Shulou(Shulou.com)06/03 Report--

User categories are divided into: ordinary users, system users, login users

User ID: UserID, UID is the 16bits binary number: 0-65535

Administrator: 0

Ordinary user: 0-65536

System users:

1-499 (CentOS6)

1-999 (CentOS7)

Login users:

500-60000 (CentOS6)

1000-60000 (CentOS7)

Name resolution: Username UID

Name resolution is converted according to name resolution library / etc/passwd

Group categories can be divided into:

Group category 1: administrator group, ordinary user group, system group, login group

Group ID: GroupID, GID, like UID, 16bits binary number: 0-65535

Administrators group: 0

General user group: 1-65535

System user groups:

1-499 (CentOS6)

1-999 (CentOS7)

Login user group:

500-60000 (CentOS6)

1000-60000 (CentOS7)

Name resolution: groupname GID

Name resolution is converted according to name resolution library / etc/group

Group Category 2: basic groups of users, additional groups of users

Group Category 3:

Private group: the group name is the same as the user name and contains only one user

Public groups: groups contain multiple users

Authentication information:

By comparing the previously stored password, whether it is consistent with the information provided at login:

/ etc/shadow

/ etc/gshadow

Password usage policy:

Use random passwords; the minimum length should not be less than 8 digits; use at least three of the four types of characters: uppercase letters, lowercase letters, numbers and punctuation; change them regularly

Encryption algorithm:

Symmetric encryption: encrypt and decrypt using the same password

Asymmetric encryption: a pair of keys used for encryption and decryption

Public key: public key for encryption

Private key: private key for decryption

One-way encryption: can only be encrypted, not decrypted; extract data signature

Fixed length output; avalanche effect

Algorithm:

Md5: message digest, 128bits

Sha1: secure hash algorithm

Sha224

Sha256

Sha385

Sha512

Add salt at the time of calculation, and add a random number to prevent the same value after setting the same password encryption.

/ etc/passwd: user's information base

[username]: [x]: [UID]: [GID]: [Comment]: [Home directory]: [Default shell]

Name: user name

Password: it can be an encrypted password or a placeholder x

UID: user ID

GID: the ID number of the primary group to which the user belongs

GECOS: comment information

Home directory: user's home directory

Shell: default shell program when a user logs in

/ etc/shadow: user password

User1:$6 $3RsDhRkdoubDfEsAv0LroomdzlsVlqL.vxHU2wMVX8LBdfoE5WrQatxjRXIAg2uFqfaq8ckctZAF3zN4QmDGKfsaJlknW19FytckyiOnrl21V18234WWYTnckyiOnrl21VU2wMVX8LBdfoE5WrQxjRXIAg2uFqfaq8ckctZAF3zN4QmDGKfsaJlknW19FytnckyiOnrl21U18234WU099997WV:

User name: encrypted password: time when the password was last modified: minimum useful life: maximum useful life: warning period: expiration period: reserved field

$6 $: indicates the encryption algorithm

When id is 1, md5 algorithm is used to encrypt.

When id is 5, use SHA256 algorithm to encrypt

When id is 6, SHA512 algorithm is used to encrypt.

Salt is a random offset value, which is an interference value for hash of passwords.

Encrypted is a hash value

$3RsDhRkbind DfEsAv0L$: offset value of salt, hash

/ etc/group: the information base of the group

Group_name: password: GID: user_list

User_list: user member of this group: a list of users with this group as an additional group

Security context:

The process runs as its initiator

The process's access to the file depends on the user rights that initiated the process

System users: in order to enable those background processes or service processes to run as non-administrators, it is usually necessary to create multiple ordinary users who never log on to the system.

Groupadd: add group

Groupadd [options] group

-g GID: specify GID. Default is the GID+1 of the previous group.

-r: create a system group

Groupmod: modify group properties

Groupmod [options] GROUP

-g GID: modify GID

[root@server1] # tail / etc/group

Newgrp:x:1007:

[root@server1] # groupmod-g 1005 newgrp

[root@server1c] # tail / etc/group

Newgrp:x:1005:

-n new_name: modify the group name

[root@server1] # groupadd oldgrp

[root@server1] # groupmod-n newgrp oldgrp

Groupdel: deleting a group

Groupdel [options] GROUP

Useradd: creating user

Adduser: create a user (actually pointing to the useradd command)

[root@server1] # file which adduser

/ usr/sbin/adduser: symbolic link to `useradd'

Useradd [options] LOGIN

-u,-- uid UID: specify that UID; will automatically create the same GID as UID

-g,-- gid GID: specify the basic GID. This group must exist in advance and does not use the default GID.

-G,-- groups GROUP1 GROUP2... Indicates the additional group to which the user belongs. Multiple groups are separated by commas

[root@server1] # useradd-G eng,fin leo

[root@server1] # tail-3 / etc/group

Eng:x:1013:leo

Fin:x:1014:leo

Leo:x:1015:

-c,-- comment COMMENT: indicates the comment information

-d,-- home HOME_DIR: take the specified path as the user's home directory, which is achieved by copying / etc/skel this directory and renaming it; if the specified home directory path exists in advance, the environment configuration file will not be copied for the user

-s,-- shell SHELL: specifies the default shell of the user, and all available shell lists are stored in the / etc/shells file

-r,-- system: create a system user

-m,-- create-home:

-M,-- no-user-group: do not create that home directory for users

-f,-- inactive: set the expiration period for users

Note: many default configuration files when creating users are / etc/login.defs

-D:

Useradd-D displays the default configuration when creating a user

Useradd-D option: modify the default configuration when the user is created; the modified value is saved in the / etc/default/useradd file

