Authority management:
ls -l
rwxrwxrwx:
The left three: defining user(owner) permissions
The middle three: define the rights of group;
The right three: the right to define otherProcess security context:
Application model of process access rights to files:
Whether the ownership of a process is the same as that of a document, and if the ownership is the same, the application of the ownership limits;
Otherwise, check whether the owner of the process belongs to the group of files; if so, apply the group permission;
Otherwise, you can only apply other's rights.Jurisdiction:
r: readable, read
w: writable, write
x: excutable,implementDocument:
r: Accessible file data;
w: Modifiable file data;
x: You can run this file as a process.Catalog:
r: May use ls Command to get a list of all the files below it;
w: You can modify the list of files in this directory; that is, create or delete files;
x: can cd Up to this directory, and available ls -l To obtain detailed attribute information for all files;
mode: rwxrwxrwx
ownership: user, groupPermission combination mechanism:
--- 000 0
--x 001 1
-w- 010 2
-wx 011 3
r-- 100 4
r-x 101 5
rw- 110 6
rwx 111 7Privilege management commands:
The chmod command:
chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...Three categories of users:
u: Belong to
g: Generic group
o: Other
a: All(1) chmod [OPTION]... MODE[,MODE]... FILE...
MODE Representation:
//Empowerment representation: direct operation of ownership permission rwx for a class of users;
u=
g=
o=
a=
//Authorization Representation: directly manipulate a privilege bit r,w,x of a class of users;
u+, u-
g+, g-
o+, o-
a+, a-(2) chmod [OPTION]... OCTAL-MODE FILE...
(3) chmod [OPTION]... --reference=RFILE FILE...
Options:
- R, --recursive: recursive modification
Note: Users can only modify the permissions of their own files.
Subordinate relationship management commands: chown, chgrpThe chown command:
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...
Options:
- R: Recursive modificationThe chgrp command:
chgrp [OPTION]... GROUP FILE...
chgrp [OPTION]... --reference=RFILE FILE...
Note: Administrators can only modify the owner and owner groups of files.Practice:
1. Copy / etc/skel directory as / home/tuser1, requiring / home/tuser1 and its internal file subgroup and other users to have no access rights;
cp -r /etc/skel /home/tuser1 [root@Pikachu ~]# cp -r /etc/skel /home/tuser1 [root@Pikachu ~]# ll /home/ total 4 drwx------. 15 PIkachu PIkachu 4096 Oct 6 14:57 PIkachu drwx------ 3 60606 50103 78 Oct 15 00:03 PIP2 drwx------ 3 60000 60000 78 Oct 15 00:04 PIP6 drwx------ 3 60001 1001 78 Oct 15 00:04 PIP61 drwx------ 3 50100 50100 78 Oct 15 00:01 PIPI drwx------ 3 60100 50101 78 Oct 15 00:01 PIPI2 drwx------ 3 60500 50102 78 Oct 15 00:02 PIPI3 drwxr-xr-x 3 root root 78 Oct 21 21:54 tuser1
2. Edit / etc/group file and add group hadoop;
[root@Pikachu ~]# vim /etc/group
On the last line, press i to enter editing mode, and enter: hadoop:x:1004
Press esc to enter command line mode
wq Enter Keyboard Save Exit
[root@Pikachu ~]# grep hadoop /etc/group
hadoop:x:10043. Manually edit a new line of / etc/passwd file and add user hadoop. Its basic group ID is the ID number of Hadoop group and its home directory is / home/hadoop.
[root@Pikachu ~]# vim /etc/passwd
In the last line, press i to enter editing mode, and enter: hadoop: x: 1004: 1004:/ home / hadoop:/ bin / Bash
Press esc to enter command line mode
wq Enter Keyboard Save Exit
[root@Pikachu ~]# grep hadoop /etc/passwd
hadoop:x:1004:1004::/home/hadoop:/bin/bash4. Copy the / etc/skel directory as / home/hadoop, requiring that the subgroup and other users of the Hadoop directory be modified without any access rights;
cp -rv /etc/skel /home/hadoop
[root@Pikachu ~]# cp -rv /etc/skel /home/hadoop
'/etc/skel' -> '/home/hadoop'
'/etc/skel/.mozilla' -> '/home/hadoop/.mozilla'
'/etc/skel/.mozilla/extensions' -> '/home/hadoop/.mozilla/extensions'
'/etc/skel/.mozilla/plugins' -> '/home/hadoop/.mozilla/plugins'
'/etc/skel/.bash_logout' -> '/home/hadoop/.bash_logout'
'/etc/skel/.bash_profile' -> '/home/hadoop/.bash_profile'
'/etc/skel/.bashrc' -> '/home/hadoop/.bashrc'
[root@Pikachu ~]# chmod -R 700 /home/hadoop
[root@Pikachu ~]# ll -d /home/hadoop
drwx------ 3 root root 78 Oct 21 22:06 /home/hadoop5. To modify the / home/hadoop directory and all its internal files, the owner is Hadoop and the subgroup is hadoop.
