Introduction to Linux
Article Directory
- Introduction to Linux
-
- One, the concept of users and groups
- Second, configuration files related to Linux users and groups.
-
- 1. Description of each configuration file
- 2. Password complexity requirements.
- 3. Management commands related to users and groups; (Operation and maintenance standard use, mail records, avoid risks.)
-
- 3.1, user management
- 3.2, user delete command userdel
- 3.3, view the information command ID of the user account
- 3.4, user modification command usermod (modify) modify user account attributes command
- 3.5, switch user command su
- 3.6, password management command -passwd
- 3.7, the password generation tool openssl
- 3.8 Group Management
- 4. Command usage practice;
One, the concept of users and groups
1. What are users and groups.
- The purpose of users is to achieve resource allocation.
- Authentication: Authentication
- Authorization: authorization
- Accouting: Audit
2. User classification
- Linux users are divided into two types: administrators and ordinary users:
Administrator user ID: 0
Ordinary user user ID 1-65535
---------------- Ordinary users are divided into system users and login users:
--------- ---------System user: 1-999 The user who completes the authorization assignment for the daemon process to obtain system resources.
------------------Login users: 1000-60000 are users who complete interactive login.
- Uid user ID
- Gid group ID
3. Linux security context
- Running program: process:
**Run as the process initiator: root: cat;--------------user: cat-------------all the
processes can access Resources and permissions depend on the identity of the initiator of the process,
- Linux completes the assignment of user permissions through the concept of security context.
First determine whether the user is the owner of a certain file,
determine whether the user belongs to a certain group, and
finally locate it as another user.
4. Linux user group category.
User group category | characteristic |
---|---|
Private group | When creating a user, if there is no group to which it belongs, the system will automatically create a group with the same name as the user |
Basic group | User's default group |
Additional group (extra group) | Groups other than the default group (additional groups called users that may belong to the tasks of this group and take into account the work of other groups) |
Second, configuration files related to Linux users and groups.
1. Description of each configuration file
Configuration file | effect |
---|---|
/etc/passwd | User and attribute information (name, uid, basic group id waiting) |
/etc/group | Group and its attribute information |
/etc/shadow | User password and related attributes |
/etc/gshadow | Group password and its related attributes, used when users perform basic group switching |
File field
Configuration file | /etc/passwd | /etc/group |
---|---|---|
First field | username | group name |
Second field | Password placeholder | Group password |
Third field | Uid | Guide |
Fourth field | Guide | User list with current group as additional group (separator is a comma) |
Fifth field | User's description information | |
Sixth field | User Home Directory | |
Seventh field | User login shell |
Configuration file | /etc/shadow |
---|---|
First field | Login name |
Second field | The encrypted password (!!) represents the space-time password. |
Third field | Date of the last password change |
Fourth field | Minimum password lifetime |
Fifth field | Maximum password lifetime |
Sixth field | Password warning time period |
Seventh field | Password disable it (before the disablement is a buffer period. And notify the user that the password is about to be disabled. The administrator can unlock it) |
Eighth field | The expiration date of the account (after this date, it will enter the buffer period. You must change the password for login in the buffer period) |
Ninth field | reserved text |
Available means
already successfully installed and mounted successfully:
- Change the user's password;
change the user's password:
[root@Eryuege ~]# echo'redhat'|passwd --stdin admin
Change the user admin's password.
passwd: All authentication tokens have been successfully updated.
The timestamp is from the time the system was created to the current time. Some authentication tokens have been successfully updated.
2. Password complexity requirements.
- Password complexity strategy:
-Use at least 3 of numbers, uppercase letters, lowercase letters and special characters
-Long enough
-Use random passwords, do not use meaningful words or numbers
-Change regularly, do not use passwords that have been used recently
3. Management commands related to users and groups; (Operation and maintenance standard use, mail records, avoid risks.)
3.1, user management
- 3.1.1 User creation command
Useradd //Syntax: useradd [option] USERNAME
-u UID | //Defined in the /etc/login.defs file |
---|---|
-g GID | //Specify the basic group that the user belongs to, which can be a group name |
-G groupname,… | //Additional groups, there can be multiple, separated by commas, group groupname must exist in advance |
-d /path/to/directory | //Specify the home directory of username 1. This directory must not exist in advance, otherwise it will not be copied from /etc/skel |
-s shell | //The shell here is best to use the shell in /etc/shell |
-M | //Do not create a home directory for the user when creating |
-r | Add a system user |
-D | //Print the contents of the /etc/defult/useradd file directly or cooperate with other options |
3.2, user delete command userdel
-r Delete the user's home directory at the same time.
3.3, view the information command ID of the user account
- id //View user account attribute information.
