Shulou(Shulou.com)06/02 Report--

The first time to write a blog because the training teacher suggested to write a blog to enhance their learning ability, I also think it makes some sense, and open a blog, try to write.

Also hope Daniel see not spray ha, welcome guidance, thank you.

1. Users

Each user is each user, and the corresponding set of user identification codes and passwords are thus identified as a user.

The group is a container for the user to install in it.

There are two types of users: administrators and ordinary users.

Ordinary users include:

System user

Login user

User ID: userID,UID:

Because the machine needs to identify the user, but the machine only recognizes numbers, so there is UID.

UID is made up of 16-bit binary numbers to represent a total of 65536 0-65535

Where administrator is 0

The average user is 1-65535.

Among them, the system users among ordinary users are 1-499 in centos6 and 1-999 in centos7.

Login users are 500-60000 in centos6, 1000-60000 in centos7

But this is not conducive to human memory, people are easy to remember strings, but the machine can not recognize, so there is name resolution to convert username to uid, so linux has a parsing library to find the conversion between username and uid, / etc/passwd.

2. Group

The same group is also divided into two categories: administrator group and ordinary user group.

Ordinary user groups are also divided into:

System group

Landing formation

Group identity: groupID,GID

Same as user ID

There is also name resolution, and the parsing library is / etc/group

The second group classification, that is, the user's basic group and additional group, a user can be in multiple groups, but one of the most important groups is called the basic group, and the other groups are the additional groups. Just as you work in this 1 department, temporarily go to 2 departments to help 1 is your basic group 2 is your additional group.

The third group classification, private group and public group, private group means the same name as the user and only one user in the group is the private group, and the public group indicates that there are multiple users, but this method has no practical significance.

3. Security context

The process runs as the initiator

The access rights of the process to the file depend on the user rights that initiated the process, that is, what the process can do depends on what the user permissions have.

System users:

When it comes to the security context, we need to say that we will start a large number of processes as soon as we boot up. This is the role of system users. In order for background processes or service processes to run as non-administrators, and usually a user does only one thing, it is usually necessary to create multiple system users for this; but such users never log in to the system.

3. Common commands for users and groups

Groupadd: add group

Usage: group [option] group_name

Options:

-g: specify that GID; does not specify the GID+1 of the last added group by default

-r: create a system group

Groupmod: modify group properties groupmod [option] GROUP-g: modify GID;-n: modify group name; groupdel command: delete group groupdel [option] GROUPuseradd [option] login name-u,-- uid UID: specify UID;-g,-- gid GROUP: specify basic group ID, this group must exist in advance -G,-- groups GROUP1 [, GROUP2,... [, GROUPN]]: indicates the additional groups to which the user belongs, separated by commas;-c,-- comment COMMENT: indicates the comment information;-d,-- home HOME_DIR: takes the specified path as the user's home directory; this is achieved by copying / etc/skel this directory and renaming it If the specified home directory path exists in advance, the environment configuration file will not be copied for the user;-s,-- shell SHELL: specify the user's default shell, and all available shell lists are stored in the / etc/shells file;-r,-- system: create the system user Note: many default configuration files created by direct useradd default attributes are / etc/login.defs useradd-D: display the default configuration for creating users; useradd-D [options]: modify the value of the default options; the modified results are saved in the / etc/default/useradd file Usermod command: modify user attributes usermod [option] login-u,-- uid UID: modify the user's ID to the new UID;-g specified here,-- gid GROUP: modify the basic group to which the user belongs;-G,-- groups GROUP1 [, GROUP2,... [, GROUPN]: modify the additional group to which the user belongs; the original additional group will be overwritten -a,-- append: used with-G to append new additional groups to the user;-c,-- comment COMMENT: modify the comment information;-d,-- home HOME_DIR: modify the user's home directory; the user's original files will not be transferred to the new location -m,-- move-home: can only be used with the-d option to move the original home directory to a new home directory;-l,-- login NEW_LOGIN: modify the user name;-s,-- shell SHELL: modify the user's default shell;-L,-- lock: lock the user's password; that is, add a "!" before the user's original password string. -U,-- unlock: unlock the user's password; userdel command: delete the user userdel [option] login-r: delete the user's home directory when you delete the user

Passwd command:

Passwd [- k] [- l] [- u [- f]] [- d] [- e] [- n mindays] [- x maxdays] [- w warndays] [- I inactivedays] [- S] [--stdin] [username] (1) passwd: change the user's own password; (2) passwd USERNAME: change the password of the specified user, but only root has this permission;-l,-u: lock and unlock the user -d: clear the user password string;-e DATE: expiration period, date;-I DAYS: inactive period;-n DAYS: minimum password life;-x DAYS: maximum password life;-w DAYS: warning period;-- stdin: modify password echo "PASSWORD" with standard output | passwd-- stdin USERNAME

