Marco -51cto-linux Training-4-user management and Rights management

Source: Internet
Author: User
Tags stdin file permissions

Exercise 1: Create a user Oracle, an additional group that belongs to the database and Sql,id number 3000, and a home directory of/home/database

Groupadd Database

Groupadd SQL (Create a new two user group first, Q: Groupadd can I create multiple groups at once?) )

useradd oracle-u 3000-d/home/database-g database,sql

ID Oracle (view user Oracle ID and group-related information)

uid=3000 (Oracle) gid=3000 (Oracle) groups=3000 (Oracle), (database), 1001 (SQL)

CAT/ETC/PASSWD |grep Oracle (filtering out Oracle-related information from the passwd file)

Oracle:x:3000:3000::/home/database:/bin/bash

Cat/etc/shadow |grep Oracle (View information about Oracle user account password) Oracle:$6$bnk5piom$8h04509u0yhpq5bkicojywpe1yejliu Ihd5jg3vu.orps2icfqtll.chukfasekw4ukeilzflrc2c57ypccnf1:16673:0:99999:7:::

User management and Rights management:

AAA Authentication mechanism (authentication, authorization, billing authencattion, authorzation, Accounting)

A: Authentication mechanism

Identity (Username/password)

Token

A:permission

Mode

Ownership


Linux Users: Username/password

uid:0-65535

Admin: 0

Normal Users: 1-60000

System users:

centos6:1-499

centos7:1-999

Login User:

centos6:500+

centos7:1000+


Linux Group: Groupname/gid

Administrators group: 0

Normal Group:

1-499, 1-999

1000+, a researcher


Basic Group of users:

Private group of the user:

Additional Groups for users:


Related configuration files for Linux users and groups:

/ETC/PASSWD: User name, UID, basic group and other information

/etc/group: Group name, GID, user included in the group;

/etc/shadow: User password and related attributes;

/etc/gshadow: the password and related attributes of the group;


/ETC/PASSWD:

Name:password:UID:GID:GECOS:directory:shell


Login name: x:uid:gid:comment: Home directory: User default Shell


/etc/shadow:

Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account Expiration date:reserved field


$6$ynzgov5vyxxmdu2n$pxariu7ag0mblzbonlwujubn9obtoljauxiforqq1ftzt058frqkjo6qvjtuxkp4lukpsih7ejwo8bg6c4rrc1

6: Encryption algorithm



One-way encryption:

extracting data fingerprints;


MD5, SHA1, sha224, SHA256, sha384, sha512


Avalanche effect:

Fixed-Length output:


relative to Unix;

January 1, 1970;


/etc/group

Group_name:password:GID:user_list


Complexity Policy for passwords:

1, use number, lowercase letters, uppercase, special characters, at least three classes in four categories;

2, long enough;

3, the use of random password;

4, regular replacement;


Related commands for user and group management:

Useradd, Usermod, passwd, Userdel

Groupadd, Groupmod, GPASSWD, Groupdel

Chage, Chsh, CHFN

ID, W, who, WhoAmI

Su


Useradd: Create User

useradd [Options] LOGIN

useradd-d [Options]

-r: Create a System user

-U uid: Specifies uid;

-G GID: Specifies the base group to which the user belongs, which must exist beforehand

-C ' COMMENT ':

-d/path/to/somewhere: Specifies the user's home directory path; The location cannot exist beforehand, otherwise its user-related profile will be copied;/etc/skel

-S Shell: Sets the user's default shell;

Cat/etc/shells

-G GID,... : Specifies the additional group to which it belongs;

-M: Do not create home directory for users;

Groupadd: Creating Groups

Groupadd [OPTIONS] GROUPNAME

-G GID: Indicates the group ID;

-r: Create a system group;


ID: View user-related ID information;

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name


Su:switch user, switch users or execute commands as other users;

Switching mode:

Su USERNAME: Non-complete switching, non-login switching

Su-username or su-l USERNAME: full switch, login switch


Executes the specified command only as the specified user:

Su-username-c ' COMMAND '


Usermod: User Property modification

Usermod [OPTION] ... LOGIN

-U UID

-G GID

-G Gid[,gid,...] : Modify the additional groups that the user belongs to, and use the-a option;

-S SHELL

-C ' COMMENT '

-D Home: When the user's home directory is modified to a new location, the user's original file is not moved to the new home; the-m option allows it to be moved to a new home directory at the same time;

-L LOGIN:


-l:lock User

-u:unlock User


passwd: Add a password to the user

passwd [OPTION] [UserName]


-l:lock User

-u:unlock User


-N mindays: Minimum period of use;

-X maxdays: Default is 99,999 days;

-W Warndays:

-I. Inactivedays:


--stdin: Receive user password from standard output;


echo ' CentOS ' | passwd--stdin CentOS


Userdel: Deleting users

Userdel [-R] USERNAME

-R: Delete the user's home directory at the same time;


Groupmod: Group Property Modification

Groupmod [OPTION] GROUPNAME

-N group_name

-G GID


GPASSWD: Set password for group


NEWGRP: Toggles the base group for the specified group


Groupdel: Deleting a group


Chage: Modify the properties of user account and password

chage [OPTION] ... LOGIN

-D Last_day

-E

-L

-M

-M

-W


Other commands: CHFN, Chsh, Finger, WhoAmI, who, W


File permissions:


There are three types of user access to files:

R, W, X


File:

R: You can use the file viewing tool to view its contents;

W: You can use the file Editing tool to edit its contents;

X: Can request to the kernel to run this file as a process;


Directory:

R: You can use the LS command to list files or subdirectories in a directory;

W: You can create or delete files in this directory;

X: You can use ' ls-l ' to list the detailed property information of directory files and subdirectories; You can switch the working directory to the specified directory using the CD command;


The permissions for a file are defined primarily for three types of objects:

Ownuer:u, belonging to the Lord;

Group:g, genus Group;

Other:o, others;


Access to a file by a certain type of user:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7


664:rw-rw-r--

Rwxr-x---: 750


Rights Management:

Rights Management: chmod

Affiliation Management: Chown, CHGRP

File Matte Code: Umask


Jobs: User manages the use of each command


Marco -51cto-linux Training-4-user management and Rights management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.