Shulou(Shulou.com)06/01 Report--

What is the user?

There are no users, can you YES

User: one of the core elements of the resource acquisition token, resource allocation, and security permission model

Password: to achieve user authentication

Container: a container that can hold many users, can assign permissions, group roles (role)

Group name: Group IDentifier (GID)

Parsing: the function of finding the corresponding entry according to the search code in the database and finding additional data corresponding to it

The database has the following contents

Text file

SQL database

Ldap database

/ etc/passwd:

Encryption method:

Symmetric encryption: if encrypted, decryption using the same password is called symmetric encryption

DES 3DES AES

Asymmetric encryption: DSA RSA

Unidirectional encryption: avalanche effect, fixed length encryption, irreversible

MD5 Information Summary 128bit fixed length output 16 characters

SHA1: secure hashing algorithm, 160bit

CRC32: cyclic redundancy check code

Google buys the world's first quantum computer

Password database / etc/shadow

6 SHA512

1 MD5

$encryption algorithm $8-bit salt $garbled

Roups: user containers, roles

/ etc/group

Password: / etc/gshadow

Security context:

The running program has its owner and group, depending on the owner and group of the process.

Create a user:

Useradd UserName

-u specify UID

-g specify GID

-c description information

-d specify home directory

-M creates users, but does not create home directories for them

-r create system user characteristics id 1-499 will not create a home directory for users. The default shell is / sbin/nologin

-s specifies the default shell

-m when you create a user, force the user to create a home directory

-D change its default shell

Id username: displays the user's id number

Userdel: deleting a user

-r delete the home directory as well

Groupadd: create group

-g specify GID

User category

Administrator: 0

Ordinary users: 1Mui 65535

System user 1-499

Login user 500 +

User groups:

Administrators group

General group

From the perspective of users: groups can be divided into two categories

Basic groups: words displayed in / etc/passwd

Additional group: / etc/group

Set user password: passwd

-l lock the user and add two passwords before the user password!

-u unlock

Password security policy: complex enough

Long enough, cross-apply at least three types of numbers, uppercase letters, lowercase letters, and special characters

Try to avoid using passwords that are easy to guess:

Replace periodically:

/ etc/shadow file format

Login name: encrypted password: the last password modification time (time from 1970-1-1): minimum use time: maximum use period: warning interval: inactive interval (login requires password change)

Set group password gpasswd group name

Modify the user's attribute definition:

Chsh modifies the default shell

Chfn modifies user comments

Usermod is similar to useradd in usage.

-l modify user name

Modify the group property definition:

Groupmod

-g reorganize GID

-n modify the user's membership group

Groupdel

Gpasswd

Modify the date attribute of the account:

Chage: modify the date attribute of a user

-E: the number of days from 1970-1-1, after which the account is inaccessible

-I: set the number of active days

-m: minimum usage time for changing password

-M: the maximum usage time for changing the password

-W: warning time

View user-related information:

Id

-n display name

-u displays UID

-g: show basic group ID

-G: show all groups ID

Who displays the currently logged in user

Whoami displays the current terminal login user

Su swich user

Switch users

-Landing switch

-c do not switch users and execute commands directly

Exercise:

Create a user mandriva. Its ID number is 2002, the basic group is distro (group ID is 3003), and the additional group is linux

# groupadd linux

Groupadd-g 3003 distro

Useradd-u 2002-g distro-G linux mandriva

Create a user fedora whose full name is fedora community and the default shell is tcsh

# useradd-c "fedora community"-s / bin/tcsh fedora

Modify the ID number of mandriva to 4004. The basic group is linux, and the additional groups are distro and fedora.

# usermod-u 4004-g linux-G distro,fedora mandriva

Add a password to fedora and set its password for a minimum of 2 days and a maximum of 50 days

# passwd fedora

Chage-m 2-M 50 fedora

Change the default shell of mandriva to / bin/bash

# usermod-s / bin/bash mandriva

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.