Introduction to Linux
Linux development history
The Linux system was born in 1991 and was jointly developed by Finnish University Linus Torvalds and many enthusiasts who joined later. It is a branch of UNIX.
Linux is open source software, UNIX source code development
Linux Logo
Linux kernel version
Linux kernel official website: www.kernel.org
Kernel version description
2.6.8 (2 major version 6 minor version 8 last version)
The difference between the kernel version and the development version
The kernel version (dozens of M) is the foundation, and the development version adds its own desktop and applications to the kernel. That is to say, every company can develop the development version, but they all use the same kernel.
Major Linux distributions
The main difference is software installation, the others are basically the same
Open source software
Open source software features, most of the open source software is free, you can obtain the software source code (safe), you can freely spread, improve and even sell
Open source technology supporting the Internet
LAMP
Linux operating system
Apache web server
MySQL database
PHP programming language
Linux application
Linux-based enterprise server
www.netcraft.com (through this website we can inquire about the systems used by major web servers, sniff and step on points)
Embedded applications (mobile phones, tablets)
Movie Entertainment Industry A
Users and groups
User classification in Linux operating system
Ordinary users have lower permissions than administrators and can also log in to the system
root super administrator
User classification and group
/etc/passwd saves the information of all users in the operating system
root : x : 0 : 0 : root : /root : /bin/bash
HSP : x : 500 : 500 : : /home/HSP : /bin/bash
字段1:用户名称
字段2:密码占位符
字段3:用户的uid (0表示超级用户,500-60000表示普通用户,1-499表示程序用户)程序用户不允许登录系统
字段4:基本组的gid(先有组才有用户,先建立组再建立用户)
字段5:用户信息记录字段(这个字段基本上废弃了)
字段6:用户的家目录
字段7:用户登录系统后使用的命令解释器
/etc/shadow saves the user's password information
root:$6$Lx3szebY4fAW2wFq$nI19XWtQZosCU0yoCyD05Qw7AHSwfJi0uh27mrwVhmtWo1IcspLDIHaSDp1FLqxuwCvV27mE6wZqyha2q4JeC1:18673:0:99999:7:::
HSP:$6$N8BBW6c7uOPtmjZI$7o0ycutUSP/n7XgAPZ8WFdDrV8yRmTu6htR.qbk20z5AXWPXKq20XXCR4uGJPmkVkIzJNSyt0vXSYgnDVl0S31:18673:0:99999:7:::
字段1:用户名
字段2:用户密码加密后的字符串(sha加密)
字段3:距离1970年1月1日密码最近一次的修改时间(UNIX诞生时间)
字段4:密码的最短有效期(如果写3表示用户三天内不可以修改密码,0就是不限制)
字段5:密码的最长有效期(200多年,不建议这么长,建议设置为90天)
字段6:密码过期前7天警告
字段7:密码的不活跃期
字段8:用户的失效时间
/etc/group All group information in the system
Create and adjust user attributes
Note: Through the configuration of several scenarios, we learn and understand the establishment and adjustment of user attributes. In the
Linux operating system, there are groups before users, so we must first establish groups
1. Create a group named class1, the group id is 1000, and the group id of class2 is 2000
[root@Waffle Desktop]# groupadd class1 建立组
[root@Waffle Desktop]# cat /etc/group
class1:x:501:
[root@Waffle Desktop]# groupmod -g 1000 class1 对class1重新修改组id
[root@Waffle Desktop]# cat /etc/group
class1:x:1000:
[root@Waffle Desktop]# groupadd -g 2000 class2 新建class2,指定组id
class2:x:2000:
2. The establishment of a tom user requires that its basic group is class1 group, the additional group is class2 group, and the uid of the tom user is 600
Note: If you do not specify a basic group when creating a user, the system will directly specify a tom group
[root@Waffle Desktop]# useradd -g class1 tom 新建tom用户 这里写class1也行写1000也行
[root@Waffle Desktop]# id tom 观察tom用户当前信息
uid=501(tom) gid=1000(class1) groups=1000(class1)
[root@Waffle Desktop]# user 按tab后可以查看user开头的命令
useradd userdel userformat userhelper userinfo usermod usermount usernetctl userpasswd users
[root@Waffle Desktop]# usermod -G 2000 -u 600 tom 这里2000写class2也行 指定基本组是-g,-G是指定附加组 -u指定uid
[root@Waffle Desktop]# id tom
uid=600(tom) gid=1000(class1) groups=1000(class1),2000(class2)
3. Create a program with a user uid of 250 and a user named testuser without a home directory
. Features of the program user: unable to log in to the operating system and no home directory
[root@Waffle Desktop]# useradd -u 250 -M -s /sbin/nologin testuser
-M表示没有家目录
程序用户不能登录系统:-s /sbin/nologin(/sbin/nologin代表这个用户登录时使用的命令解释器,这个就是不允许登录的命令)
[root@Waffle Desktop]# id testuser
uid=250(testuser) gid=2001(testuser) groups=2001(testuser)
[root@Waffle Desktop]# su - testuser 验证不能登录系统
su: warning: cannot change directory to /home/testuser: No such file or directory
This account is currently not available.
