"Linux_ Notes" Linux Users, Groups, permissions, encryption-Basic concepts

Learning resources from: www.magedu.com

Mistakes are unavoidable in the learning process, and if found, they are also pointed out by the great gods.

Some of the sample operations are related to historical operations, and if the previous example operation has not been performed, there may be some examples of operations that cannot be performed. Examples are for informational purposes only.

Security Context (Secure context): Whenever a user operates a computer, it is nothing more than initiating a process, which is
The user operates the agent for the computer, so the process must be in the role of the user who originated it at the start of the run
Run. Which files the process can access, depending on the process's own permissions and the text it accesses
The process is determined automatically by the security management attributes of the system resources (under kernel management).

Permissions: Each type of user has a set of permissions (each set consists of R, W, x)--The master permission, group permissions, other user rights

File:
R: Readable, you can use similar commands such as cat to view the contents of the file;
W: writable, can edit or delete this file;
X: Executable, executable, can be submitted to the kernel at the command prompt as a command to run;

Directory:
R: You can perform LS on this directory to list all the internal files;
W: Files can be created in this directory;
X: You can switch to this directory using a CD, or you can use Ls-l to view the details of the internal files;

User: UID,/etc/passwd (User repository – stores the relevant correspondence for each user ID number)
Group: GID,/etc/group (group)

Shadow password(where the password is stored):
Users:/etc/shadow
Group:/etc/gshadow

passwd, shadow storage content：

cat/etc/passwd
Whatis passwd
Mans 5 passwd
Account: Login Name
Password: password (encrypted format)
UID: ID number of the user
GID: Basic Group ID
Comment: Notes
Home dir: Home directory
Shell: User's default shell
cat/etc/shells--Specifies the security shell that is available for the current system
Cat/etc/shadow (Locked users--there are two!) Marked
Mans 5 Shadow
Login Name
Encrypted password
The time elapsed since January 1, 1970 to the most recent password change
Minimum password usage period
Maximum Password usage period
The number of days before the password expires, prompting the user for a warning message.
When the password expires, the duration of the distance password is disabled
Specify the account expiration date.
Reserved fields (meaningless)

User Category：
Administrator: 0--id No.
Normal Users: 1-65535
System User: 1-499--dedicated to running background processes (no login required)
General Users: 500-60000

user groups (easy to assign permissions) category：

By user category:
Administrators group:
Normal Group:
System Group:
General Group:

Classification by Function:
Private group: When you create a user, a group that has the same name as the user name is automatically created if the group to which it belongs is not specified.
Basic group: Default group for users
Additional groups, additional groups: groups other than the default group

Encryption Method:

Symmetric encryption: Encrypt and decrypt using the same password

Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key

One-way encryption, hash encryption: Extracting data signatures, often used for data integrity checks
1, non-reversible
2, Avalanche effect: Small changes in input data, will cause a huge change in the data signature-anti-brute force
3, fixed-length output
Common one-way encryption is:
Md5:message Digest, (Information Digest, 5 is the version number), MD5 is a 128-bit fixed-length output,
Sha1:secure hash algorithm, (Secure hashing algorithm), 160-bit fixed-length output
Example:
Cp/etc/inittabl./--Copy the INITTABL to the current directory
md5sum initabl--Extracting signature codes
Nano
Add a A to the first line
Save and exit
Md5sum initab--can see that the signature has changed dramatically.

(The key length of the public key encryption is much longer than symmetric encryption, and the security can be much higher, but the encryption speed of symmetric encryption
is more than 1000 times times faster than public key cryptography, so public key cryptography is generally not used to encrypt data, but is used for key exchange. ）

When a user password is encrypted, a string of random codes (salt) is added before the password is encrypted.
(Reduce the number of different users to set the same password, resulting in the same ciphertext security risks)
When the user logs in, the random code is encrypted with the password, and then the ciphertext is matched and the user is entered.

Add users, Groups:

Useradd USERNAME
Groupadd GRPNAME
Example:
Useradd tom--Adding users
Tail-1/etc/passwd--View the last row of records
TAIL-1/etc/shadow--Viewing user information
passwd tom--to set a password for the user
Redhat
Redhat
Tail-1/etc/shadow
Tail-1/etc/passwd
Tail-1/etc/group
cd/etc/default/--Storing user default property information
Ls
File Useradd
Cat Useradd
Cat/etc/group
Groupadd mygroup--Adding groups manually
Tail-l/etc/group

This article from "Not Daze" blog, please make sure to keep this source http://tobeys.blog.51cto.com/10620284/1687765

"Linux_ Notes" Linux Users, Groups, permissions, encryption-Basic concepts