User and Rights Management

What the user is

No user, can Yes

User: Resource acquisition notation, resource allocation, and one of the core elements of the security permissions model

Password: To implement the user authentication

Containers: containers that can accommodate many users, assign permissions, group roles (role)

Group name: IDentifier (GID)

Parse: Find the corresponding entry in the database by search code and find the function corresponding to the additional data.

The database has a bit of content

Text file

SQL database

LDAP database

/ETC/PASSWD:

Encryption method:

Symmetric encryption: If encrypted, decryption uses the same password called symmetric encryption

DES 3DES AES

Asymmetric encryption: DSA RSA

One-way encryption: Avalanche effect, fixed-length encryption, irreversible

MD5 Information Digest 128bit fixed length output 16 characters

SHA1: Secure hashing algorithm, 160bit

CRC32: Cyclic redundancy check code

Google buys the world's first quantum computer

Password Database/etc/shadow

6 SHA512

1 MD5

$ encryption Algorithm $8 bit salt $ garbled

Group: User containers, roles

/etc/group

Password:/etc/gshadow

Security context:

The running program has its owner and owner group, depending on the owner and the group of the process

To create a user:

Useradd UserName

-U Specify UID

-G Specify GID

-C Description Information

-D Specify home directory

-M creates a user, but does not create a home directory for it

-R Create System user feature ID 1-499 does not create a home directory for users, the default shell is/sbin/nologin

-s Specifies the default shell

-M force the user to create a home directory when creating a user

-D change its default shell

ID Username: Displays the user's ID number

Userdel: Deleting users

-R Delete Home directory

Groupadd: Creating Groups

-G Specify GID

User Category

Admin: 0

Normal User: 1--65535

System Users 1-499

Login User 500 +

User groups:

Administrators group

Normal Group

From the perspective of the user: groups can be divided into two categories

Basic group: Displayed in the/etc/passwd word

Additional group:/etc/group

Set User password: passwd

-L lock user, add two before user password!

-U unlock

Password security Policy: complex enough
Long enough to intersect at least three of the digits, uppercase, lowercase, and special characters
Try to avoid using easy-to-guess passwords:
Regular Replacement:

/etc/shadow file format

Login: Encrypted password: Last password modification time (distance from 1970-1-1): Minimum use time: Maximum age: Warning Interval: Inactive interval (password change is necessary for login)

Set Group password GPASSWD Group name

To modify a user's property definition:

Chsh Modifying the default shell

CHFN Modifying user comments

Usermod is similar to useradd usage

-L Modify User name

To modify a group property definition:

Groupmod

-G Modify Group GID

-N Modifying a user's genus group

Groupdel

gpasswd

To modify the account date attribute:
Chage: Modifying a user's Date property
-e: Number of days from 1970-1-1, after this time, account is not accessible
-I: Set active days
-M: Change Password minimum usage time
-M: Change Password maximum usage time
-W: Warning time

To view user-related information:

Id

-N Display Name
-U display UID
-G: Show basic Group ID
-G: Show all Group IDs

WHO displays the currently logged on user

WHOAMI Display the current terminal login user

Su Swich User

Switch users

-Landing Type Switch

-C do not switch user, execute command directly

Practice:

Create a user Mandriva. Its ID number is 2002, the base group is distro (group ID is 3003), the additional group is the Linux
#groupadd Linux
Groupadd-g 3003 distro
Useradd-u 2002-g distro-g Linux Mandriva
Create a user fedora with the full name of Fedora community, the default shell is tcsh
#useradd-C "Fedora community"-s/bin/tcsh Fedora
Modify the ID number for Mandriva to 4004 Base Group for Linux, additional groups for distro and Fedora
#usermod-u 4004-g linux-g distro,fedora Mandriva
Add a password to Fedora and set its password to a minimum of 2 days, up to a maximum of 50 days
#passwd Fedora
Chage-m 2-m Fedora
Change the default shell of Mandriva to/bin/bash
#usermod-S/bin/bash mandriva

User and Rights Management