11. Users, groups, and permissions (1)

1、Linux Security model

3A（authentication、authorization、accouting aduition）： authentication 、 to grant authorization 、 Audit

user

Linux Each user in is through User ID（UID） To represent only

Administrators root: uid by 0

Ordinary users ：1-60000 Automatically assigned

System users ：1-499（centos6） 1-999（centos7）  It is used for the daemon to obtain resources and allocate permissions

The logged in user ：500+（centos6） 1000+（centos7） Interactive login for ordinary users

User group

Linux You can add one or more users to a user group , User groups also have GID （group id）

Administrators group root：0

The normal group ：

System group ：1-499（centos6） 1-999（centos7）  It is used for the daemon to obtain resources and allocate permissions

The normal group ：500+（centos6） 1000+（centos7） For users

The relationship between users and groups

The primary group of users ： Users must belong to one and only one main group , By default, when creating a user, a group with the same name as the user name will be automatically created , As the primary group of users , Because there is only one user in this group , Also a private group ;

Additional group ： A user can belong to more than one additional group ;

Security context

Linux Security context context： Running program , Process , Run as the process initiator , The permission of a process to read resources depends on the identity of the process operator ;

2、 User and group profiles

User profile

/etc/passwd ( User information , primary unix System user passwords are stored here ） /etc/shadow（ Store user password related information ）

/etc/passwd File format

/etc/shadow File format

encryption algorithm ： It is generally used sha512, Algorithm of changing password ：authconfig --passalgo=sha256 --update

Random password generation ：

group File format

The name of the group     Group password group id    The current group has been added to the list of users

gshadow File format

The name of the group   Group password Group administrator list     List of users with the current group as an additional group ： Multiple users are separated by commas ;

File operations （pwck grpck）

Detect whether there are errors in user and group configuration files