Shulou(Shulou.com)06/03 Report--

Generally speaking, a user refers to the person who uses the computer, and the computer gives a specific name to everyone who uses it, and the user can use these names to log in and use the computer. In addition to people, some system services also need to be run by user accounts with partial privileges. Therefore, for security reasons, it explicitly limits the permissions of each user account. Root is used in computers with the highest privileges, so it is generally used only for administrative purposes, and non-privileged users can get privileges temporarily through su or sudo command programs.

GNU/Linux implements access control through users and user groups, including file access, device usage and control, and so on.

Individuals can have multiple accounts, but the names are different from each other, for example, if the root name is already occupied, it can no longer be used. In addition, any user can belong to a user group, and this user can join some existing groups to gain the privileges of that group.

Every file in the GNU/Linux system has a user (owner) and a user group (group). In addition, there are three types of access: read (read), write (write), and run (execute). We can set the appropriate access permissions for the owner and group of the file. Again, we can query file owners, groups, and permissions through the ls | stat command.

[root@xuegod63 ~] # ll | head-2 # use ll to view the current directory and display only the first two lines of the output.

Total dosage 8

-rw-. 1 root root 1680 September 19 2017 anaconda-ks.cfg

[root@xuegod63 ~] # stat anaconda-ks.cfg

File: "anaconda-ks.cfg"

Size: 1782 blocks: 8 IO blocks: 4096 ordinary files

Device: 803h/2051d Inode:33574991 hard link: 1

Permission: (0600 Uid) Uid: (0 / root) Gid: (0 / root)

Last visit: 2018-02-03 01 purl 09purl 35.552324534 + 0800

Last modified: 2018-02-02 23 47 purl 56.692063786 + 0800

Last modified: 2018-02-02 23 47 purl 56.692063786 + 0800

User account number

Users:

The user is used to identify the identity of the resource acquirer.

Group:

A group is a user container, which is not a user or a specific resource user, and this container can also associate permissions. As long as a user is placed on a container, a user has the permissions of the container. This container is called a user group, and a group can also be understood as a container of permissions or a collection of permissions, and the set of these permissions can be attached to some users. As a result, some users have permission to the container, so a group is a logical concept that cannot log on to the computer or use certain resources, but is only used to easily assign permissions.

Classification of users

Three roles of 1.Linux user

(1) Super user: root has the highest management right to the system, that is, user ID=0.

(2) ordinary users (including local users) have different ranges of UID numbers for ordinary users and local users in different system versions.

CentOS 7 version: the system user UID number is 1-999, the local user UID number is above 1000.

CentOS version 6: the system user UID number is 1-499, and the local user UID number is above 500.

UID: that is, the identity of each user, similar to each person's × × number.

(3) Virtual users: pseudo users are generally not used to log in to the system, but are mainly used to maintain the normal operation of a service, such as ftp and apache.

The following figure shows the relationship between users and groups, as shown in figure 6-1:

(1) one-to-one: a user can exist in a group

(2) one-to-many: a user can exist in multiple groups

(3) many-to-one: multiple users can exist in a group

(4) many-to-many: multiple users can exist in multiple groups

Figure 6-1 user and group diagram

Configuration file, as shown in Table 6-1.

Name account information

The user profile / etc/passwd records some basic attributes of each user and is readable to all users, each row of records corresponds to one user, and each row of records are separated by colons

All the information of the user group file / etc/group user group is stored, and the group name cannot be repeated.

User's corresponding password information / etc/shadow because the passwd file is readable to all users, for security reasons, the password is separated from the passwd and put into this separate file. Only the root user has read permission in this file, thus ensuring the password security.

Table 6-1 user profile description

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.