[root@Waffle Desktop]# cd /home/ 验证没有家目录
[root@Waffle home]# ls
HSP tom
4. Set the password for the tom user to 123, and set the maximum validity period of the password to 90 days, and lock the user password so that it cannot log in to the system.
Note: Only the super administrator can set the password for the specified user
[root@Waffle home]# passwd tom
Changing password for user tom.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@Waffle home]# cat /etc/shadow 验证
testuser:!!:18683:0:99999:7:::
[root@Waffle home]# man chage
-M, --maxdays MAX_DAYS
Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the
current day, the user will be required to change his/her password before being able to use his/her account.
This occurrence can be planned for in advance by use of the -W option, which provides the user with advance
warning.
Passing the number -1 as MAX_DAYS will remove checking a password´s validity.
[root@Waffle home]# chage -M 90 tom -M后跟密码最长有效期
[root@Waffle home]# id tom
uid=600(tom) gid=1000(class1) groups=1000(class1),2000(class2)
[root@Waffle home]# passwd -S tom -S查看状态
tom PS 2021-02-25 0 90 7 -1 (Password set, SHA512 crypt.)
[root@Waffle Desktop]# passwd -l tom -l锁定tom用户
Locking password for user tom.
passwd: Success
[root@Waffle Desktop]# passwd -S tom
tom LK 2021-02-25 0 90 7 -1 (Password locked.)
[root@Waffle Desktop]# passwd -u tom -u表示unlock 解锁
Unlocking password for user tom.
passwd: Success
5. Delete tom user and testuser user, delete class1 group and class2 group
-r的目的是删除这个用户信息的时候连同它的家目录一块删,否则他不会删除它的家目录和它的文件
[root@Waffle Desktop]# userdel -r testuser
userdel: testuser home directory (/home/testuser) not found testuser本来就没有家目录
[root@Waffle Desktop]# user -r tom
bash: user: command not found
[root@Waffle Desktop]# userdel -r tom
[root@Waffle Desktop]# id tom
id: tom: No such user
[root@Waffle Desktop]# groupdel class1
[root@Waffle Desktop]# groupdel class2
Adjust file and directory permissions
Permission To whom the file or directory belongs, which group it belongs to, and what operations different users can perform on the file.