[root@Pikachu ~]# chown -R hadoop:hadoop /home/hadoop
[root@Pikachu ~]# ll -d /home/hadoop
drwx------ 3 hadoop hadoop 78 Oct 21 22:06 /home/hadoop6. Display lines in / proc/meminfo file beginning with capitals or lowercase S; in two ways;
[root@Pikachu ~]# grep "^[Ss]" /proc/meminfo;grep -i "^s" /proc/meminfo
grep: /proc/meminfo;grep: No such file or directory
grep: ^s: No such file or directory
/proc/meminfo:SwapCached: 0 kB
/proc/meminfo:SwapTotal: 2097148 kB
/proc/meminfo:SwapFree: 2097148 kB
/proc/meminfo:Shmem: 8624 kB
/proc/meminfo:Slab: 67024 kB
/proc/meminfo:SReclaimable: 28804 kB
/proc/meminfo:SUnreclaim: 38220 kB7. Display users whose default shell is non/sbin/nologin/etc/passwd file;
[root@Pikachu ~]# grep -v "nologin$" /etc/passwd | cut -d: -f1
root
sync
shutdown
halt
PIkachu
hadoop8. Display the user whose default shell is / bin/bash in / etc/passwd file;
[root@Pikachu ~]# grep "bash$" /etc/passwd | cut -d: -f1
root
PIkachu
hadoop9. Find one or two digits in the / etc/passwd file.
[root@Pikachu ~]# grep "\<[[:digit:]]\{1,2\}\>" /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/var/lib/oprofile:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin10. Display rows in/boot/grub/grub.conf that begin with at least one blank character;
[root@Pikachu ~]# grep "^[[:space:]]\+" /boot/grub2/grub.cfg
load_env
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
set default="${saved_entry}"
menuentry_id_option="--id"
menuentry_id_option=""
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
set timeout_style=menu
set timeout=5
set timeout=5
source ${prefix}/user.cfg
if [ -n "${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root ${GRUB2_PASSWORD}
fi
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 6b2e77e3-4807-44d4-a573-1384c6450398
else
search --no-floppy --fs-uuid --set=root 6b2e77e3-4807-44d4-a573-1384c6450398
fi
linux16 /vmlinuz-3.10.0-862.14.4.el7.x86_64 root=/dev/mapper/centos-root ro rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=en_US.UTF-8
initrd16 /initramfs-3.10.0-862.14.4.el7.x86_64.img
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 6b2e77e3-4807-44d4-a573-1384c6450398
else
search --no-floppy --fs-uuid --set=root 6b2e77e3-4807-44d4-a573-1384c6450398
fi
linux16 /vmlinuz-3.10.0-862.el7.x86_64 root=/dev/mapper/centos-root ro rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=en_US.UTF-8
initrd16 /initramfs-3.10.0-862.el7.x86_64.img
load_video
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' 6b2e77e3-4807-44d4-a573-1384c6450398
else
search --no-floppy --fs-uuid --set=root 6b2e77e3-4807-44d4-a573-1384c6450398
fi
linux16 /vmlinuz-0-rescue-0e35b7e6076043e5aa5f60894ef1010b root=/dev/mapper/centos-root ro rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet
initrd16 /initramfs-0-rescue-0e35b7e6076043e5aa5f60894ef1010b.img
source ${config_directory}/custom.cfg
source $prefix/custom.cfg;11. Display at least one blank character followed by at least one line of non-blank character in / etc/rc.d/rc.sysinit file beginning with #;
[root@Pikachu ~]# grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.local
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.12. Type out the line with `LISTEN'in the execution result of the netstat-tan command, followed by a blank character.
[root@Pikachu ~]# netstat -tan | grep "LISTEN[[:space:]]*$"
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN 13. Add users bash, testbash, basher, nologin (the shell of this user is / sbin/nologin), and then find out the information of users whose user name is the same as the default shell on the current system;
[root@Pikachu ~]# useradd bash
[root@Pikachu ~]# useradd testbash
[root@Pikachu ~]# useradd basher
[root@Pikachu ~]# useradd -s /sbin/nologin nologin
[root@Pikachu ~]# grep "\(^[^:]\+\>\).*\1$" /etc/passwd
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
bash:x:1005:1005::/home/bash:/bin/bash
nologin:x:1008:1008::/home/nologin:/sbin/nologin