user groups
Category 1
Administrator
Normal User
Group Id--gid
Administrator for 0
Normal User: 1--65535
System User: 1--499 (centos5,6)
1--999 (CENTOS7)
Login User: 500--60000 (CENTOS6)
1000--60000 (CENTOS7)
Category 2
User's primary group (basic group)
Additional groups to use
Category 3
Private group: The group name is the same as the user name, and only one user
Common groups: Groups can contain multiple users
Certification Information
Consistent with the information provided at the time of landing, by comparing the pre-stored
User password:/etc/shadow
Group Password:/etc/gshadow
Library of groups:/etc/group
Use Policy for passwords
1 Using a random mask
2 Minimum length not less than 8 bits
3 should use uppercase and lowercase letters, numbers and punctuation. Three classes in four categories
4 Regular replacement
Rights Management
Process Security Context
Process applies a model to file access permissions
Whether the owner of the process is the same as the owner of the file, and if the same is the master permission
The owner of the process is not the same as the owner of the file, the group permission is the same as the same, and the same group permission is applied.
The owner of a process is neither the owner of the file nor the same genus, and the other person's permissions apply
Nine Fields rwx-rwx-rwx
The first three are the main
The second one belongs to the group
The third one is the others.
R: Read
W: Write
X: Execute
For file
R: Can get the data of the file
W: Can modify the data of the file
X can run this file as a process and normal files do not have permission to execute
For directories:
R: You can use the LS command to get a list of all the files under it, but do not include details ls-l
W: Can knee the list of files in this directory, that is, create delete files
X: Can be CD to this directory, you can use Ls-l
Octal permission notation: r=4 w=2 x=1
Three digits, each representing a corresponding permission such as: 777,664,640,600,755,750,775
Attention:
Users can only modify the permissions of those files that belong to the owner
Only administrators can modify the permissions of others ' files
Only administrators can modify the owner and owner group of a file
--------------------------------------------------------------------------------
Special permissions on Linux systems
SUID
SGID
STICKY
SUID:
By default, a user-initiated process, the owner of the process is not its initiator, and therefore is not running as its initiator,
Instead, it runs as a file's own primary identity.
suid function: When a user runs a program, if the program has SUID permissions, the program runs in its primary identity
The passwd command has SUID
In general, it is not recommended to set SUID for the program, the risk is greater.
Have execute permission for lowercase s
Uppercase S for no execute permission
chmod setting Suid
chmod u+1-s File
SGID:
A folder where this permission is applied when a user creates a folder, and the group of Sgid that other users create files in this directory. Not a user's primary group
Features of the Sgid:
When a directory belongs to a group that has write permissions and has Sgid permissions, all belong to this directory, and when a new file or directory is created in this directory as a group, the group of the new file is not the user's base group (private group), but the genus of this directory.
chmod setting Sgid
chmod u+1-s dir
STICKY
Functionality: For all users in a group or globally writable directory group or for all users on the system, you can create new files or delete files in this directory, and if you set sticky permissions for such directories, each user can create files and delete only their own files.
chmod setting Sticky
chmod o+1-t dir
Lowercase t If other users have execute permission originally
Otherwise, the capital T
The/TMP and/VAR/TMP on the system have sticky permissions
Another way to manage special permissions
000 0
001 1
010 2
011 3
100 4
101 5
110 6
111 7
chmod 1755
Facl:
Additional weighting mechanisms for files, for specified users and groups
In addition to the original Ugo, another layer allows ordinary users to control the empowerment mechanism that empowers other users or groups
setfacl-m u: User name: rwx file name
G: Group name
Getfacl file name view Facl permissions for files
Cancel Authorization: setfacl-x u:name file
G:name
M20 Preview notes finishing--linux basic knowledge