Now create two files in the tmp directory (one is a file and the other is a directory)
[root@Waffle Desktop]# vim /tmp/test.txt
[root@Waffle Desktop]# mkdir /tmp/testdir
[root@Waffle Desktop]# cd /tmp
[root@Waffle tmp]# ls
keyring-L37Uzg virtual-root.IpFBks vmware-fonts-2554.0
orbit-gdm virtual-root.qVMQEf vmware-root
orbit-root vmware-config-11898.0 vmware-root_1301-4248680502
pulse-BULfnWe2TdkQ vmware-config-22916.0 vmware-root_1646-591958445
pulse-M80xbZuu61w5 vmware-config-2554.0 vmware-root_22728-735758538
pulse-ponS681MlrXk VMwareDnD yum.log
testdir vmware-file-mod-11995.0
test.txt vmware-file-mod-1578.0
[root@Waffle tmp]# ls -l test.txt
-rw-r--r--. 1 root root 36 Feb 25 11:44 test.txt
[root@Waffle tmp]# ls -ld testdir 看目录要加d,因为目录没办法直接看它的权限,如果不加d是看它里面内容
drwxr-xr-x. 2 root root 4096 Feb 25 11:44 testdir
[root@Waffle tmp]#
文件:-rw-r--r--. 1(节点) root(所属者) root(所属组) test.txt(前面那个root是用户名,表示这个文件属于哪个用户,后面那个root是组名,表示这个文件属于哪个组)
目录:drwxr-xr-x. 2(文件中的子目录数) root root testdir
.表示这个文件只受到selinux文件程序管理
- rw- r-- r--
d rwx r-x r-x
Field 1: File type-indicates ordinary files d indicates directory l indicates symbolic link b indicates block device (such as hard disk)
Field 2: file owner's authority to the file
Field 3: file belongs to group authority
Field 4: other user's authority (Neither the owner of the file nor a user in the group to which the file belongs)
r | w | x | |
---|---|---|---|
file | read read the file | write to file | Executable permissions |
table of Contents | Can view catalog files | Can add or delete files | Can enter the catalog |
chmod modify permissions
chmod object arithmetic operator permissions file
Object: u (owner) g (belonging to the group) o (authority of other users) a (all)
Arithmetic operator:-+ =
Permission: rwx (read, write, execute)
Example: chmod or /tmp/test.txt
Change the file owner to tom and the group to tom group
chown chgrp
chown user file
chgrp group file
[root@Waffle tmp]# chmod o-r /tmp/test.txt
[root@Waffle tmp]# ll /tmp/test.txt
-rw-r-----. 1 root root 36 Feb 25 11:44 /tmp/test.txt
[root@Waffle tmp]# chown tom /tmp/test.txt
[root@Waffle tmp]# chgrp tom /tmp/test.txt
[root@Waffle tmp]# ll test.txt
-rw-r-----. 1 tom tom 36 Feb 25 11:44 test.txt
Octal weighting method:
rwx rw- r-- 764
rwxr----- 740
usage:
chmod 740 file name
Note: Just remember three, and add these three for the others.
0 | 000 | - - - |
1 | 001 | - - x |
2 | 010 | - w - |
3 | 011 | - w x |
4 | 100 | r - - |
5 | 101 | r - x |
6 | 110 | r w - |
7 | 111 | r w x |
Change the owner and group of the file (chown, chgrp)
chown user file
chgrp group file
Sticky bit, sgid permission, suid permission
The sticky bit assigns rights to the directory, and only the creator can delete the files created in the directory
创建tom和Jerry两个用户:
[root@Waffle Desktop]# useradd tom
[root@Waffle Desktop]# useradd jerry
创建文件夹并赋权:
[root@Waffle Desktop]# mkdir /tmp/test
[root@Waffle Desktop]# chmod 777 /tmp/test
[root@Waffle Desktop]# ll -d /tmp/test
drwxrwxrwx. 2 root root 4096 Feb 25 16:10 /tmp/test
切换到tom用户 在tmp目录的test文件夹下创建tom.txt文件:
[root@Waffle Desktop]# su tom
[tom@Waffle Desktop]$ cd /tmp/test
[tom@Waffle test]$ touch tom.txt
[tom@Waffle test]$ ll
total 0
-rw-rw-r--. 1 tom tom 0 Feb 25 16:11 tom.txt