[root@server1] # useradd-D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/bash

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

[root@server1] # useradd-D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/bash

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

[root@server1] # useradd-D-d / tmp

[root@server1] # useradd-D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/csh

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

Usermod: modify user attributes:

Usermod [options] LOGIN

-u,-- uid UID: modify the user's ID to the new UID specified here

-g,-- gid GROUP: modify the basic group to which the user belongs

-G,-- groups GROUP1 [, GROUP2,... [, GROUPN]]: modify the additional group to which the user belongs; the original additional group will be overwritten

-amam Meltel append: used together with-G to append new additional groups for users

-c,-- comment COMMENT: repair comment information

-d,-- home HOME_DIR: modify the user's home directory; the original files of the user will not be transferred to the new location

-m,-- move-home: can only be used with the-d option to move the original home directory to the new home directory

-l,-- login NEW_LOGIN: modify the user name

-s,-- shell SHELL: modify the user's default shell

-L,-- lock: lock the user's password, that is, add a "!" before the user's original password string.

-U,-- unlock: unlock the user's password

Userdel: deleting a user

Userdel [options] LOGIN

-r: when a user is deleted, his or her home directory is also deleted. It is not deleted by default.

Passwd: password management

Passwd [- k] [- l] [- u [- f]] [- d] [- e] [- n mindays] [- x maxdays] [- w warndays] [- I inactivedays] [- S] [--stdin] [username]

Passwd: modify the user's own password; passwd USERNAME: modify the password of the specified user, but only root has this permission

-l,-u: lock and unlock users

-d,-- delete: delete user name password

-e: expiration period, date

-I DAYS: period of inactivity; (time range)

-n DAYS: the minimum life of the password

-x DAYS: the maximum life of the password

-w DAYS: warning period

-- stdin:

[root@server1] # echo "gentoo" | passwd-- stdin gentoo & > / dev/null (output is not displayed)

Root@server1] # echo "gentoo" | passwd-- stdin gentoo

Changing password for user gentoo.

Passwd: all authentication tokens updated successfully.

Gpasswd: group password management:

Group password file: / etc/gshadow

Gpasswd [option] group

-a USERNAME: add users to the group

-d USERNAME: removes a user from a group

Netgrp: temporarily switch the specified group as the basic group; the user must already belong to the group to be switched

Newgrp [-] [group]

-: will simulate the user's re-login to reinitialize their work environment

Chage command:

Chage [options] LOGIN

[root@server1] # chage sindy

Changing the aging information for sindy

Enter the new value, or press ENTER for the default

Minimum Password Age [0]:

Maximum Password Age [99999]:

Last Password Change (YYYY-MM-DD) [2020-03-01]:

Password Expiration Warning [7]:

Password Inactive [- 1]:

Account Expiration Date (YYYY-MM-DD) [- 1]:

Id command: displays the user's real and valid ID

Id [OPTION]... [USER]

-u: show only valid ID

-g: displays only the user's basic group ID

-G: show only all groups ID to which the user belongs

-n: displays the first name instead of ID

Su command: switch user switching user

Login switch: reinitializes by rereading the user's configuration file

Su-USERNAME

Su-l USERNAME

Non-login switch: the target user's environment profile will not be read for initialization

Su USERNAME

Note: the administrator can switch to any other user without a password; other users must enter the password of the target user when switching

-c 'COMMAND': runs the commands specified here only as the specified user

Rights Management:

Rwxrwxrwx:

Three left digits: define the permissions of user (owner)

Middle three: define the permissions of group

Three bits on the right: define the permissions of other

Permissions:

R: readable, read

W:writable, write

X:excutable, execution

File:

R: the data content of the file can be obtained

W: the data of the file can be modified

X: you can run this file as a process

Table of contents:

R: you can use the ls command to get a list of all the files under it

W: you can modify the list of files in this directory, that is, create or delete files

X: you can cd to this directory, and you can use ls-l to get detailed attribute information of all files

Mode: rwxrwxrwx

Ownership: user, group

Permission combination mechanism:

-000 0

-- x 001 1

-W010 2

-wx 011 3

Rmurf-100 4

Rmurx 101 5

Rw- 110 6

Rwx 111 7

Rights management commands:

Three types of users:

U: owner

G: belonging to group

O: other

A: all

Chmod [OPTION]... MODE [, MODE]... FILE...

MODE representation:

Weighted representation:

U =

G =

O =

A =

Chmod u=rwx, g=rw, otakr FILE

Authorization representation: a limitation that directly manipulates a class of users:

Upright dint u-

Gongzhengjiao g-

Ooh, dint, o-

A-a-a-

Chmod Usingr, Odysr FILE or chmod ug+r FILE

Chmod [OPTION]... OCTAL-MODE FILE...

Octal weight limit:

Chmod 660 FILE

Chmod [OPTION]... -reference=RFILE FILE...

Reference permissions:

Chmod-- reference=refile FILE (refer to the permissions of the refile file and grant FILE).

Options:

-R,-- recursive: recursive modification (used in authorization notation, not recommended by other methods)

Dependency management commands: chown, chgrp

Chown command: modify a master group

Chown [OPTION]... [OWNER] [: [GROUP]] FILE...

Chown [OPTION]... -- reference=RFILE FILE...

Options:

-R, recursive modification

Chgrp command: modify attribute group (same as chown)

Note: only administrators can use the

Umask: the permission reverse mask of the file, mask code:

File:

666-umask

Table of contents:

777-umask

Note: the reason why the file is subtracted by 666 means that the file cannot have execution permission by default. If there is execution permission in, it needs to be added by 1.

Umask: 023

666-023,644

777-02300754

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.