Users, groups and permissions management:
Linux system is a multi-user, multi-tasking system, its limited resources but may have many users
Each user has
User ID and password (authentication means)
Authentication: Authentication mechanisms, by some recognition technology, which is associated with a user on the system identification procedure table
Authorization: Authorization Mechanism
Audition: audit
Groups, i.e. groups or users of the container, easy to implement user assign permissions
Categories of users: Administrator
general user:
system user
Login User
User ID: UserID, UID, usually 16bits binary numbers are identified, i.e., represents the range 0-65535 (general default to only 60,000)
Administrator: 0
Average user: 1-65635
System users: 1-499 (CentOS6), 1-999 (CentOS7)
Login User: 500-60000 (CentOS6), 1000-60000 (CentOS7)
Name resolution: the names conversion, the conversion between the Username and the UID, according to the library name resolution, name resolution library path: / etc / the passwd
Group Category:
1 classification:
Administrators group
Ordinary User Group:
System User Group
Login User Group
Group identifier: GroupID, GID
Administrators group: 0
Ordinary User Group: 1-65635
User group: 1-499 (CentOS6), 1-999 (CentOS7)
Login User Group: 500-60000 (CentOS6), 1000-60000 (CentOS7)
Name Resolution: conversion between the group name and GID, parsing library address: / etc / Group
2 classification:
The basic user group
Additional groups of users
3 classification:
Private groups: group name with the user name, and contains only a user;
Public group: Group comprising a plurality of users;
Certification Information:
By comparing previously stored, the information provided is consistent with the login;
password: user password storage path: / etc / Shadow
Group password storage path: / etc / gshadow
Password usage policy:
1, using a random password;
2, the shortest length of not less than 8;
3, using uppercase letters, lowercase letters, numbers, and punctuation characters in four categories at least three;
4, regular replacement;
Encryption Algorithm:
Symmetric encryption: encryption and decryption using the same password;
Asymmetric encryption: encryption and one decryption key pair of children in;
Key for children are divided into:
Private: private key
Using public key cryptography using the private key can only be decrypted corresponding thereto, and vice versa
Way encryption: extract data signature;
Features: encryption only, can not be decrypted;
Fixed-length output, i.e., regardless of how much data, output from the fixed length signature
Huge avalanche effect change, that smile will cause changes in the raw data results of
the algorithm:
MD5: the Message Digest, 128bits (1)
sha:secure hash algorithm, 160bits(2)
sha224:224bits(3)
sha256:256bits(4)
sha384:384bits(5)
sha512:512bits(6)
Salt in the calculation of the addition, the random number is added to avoid the case of the same password
User repository path: / etc / passwd
Parsing format: name: password: UID: GID: GECOS: directory: shell
name: Username
password: password may be encrypted, but also a placeholder x, x corresponding to the description can be found in / etc / shadow appears encrypted password
UID:
GID: ID number of the main groups the user belongs;
GECOS: An optional value annotations
directory: the user's home directory;
shell: the user's default shell, default shell when logging;
User password Path: etc / Shadow
Format Analysis: Username: encrypted password: last modification time passwords: minimum period of use: maximum age: warning period segment: the expiration period: reserved field
lightingsui:$6$/TO.4RD8$ZCaFowCUM6IWbrA7YR.pQhbp2bV3zPWk1ZeKmt8UUyXBEMAvueTa8pcBJjFo1N8UTgzgrMZhJRozwkekj8lYa/:18182:0:99999:7:::
$ 6 $: indication of the encryption algorithm, the algorithm ID corresponding to the above-described
$ / TO.4RD8 $: represents a random number added
/TO.4RD8$ZCaFowCUM6IWbrA7YR.pQhbp2bV3zPWk1ZeKmt8UUyXBEMAvueTa8pcBJjFo1N8UTgzgrMZhJRozwkekj8lYa/: represents the encrypted string
Path group information database: / etc / Group
Parsing format: group_name: password: GID: user_list
user_list: user members of the group; this group of users with a list of additional groups of users;