[tom@Waffle test]$
登录Jerry用户,问这个文件Jerry能不能删?可以
[tom@Waffle test]$ exit
exit
[root@Waffle Desktop]# su jerry
[jerry@Waffle Desktop]$ cd /tmp/test
[jerry@Waffle test]$ ls
tom.txt
[jerry@Waffle test]$ touch jerry.txt
[jerry@Waffle test]$ ls
jerry.txt tom.txt
[jerry@Waffle test]$ rm -rf jerry.txt
[jerry@Waffle test]$ rm -rf tom.txt
[jerry@Waffle test]$ ls
赋粘滞位:针对目录赋权,目录中创建的文件只有创建者可以删除
[root@Waffle Desktop]# cd /tmp/
[root@Waffle tmp]# chmod o+t test
[root@Waffle tmp]# ll -d test
drwxrwxrwt. 2 root root 4096 Feb 25 16:16 test
[root@Waffle tmp]# su tom
[tom@Waffle tmp]$ cd test
[tom@Waffle test]$ touch tom.txt
[tom@Waffle test]$ exit
exit
[root@Waffle tmp]# su jerry
[jerry@Waffle tmp]$ cd test
[jerry@Waffle test]$ ls
tom.txt
[jerry@Waffle test]$ rm -rf tom.txt
rm: cannot remove `tom.txt': Operation not permitted
[jerry@Waffle test]$ touch jerry.txt
[jerry@Waffle test]$ ls
jerry.txt tom.txt
[jerry@Waffle test]$ rm -rf jerry.txt
[jerry@Waffle test]$
sgid's permissions for the creation of a directory, the group of files created in the directory inherits the group of the parent directory
[root@Waffle tmp]# chmod g+s test
[root@Waffle tmp]# ll -d test
drwxrwsrwt. 2 root root 4096 Feb 25 16:20 test
[root@Waffle tmp]# su tom
[tom@Waffle tmp]$ cd test
[tom@Waffle test]$ ls
tom.txt
[tom@Waffle test]$ rm -rf tom.txt
[tom@Waffle test]$ touch tom
[tom@Waffle test]$ ll
total 0
-rw-rw-r--. 1 tom root 0 Feb 25 16:26 tom
可以看到这个文件的所属组变成root(所属组会继承父目录的所属组)
suid is created for executable files. If a suid is established, the user who runs the process or the program will inherit the permissions of the owner of the file.
Whoever runs the modified file will have the permissions of the owner of the file.
[root@Waffle tmp]# su tom
[tom@Waffle tmp]$ cd /etc
[tom@Waffle etc]$ ll /etc/passwd
-rw-r--r--. 1 root root 1685 Feb 25 16:09 /etc/passwd (TOM能看passwd文件)
[tom@Waffle etc]$ ll /etc/shadow
----------. 1 root root 1092 Feb 25 16:09 /etc/shadow (什么权限都没有)
权限 限制不了超级管理员
[root@Waffle tmp]# which vim
/usr/bin/vim
[root@Waffle tmp]# ll /usr/bin/vim
-rwxr-xr-x. 1 root root 1847752 Apr 5 2012 /usr/bin/vim
[root@Waffle tmp]# chmod u+s /usr/bin/vim
[root@Waffle tmp]# ll /usr/bin/vim
-rwsr-xr-x. 1 root root 1847752 Apr 5 2012 /usr/bin/vim
[root@Waffle tmp]# su tom
[tom@Waffle tmp]$ vim /etc/shadow 查看后把waffle的密码删了,:wq!退出(虽然还是没什么权限,但他依靠root的权限完成了删除)
[tom@Waffle tmp]$ ll /etc/shadow
----------. 1 root root 986 Feb 25 16:42 /etc/shadow
[root@Waffle tmp]# ll -d test
drwxrwsrwt. 2 root root 4096 Feb 25 16:26 test
[root@Waffle tmp]# chmod g-s,o-t test 撤销粘滞位,suid,sgid的方法
[root@Waffle tmp]# ll -d test
drwxrwxrwx. 2 root root 4096 Feb 25 16:26 test
Security permissions
1. Requests to add new users are no longer allowed
/etc/group
/etc/passwd
/etc/shadow
/home/xxxx is
not allowed to change---lock
chattr +i file (just change +i to -i to unlock)
2、umask
0022
The highest authority of the directory 0777-0022=0755
The highest authority of the file is 666-002=644 (x is generally not given, so it is 666)
Why the directory in umask is 022 and the file is 002? The reason is in the following file, there is an if statement controlling it
/etc/profile /etc/bashrc
3. Modify the maximum validity period of the default password
vim /etc/login.defs