Getting Started with Linux Commands: Basics of System Security Commands

◆ Installation and login: login, shutdown, halt, reboot, install, mount, umount, chsh, exit, last

◆ File processing: file, mkdir, grep, dd, find, mv, ls , diff, cat, ln

◆ System Management: df, top, free, quota, at, lp, adduser, groupadd, kill, crontab

◆ Network operation: ifconfig, ip, ping , netstat, telnet, ftp, route, rlogin, rcp, finger, mail, nslookup

◆ System security: passwd, su, umask, chgrp, chmod, chown, chattr, sudo ps, who

◆ Other commands: tar, unzip, gunzip, unarj, mtools, man, unendcode, uudecode

———————————&mdash ;———————————————————

passwd

1. The passwd command is used to modify the login password of the account. The usage rights are all users.

2. Format passwd [option] Account name

3. Main parameter -l: Lock the name of the account that has been named, only users with super user rights can use it. -u: to unlock the account locked, only users with superuser privileges may use. -x, –maximum=DAYS: Maximum password usage time (days), only available to users with superuser privileges. -n, –minimum=DAYS: The minimum password usage time (days), which is only available to users with superuser privileges. -d: Delete the user's password, only users with super user rights can use it. -S: Check the password authentication type of the specified user. Only users with super user rights can use it.

4 Application Examples

$ passwdChanging password for user cao.Changing password for cao (current) UNIX password:. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.

can be seen from the above, use the passwd command to enter the old password, then enter the new password twice.

& mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash;. su

1 role su role is changed to the identity of the other user, except superuser, you need to type the user password. .

2 format SU [options] & hellip; [-] [USER [ARG] & hellip;]

3 Main parameters -f, & ndash; fast:. Startup file is not mandatory (e.g. Csh.cshrc, etc.), only for csh or tcsh shells. -l , –login: After adding this parameter, it is like re-login to the user. Most of the environment variables (such as HOME, SHELL, and USER) are based on the user (USER). It will change the working directory. If USER is not specified, the default is root. -m, -p ,–preserve-environment: Does not change the environment variables when executing su. -c command: Change the account to the user of USER, and execute the command (command) before changing back to the original user. USER: To change the user account, ARG incoming new Shell parameters.

4. Application examples for the superuser account changes, and restore the user after executing the df command. su -c df root

& mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash ; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash;. umask

1 acting umask setting file in the user file and directory create a default mask value, if this command into the profile file, the user can control the subsequent file access permissions are built. It tells the system when you create a document does not give anyone access permissions. The usage rights are all users.

2. Format umask [-p] [-S] [mode]

3. Parameter-S: Determine the current umask setting. -p: Modify the umask settings. [mode]: Modify the value.

4. It shows that the traditional Unix umask value is 022, which can prevent other users belonging to the group and other groups of users from modifying the user's file. Since each user owns and belongs to a private group of their own, this "group protection mode" is not needed. Strict permissions form the basis of Linux security, mistakes on the authorization fatal. Note that the umask command is used to set the read and write permissions of the files created by the process. The most secure value is 0077, which means that the read and write permissions of all processes except the process that created the file are closed, which is expressed as -rw——- . In ~/.bash_profile, adding a line of command umask 0077 ensures that the umask permissions of the process can be set correctly each time the shell is started.

5. Application Examples

umask -Su = rwx, g = rx, o = rxumask -p 177umask -Su = rw, g =, o =

above 5 command line, first display the current status, then the umask value to 177, found that only the file owner has read and write permissions to the file, other users can not access the file. This is obviously a very secure setting.

& mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; —————————chgrp

1. The role of chgrp means to modify the group to which one or more files or directories belong. The usage rights are superusers. .

2 format chgrp [options] & hellip; group files & hellip; or chgrp [options] & hellip; & ndash; reference = reference file & hellip;

each & lt; File & gt; of belonging group is set to & lt; group & gt ;.

3. Parameters -c, –changes : like –verbose, but only show results when there are changes. –dereference: affects the object indicated by the symbolic link, not the symbolic link itself. -h, & ndash; no-dereference: symbolic link itself will affect, rather than the symbolic link destination indicated (when the system supports symbolic links to change the owner, this option is valid). -f, & ndash; silent, & ndash; quiet: remove most of the error message. & Ndash; reference = Reference Files: & lt; references & gt; group belongs, rather than the specified & lt; group & gt ;. -R, & ndash; recursive: recursive processing of all files and subdirectories. -v, –verbose: Information is displayed when processing any file.

4. Application Description This command changes the user group to which the specified file belongs. The group can be a user group ID or a group name of a user group in the /etc/group file. File names are separated by spaces. The list of files to be changed is a wildcard. If the user is not the owner or superuser of the file, the group of the file cannot be changed. .

5 Application Examples change /opt /local /book /is a group of all files and subdirectories of book, the following command: $ chgrp & ndash; R book /opt /local /book

& mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash; & mdash ;———————