User and permission management in centos 7

User and permission management in centos 7

1. user, group knowledge is related commands

A. user category:

Administrator: root

Common users:

System User: Used to run service programs only;

Login User: normal user of system resources;

User ID: UserID, UID

16 bits binary number: 0-65535;

Administrator: 0

Common users:

System User:

CentOS 5, 5: 1-499

CentOS 7: 1-999

Login User:

CentOS 5, 6: 500 +

CentOS 7: 1000 +

User and group management:

Mainly using commands:

GROUP: groupadd, groupmod, groupdel

User: useradd, usermod, userdel

Authentication: passwd, gpasswd

View user information: id

Switch User: su

Log on to a new group: newgrp

Chage command: Modify the various periods of the user account;

Chsh is used to change the shell used to log on to the user. Option-l is used to display the list of shells that can be used to log on to the system, which is the same as the content in the/etc/shells file and the useradd-D command.

Chfn: chfn-change your finger information change fn information

Finger-user information lookup program

Pwck-verify integrity of password files verify the integrity of the password file

Grpck-verify integrity of group files verify the integrity of group files

[Root @ localhost ~] # Less/etc/default/useradd

# Useradd defaults file

GROUP = 100

HOME =/home

INACTIVE =-1

EXPIRE =

SHELL =/bin/bash

SKEL =/etc/skel

CREATE_MAIL_SPOOL = yes

B. group type:

Administrator Group

Common User Group

System Group

Logon Group

Group ID: GroupID and GroupID

Administrator group: 0

Common User Group:

System group:

CentOS 5, 6: 1-499

CentOS 7: 1-999

Logon group:

CentOS 5, 6: 500 +

CentOS 7: 1000 +

C. Files related to user and group commands

/Etc/passwd username uid, gid Library

The gid of the/etc/group name and the resolution library containing the user information

/Etc/login. defs default information when a user is created: email directory, detailed expiration time information, uid value range of system users and login users, umask, encryption algorithm, etc.

/Etc/default/useradd the default information when the user is created: Home directory information, shell information, expiration time, whether there is a mailbox, whether it is not activated, etc. The result is the same as that of useradd-D.

If the/etc/skel/home directory does not exist, the file copied by default when the user is created

[Root @ localhost ~] # Less/etc/skel/

Total 24

Drwxr-xr-x. 3 root 74 Feb 29 02: 08 ./

Drwxr-xr-x. 126 root 8192 Mar 6 ../

-Rw-r --. 1 root 18 Mar 6 2015. bash_logout

-Rw-r --. 1 root 193 Mar 6 2015. bash_profile

-Rw-r --. 1 root 231 Mar 6 2015. bashrc

Drwxr-xr-x. 4 root 37 Feb 29 02: 07. mozilla/

/Etc/shells: List of shell accounts that can be used for Logon

/Etc/shadow user authentication information library: password algorithm, encrypted password string, password expiration information, etc.

/Etc/gshadow group authentication information library: password algorithm, encrypted password string, password expiration information, etc.

Device File with random number characters

/Dev/random: only the random number is returned from the entropy pool. When the random number is exhausted, the process will be blocked;

/Dev/urandom: returns a random number from the entropy pool. When the entropy pool is exhausted, the random number is returned from the pseudo-random number generator;

2. Basic permission knowledge is related commands

File System File Permission:

Three types of users:

Owner: owner, u

Group: group, g

Others: other, o

Permission:

R: readable, readable

W: writable, writable

X: excutable, executable

Permission management:

File:

R: obtains the file data;

W: modifiable file data;

X: This file can be run as a process. # rule files generally do not have the x executable permission.

Directory:

R: You can use the ls command to obtain the list of all files under it. However, you cannot use "ls-l" to obtain detailed information or cd to this directory;

W: You can modify the file list in this directory, that is, you can create or delete files in this directory;

X: You can use the "ls-l" command to obtain the detailed attribute information of the file under it, or you can run cd in this directory. # General Directories Should have the x permission, because cd is required. Of course, normal users do not have the x permission on the/root directory.

Rwxrwxrwx:

U owner: rwx

G group: rwx

O other: rwx

Permission Combination Mechanism:

Take the owner as an example:

--- 000 0

-- X001 1

-W-010 2

-Wx011 3

R-- 100 4

R-x101 5

Rw-110 6

Rwx111 7

Command chmod, chown, chgrp

It can be seen that "write what change (a =, pay attention to this usage), the original value is retained for users who have not written it; the modification is for the final value, it is equivalent to overwrite the previous value, and the restrictions on the root administrator are also false. root has the highest permission.

It can be seen that the u + class option "specifies only one or more modified bits, and the original bits of unspecified users are retained"

It can be seen that the 777 class option "write what to change, modify the final value for three categories of users, equivalent to overwrite all previous values"

Impact of changes from small to u + class commands <u = Class commands <777 commands

Chmod [OPTION]... -- reference = rfile file...