Marco -51cto-linux Training-4-user management and Rights management

Exercise 1: Create a user Oracle, an additional group that belongs to the database and Sql,id number 3000, and a home directory of/home/database

Groupadd Database

Groupadd SQL (Create a new two user group first, Q: Groupadd can I create multiple groups at once?) )

useradd oracle-u 3000-d/home/database-g database,sql

ID Oracle (view user Oracle ID and group-related information)

uid=3000 (Oracle) gid=3000 (Oracle) groups=3000 (Oracle), (database), 1001 (SQL)

CAT/ETC/PASSWD |grep Oracle (filtering out Oracle-related information from the passwd file)

Oracle:x:3000:3000::/home/database:/bin/bash

Cat/etc/shadow |grep Oracle (View information about Oracle user account password) Oracle:$6$bnk5piom$8h04509u0yhpq5bkicojywpe1yejliu Ihd5jg3vu.orps2icfqtll.chukfasekw4ukeilzflrc2c57ypccnf1:16673:0:99999:7:::

User management and Rights management:

AAA Authentication mechanism (authentication, authorization, billing authencattion, authorzation, Accounting)

A: Authentication mechanism

Identity (Username/password)

Token

A:permission

Mode

Ownership

Linux Users: Username/password

uid:0-65535

Admin: 0

Normal Users: 1-60000

System users:

centos6:1-499

centos7:1-999

Login User:

centos6:500+

centos7:1000+

Linux Group: Groupname/gid

Administrators group: 0

Normal Group:

1-499, 1-999

1000+, a researcher

Basic Group of users:

Private group of the user:

Additional Groups for users:

Related configuration files for Linux users and groups:

/ETC/PASSWD: User name, UID, basic group and other information

/etc/group: Group name, GID, user included in the group;

/etc/shadow: User password and related attributes;

/etc/gshadow: the password and related attributes of the group;

/ETC/PASSWD:

Name:password:UID:GID:GECOS:directory:shell

Login name: x:uid:gid:comment: Home directory: User default Shell

/etc/shadow:

Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account Expiration date:reserved field

$6$ynzgov5vyxxmdu2n$pxariu7ag0mblzbonlwujubn9obtoljauxiforqq1ftzt058frqkjo6qvjtuxkp4lukpsih7ejwo8bg6c4rrc1

6: Encryption algorithm

One-way encryption:

extracting data fingerprints;

MD5, SHA1, sha224, SHA256, sha384, sha512

Avalanche effect:

Fixed-Length output:

relative to Unix;

January 1, 1970;

/etc/group

Group_name:password:GID:user_list

Complexity Policy for passwords:

1, use number, lowercase letters, uppercase, special characters, at least three classes in four categories;

2, long enough;

3, the use of random password;

4, regular replacement;

Related commands for user and group management:

Useradd, Usermod, passwd, Userdel

Groupadd, Groupmod, GPASSWD, Groupdel

Chage, Chsh, CHFN

ID, W, who, WhoAmI

Su

Useradd: Create User

useradd [Options] LOGIN

useradd-d [Options]

-r: Create a System user

-U uid: Specifies uid;

-G GID: Specifies the base group to which the user belongs, which must exist beforehand

-C ' COMMENT ':

-d/path/to/somewhere: Specifies the user's home directory path; The location cannot exist beforehand, otherwise its user-related profile will be copied;/etc/skel

-S Shell: Sets the user's default shell;

Cat/etc/shells

-G GID,... : Specifies the additional group to which it belongs;

-M: Do not create home directory for users;

Groupadd: Creating Groups

Groupadd [OPTIONS] GROUPNAME

-G GID: Indicates the group ID;

-r: Create a system group;

ID: View user-related ID information;

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name

Su:switch user, switch users or execute commands as other users;

Switching mode:

Su USERNAME: Non-complete switching, non-login switching

Su-username or su-l USERNAME: full switch, login switch

Executes the specified command only as the specified user:

Su-username-c ' COMMAND '

Usermod: User Property modification

Usermod [OPTION] ... LOGIN

-U UID

-G GID

-G Gid[,gid,...] : Modify the additional groups that the user belongs to, and use the-a option;

-S SHELL

-C ' COMMENT '

-D Home: When the user's home directory is modified to a new location, the user's original file is not moved to the new home; the-m option allows it to be moved to a new home directory at the same time;

-L LOGIN:

-l:lock User

-u:unlock User

passwd: Add a password to the user

passwd [OPTION] [UserName]

-l:lock User

-u:unlock User

-N mindays: Minimum period of use;

-X maxdays: Default is 99,999 days;

-W Warndays:

-I. Inactivedays:

--stdin: Receive user password from standard output;

echo ' CentOS ' | passwd--stdin CentOS

Userdel: Deleting users

Userdel [-R] USERNAME

-R: Delete the user's home directory at the same time;

Groupmod: Group Property Modification

Groupmod [OPTION] GROUPNAME

-N group_name

-G GID

GPASSWD: Set password for group

NEWGRP: Toggles the base group for the specified group

Groupdel: Deleting a group

Chage: Modify the properties of user account and password

chage [OPTION] ... LOGIN

-D Last_day

-E

-L

-M

-M

-W

Other commands: CHFN, Chsh, Finger, WhoAmI, who, W

File permissions:

There are three types of user access to files:

R, W, X

File:

R: You can use the file viewing tool to view its contents;

W: You can use the file Editing tool to edit its contents;

X: Can request to the kernel to run this file as a process;

Directory:

R: You can use the LS command to list files or subdirectories in a directory;

W: You can create or delete files in this directory;

X: You can use ' ls-l ' to list the detailed property information of directory files and subdirectories; You can switch the working directory to the specified directory using the CD command;

The permissions for a file are defined primarily for three types of objects:

Ownuer:u, belonging to the Lord;

Group:g, genus Group;

Other:o, others;

Access to a file by a certain type of user:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7

664:rw-rw-r--

Rwxr-x---: 750

Rights Management:

Rights Management: chmod

Affiliation Management: Chown, CHGRP

File Matte Code: Umask

Jobs: User manages the use of each command

Marco -51cto-linux Training-4-user management and Rights management