User and Rights Management related content for CentOS 7
1. User, group knowledge is the relevant command
A. User's Category:
Administrator: Root
Normal User:
System User: Only for running the service program;
Login User: Normal users of system resources;
User id: UserID, UID
16bits binary number: 0-65535;
Admin: 0
Normal User:
System users:
CentOS 5, 6:1-499
CentOS 7:1-999
Login User:
CentOS 5,6:500+
CentOS 7:1000+
Management of users and groups:
The main commands are:
Group: Groupadd, Groupmod, Groupdel
Users: Useradd, Usermod, Userdel
Certification: PASSWD,GPASSWD
View user information: ID
Switch User: Su
Log in to a new group: NEWGRP
Chage command: Modify the user account for various deadlines;
Chsh change the shell of a user login, option-l displays the list of shells that the system can use to log on, like the contents of the file/etc/shells, as well as the useradd-d command
Chfn:chfn-change Your finger information change FN information
Finger-user Information Lookup Program
pwck-verify integrity of password files verifying the integrity of the password file
Grpck-verify integrity of the group files verify the integrity of the file
[email protected] ~]# Less/etc/default/useradd
# useradd defaults file
group=100
Home=/home
Inactive=-1
Expire=
Shell=/bin/bash
Skel=/etc/skel
Create_mail_spool=yes
B. Group Category:
Administrators group
General user groups
System Group
Login Group
Group ID: GroupID, GroupID
Administrators group: 0
Normal User group:
System Group:
CentOS 5,6:1-499
CentOS 7:1-999
Login Group:
CentOS 5,6:500+
CentOS 7:1000+
C. Related files for user and group commands
Uid,gid Parsing library for/etc/passwd user name
/etc/group the GID of the group name and the resolution library of the included user situation
/etc/login.defs default information when user is created: Mailbox directory, detailed expiry time information, UID value range of system user and login user, umask, encryption algorithm, etc.
/etc/default/useradd default information when user is created: Home directory situation, Shell situation, expiration time, whether there is a mailbox, whether it is inactive, etc. Same as the useradd-d results
Files that are copied by default when a user is created when the/etc/skel/home directory does not exist
[Email protected] ~]# less/etc/skel/
Total 24
Drwxr-xr-x. 3 root root and 29 02:08.
Drwxr-xr-x. 126 root root 8192 Mar 6 10:19.. /
-rw-r--r--. 1 root root 6. bash_logout
-rw-r--r--. 1 root root 193 Mar 6. Bash_profile
-rw-r--r--. 1 root root 231 Mar 6. BASHRC
Drwxr-xr-x. 4 root root Notoginseng 02:07. mozilla/
/etc/shells the list of shells that can be used to login for the current account
/etc/shadow user authentication information base: password algorithm, encrypted password string, password expiration related
/etc/gshadow Group certification Information base: password algorithm, encrypted password string, password expiration, etc.
Random digit character device file
/dev/random: The random number is returned only from the entropy pool, and the process is blocked when the random number is exhausted;
/dev/urandom: The random number is returned from the entropy pool first, and the random number is returned from the pseudo-random number generator when the entropy pool is exhausted.
2. The basic knowledge of permissions is the relevant command
File System file Permissions:
Three types of users:
Master: Owner, U
Genus Group: Group, G
Others: Other, O
Permissions:
R:readable, readable
W:writable, writable
X:excutable, executable
Rights Management:
File:
R: Can obtain the data of the file;
W: can modify the data of the file;
X: This file can be run as a process; # #规则文件一般都不能有x可执行权限
Directory:
R: You can use the LS command to get a list of all the files under it, but you can not use "ls-l" to get details, nor can you CD to this directory;
W: You can modify the list of files in this directory, that is, you can create or delete files in this directory;
X: You can use the "ls-l" command to get detailed property information for the file under it, or to CD to this directory; # #一般的目录都应该提供有x权限, because you want the CD to go in. Of course, ordinary users of the/root directory is not X-permission
RWXRWXRWX:
U owner:rwx
G group:rwx
o other:rwx
Privilege Combination mechanism:
Take owner as an example:
--- 0
--x 001 1
-w- 010 2
-WX 011 3
r-- 4
R-x 101 5
rw- 6
RWX 111 7
Permission modification, belong to the main, group related changes and other related commands Chmod,chown,chgrp
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/4B/wKiom1blDhyxOgH8AAAvy0m16V0596.png "title=" chmod A =,.png "alt=" Wkiom1bldhyxogh8aaavy0m16v0596.png "/>
you can see " what to write and what to change ( a=, Note this usage), the user is not written to retain the original value, the modification is for the final value, equivalent to overwrite the previous value " and the root Administrator's restrictions are not the same,root has the supremacy of authority.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/49/wKioL1blEK-xXUxKAACaywux1Q4130.png "title=" chmod u +8.png "alt=" Wkiol1blek-xxuxkaacaywux1q4130.png "/>
you can see that the U+ class option is " only for which one or the specified number of changes, the bits of the user not specified are reserved."
You can see that the 777 class option "What to write and what to change is the final value of the 3 class of users, equivalent to overwriting all previous values"
Changes affect from small to u+ class commands < u= class Commands < 777 commands
chmod [OPTION] ...--reference=rfile FILE ...
This article from "BHJ_DYSF" blog, reproduced please contact the author!
User and Rights Management related content for CentOS 7