Gpasswd command:

Group password file: / etc/gshadow gpasswd [option] group-a USERNAME: add a user to the group-d USERNAME: remove the user from the group command: temporarily switch the specified group to the basic group; newgrp [-] [group] -: will simulate the user to re-log in to reinitialize their working environment Chage command: change user password expiration information chage [option] login-d-E-W-m-Mid command: display the user's true and valid ID; id [OPTION]. [USER]-u: show only valid UID;-g: show only user's basic group ID;-G: show only ID;-n of all groups to which the user belongs: show first name instead of ID Su command: switch user login switch: su-USERNAME su-l USERNAME non-login switch will be reinitialized by reading the configuration file of the target user: the configuration file of the target user will not be read to initialize su USERNAME Note: the administrator can switch to any other user without a password;-c 'COMMAND': runs the commands specified here only as the specified user

Rights Management:

File permissions fall into three categories:

Owner: that is, a user, this user's permissions on this file

Group: that is, a group, the permissions of users under this group on this file

Other: that is, the permissions of users other than the owner and group to this file

As mentioned earlier, the security context is that the permissions of a process to a file depend on the permissions of the initiating user, so what is his application model for file access permissions:

Whether the owner of the process is the same as the owner of the file; if so, the master permissions are applied

Otherwise, check whether the owner of the process belongs to the subordinate group of the file; if so, apply the group permissions

Otherwise, you can only apply the permissions of other

Permissions:

Let's just ls-l a file-rwxrw-r--. 1 root root first-indicates the permissions owned by the last 9 bits of the file type

-the representative does not have this permission. RWX represents an authority. The first root represents his owner, and the second represents his subordinate group.

Three left digits: define the permissions of user (owner)

Middle three: define the permissions of group

Three bits on the right: define the permissions of other

File permissions:

R:readable, read

W:writable, write

X:excutable, execution

Note: the file does not have execution permission by default, if the file is not an executable file, any user cannot have execution permission, otherwise an error may be reported!

Directory permissions:

R: you can use the ls command to get a list of all the files under it

W: you can modify the list of files in this directory; that is, create or delete files

X: you can cd to this directory and use ls-l to get detailed attribute information for all files.

These digits are fixed, and displaying letters means you have this permission, while displaying-it means no. For example, rw-r--r-- means that the owner has write and read permissions, belonging to groups and others only have read permissions.

Every three represents the permissions of a class of users rwx, because this is whether there is, so we can also use binary 0 for no, 1 for having a three-digit binary number. So we can use these three binary systems to express permissions in seven cases:-000 0-- x 001 1-w-010 2-wx 011 3 Rmuri-100 4 r Muir x 101 5 rw- 110 6 rwx 1117 combined with our three user types, for example, rw-rw-r-- can be tabulated. Shown as 660 rights management command: chmod command: chmod [OPTION]. MODE [, MODE]... FILE... Chmod [OPTION]... OCTAL-MODE FILE... Chmod [OPTION]... -- reference=RFILE FILE... Three types of users: U: owner g: genus group o: other a: all (1) chmod [OPTION]. MODE [, MODE]... FILE... MODE representation: weighting representation: directly manipulating the ownership limit of a class of users rwx; u = g = o = a = authorization representation: directly manipulating a permission bit of a class of users A-(2) chmod [OPTION]. OCTAL-MODE FILE... (3) chmod [OPTION]... -- reference=RFILE FILE... Options:-R,-- recursive: recursive modification Note: users can only modify the permissions of those files whose owner is their own; dependency management command: chown, chgrp chown command: chown [OPTION]. [OWNER] [: [GROUP]] FILE... Chown [OPTION]... -- reference=RFILE FILE... Option:-R: recursively modify chgrp command: chgrp [OPTION]. GROUP FILE... Chgrp [OPTION]... -- reference=RFILE FILE... Note: only administrators can modify the owners and groups of files; when we get here, we will find that we will want to say that creating a file or directory directly will have a permission. How does this permission come from? linux comes with a reverse mask of umask: file permissions. To create a file, you will use this mask to get the permissions of the file: the 666-umask directory: 777-umask files are subtracted by 666 because, as mentioned earlier, the silent person of the file cannot have the permission to execute; for example, 666-023 is equal to 643? Because there is no execute permission by default, the result will be added by 1 if there is execute permission in the result, so the previous command is 644; umask command: umask: view current umask umask MASK: set umask Note: this kind of setting is only valid for the current shell process.

The above is my understanding of the management rights of Linux users and groups. I just learned it. Please guide me if it is not well written.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.