-u //View UID
-g //View GID-G //View Groups
3.4, user modification command usermod (modify) modify user account attributes command
- Syntax usermod [option] username
-u | UID |
---|---|
-g | GID |
-a -G | Groupname //Not using the -a option will overwrite the previous additional group |
-d -m | While changing the user's home directory, move the files in the original home directory to the new home directory |
-e YYYY-MM-DD | Specify the date when the user account expires. |
-f | Set inactivity period |
-L | Locked account |
-U | Unlock account |
-s SHELL | Modify the user's default shell |
3.5, switch user command su
- 使用方法
root su 至其他用户不需要密码,非root用户su至其他用户需要输入目标用户的密码;
语法 su {option} - user
-c //切换身份执行命令,命令执行结束后又回到原来的身份。
切换方式 | 特点 |
---|---|
su username | 非登陆式切换,即不会读取目标用户的配置文件 |
su - username | 登陆式切换,即会读取目标用户的配置文件,完全切换 |
su - | 不指定用户时默认切换至root用户 |
bash的配置文件:
配置文件类型 | 配置文件路径 |
---|---|
全局配置 | /etc/profile --------- /etc/profile.d/*.sh-----------/etc/bashrc |
个人配置 | ~/.bash_profile--------/.bashrc |
profile类 | 为交互式登陆的shell提供配置,用来设定环境变量,运行命令或脚本 |
bashrc类 | 为非交互式登陆的shell提供配置,用来设定本地变量,定义命令别名 |
- 登陆shell的配置文件读取顺序
登陆时shell如何读取配置文件?
/etc/profile ->/etc/profile.d/.sh ->~/.bash_profile->/.bashrc->/etc/bashrc
非登陆式shell如何读取配置文件
~/。bashrc ->/etc/bashrc ->/etc/profile.d/.sh
3.6,密码管理命令-passwd
- 语法:passwd [option] [USERNAME]
—stdin //从标准输入获取用户密码,例如:echo ‘redhat’ /passwd --stdin [username]
-l | //锁定用户 |
---|---|
-u | //解锁用户 |
-d | //删除用户密码 |
-n minddays | 指定最短使用期限 |
-x maxdays | //指定最长使用期限 |
-w warndays | //提前多少天开始警告 |
-l inactivedays | //非活动期限,密码过期后到禁用前的这段缓冲期时间 |
-f | 强制解锁空密码用户 |
3.7,密码生成工具openssl
- **语法:openssl command [command_opts] [command_args]
Command | //包含标准的命令,消息摘要命令,加密命令 |
---|---|
Version | /查看程序版本号 |
Dgst | //提取特征码 |
Passwd | //生成密码 |
rand | 生成伪随机数 |
1,提取特征码(把一个md5值当作密码)
[root@Eryuege /]# openssl dgst -md5 /etc/fstab
MD5(/etc/fstab)= 602457f7f2024163d092ffeccac97243
2,生成密码 openssl passwd -1(数字1) salt string(生成密码的参数) //string一般为8位;
[root@Eryuege /]# openssl passwd -1 salt string
1 1 1JpFwvLt9$p7F/ZIxcvOvvrH64zBr2z/
1 1 1nYsCL08G$bTd2Xh6y.PgblYEQhbXBG/
3,生成随机数 openssl rand -base64 NUM(随机数的长度)
[root@Eryuege ~]# openssl rand -base64 20
VS2ck5IzTJWwOqxdkaKRio72C9I=
3.8 组管理
- Groupadd 创建组命令:
Syntax: groupadd [options] [Group]
-g GID: //Specify GID
-r: //Add a system group-
- Delete group command griyodel
Syntax: Groupdel [option] GROUP When
deleting a group
4. Command usage practice;
- 1. Log in to xshell;
- 2. Create a user wangqing, additional groups are taoist and tianzun, the default shell is /bin/csh, and the comment information is "wu liang tian zun"
[root@Eryuege home]# useradd wangqing -G taoist,tianzun -s /bin/csh -c “wu liang tian zun”
[
root@Eryuege home]# id wangqing
uid=2001(wangqing) gid=2003(wangqing) group =2003(wangqing),2001(taoist),2002(tianzun)
[root@Eryuege home]# tail /etc/passwd
pesign:x:970:970:Group for the pesign signing daemon:/var/run/pesign:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
rngd:x:969:969:Random Number Generator Daemon:/var/lib/rngd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:968:968:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
admin:x:1000:1000:Admin:/home/admin:/bin/bash
wanghaixin:x:1001:1001::/home/wanghaixin:/bin/bash
james:x:2000:2000::/home/james:/bin/bash
wangqing:x:2001:2003:wu liang tian zun:/home/wangqing:/bin/csh
[root@Eryuege home]# tail -1 /etc/shadow
wangqing:!!:18554:0:99999:7:::