• ubuntu默认用户分析


    harvey@ubuntu:/etc$ cat -b passwd
     1    root:x:0:0:root:/root:/bin/bash
     2    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
     3    bin:x:2:2:bin:/bin:/bin/sh
     4    sys:x:3:3:sys:/dev:/bin/sh
     5    sync:x:4:65534:sync:/bin:/bin/sync
     6    games:x:5:60:games:/usr/games:/bin/sh
     7    man:x:6:12:man:/var/cache/man:/bin/sh
     8    lp:x:7:7:lp:/var/spool/lpd:/bin/sh
     9    mail:x:8:8:mail:/var/mail:/bin/sh
    10    news:x:9:9:news:/var/spool/news:/bin/sh
    11    uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    12    proxy:x:13:13:proxy:/bin:/bin/sh
    13    www-data:x:33:33:www-data:/var/www:/bin/sh
    14    backup:x:34:34:backup:/var/backups:/bin/sh
    15    list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    16    irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    17    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    18    nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    19    libuuid:x:100:101::/var/lib/libuuid:/bin/sh
    20    syslog:x:101:103::/home/syslog:/bin/false
    21    messagebus:x:102:105::/var/run/dbus:/bin/false
    22    colord:x:103:108:colord colour management daemon,,,:/var/lib/colord:/bin/false
    23    lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false
    24    whoopsie:x:105:114::/nonexistent:/bin/false
    25    avahi-autoipd:x:106:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
    26    avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
    27    usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false
    28    kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
    29    pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false
    30    rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false
    31    speech-dispatcher:x:112:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
    32    hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false
    33    saned:x:114:123::/home/saned:/bin/false
    34    harvey:x:1000:1000:Harvey,,,:/home/harvey:/bin/bash
    harvey@ubuntu:/etc$ sudo cat -b shadow
     1    root:!:16141:0:99999:7:::
     2    daemon:*:16105:0:99999:7:::
     3    bin:*:16105:0:99999:7:::
     4    sys:*:16105:0:99999:7:::
     5    sync:*:16105:0:99999:7:::
     6    games:*:16105:0:99999:7:::
     7    man:*:16105:0:99999:7:::
     8    lp:*:16105:0:99999:7:::
     9    mail:*:16105:0:99999:7:::
    10    news:*:16105:0:99999:7:::
    11    uucp:*:16105:0:99999:7:::
    12    proxy:*:16105:0:99999:7:::
    13    www-data:*:16105:0:99999:7:::
    14    backup:*:16105:0:99999:7:::
    15    list:*:16105:0:99999:7:::
    16    irc:*:16105:0:99999:7:::
    17    gnats:*:16105:0:99999:7:::
    18    nobody:*:16105:0:99999:7:::
    19    libuuid:!:16105:0:99999:7:::
    20    syslog:*:16105:0:99999:7:::
    21    messagebus:*:16105:0:99999:7:::
    22    colord:*:16105:0:99999:7:::
    23    lightdm:*:16105:0:99999:7:::
    24    whoopsie:*:16105:0:99999:7:::
    25    avahi-autoipd:*:16105:0:99999:7:::
    26    avahi:*:16105:0:99999:7:::
    27    usbmux:*:16105:0:99999:7:::
    28    kernoops:*:16105:0:99999:7:::
    29    pulse:*:16105:0:99999:7:::
    30    rtkit:*:16105:0:99999:7:::
    31    speech-dispatcher:!:16105:0:99999:7:::
    32    hplip:*:16105:0:99999:7:::
    33    saned:*:16105:0:99999:7:::
    34    harvey:$1$GHg7l$G5x.F1Rf8RBgIfDyMfwGL/:16141:0:99999:7:::
    harvey@ubuntu:/etc$ cat -b group
     1    root:x:0:
     2    daemon:x:1:
     3    bin:x:2:
     4    sys:x:3:
     5    adm:x:4:harvey
     6    tty:x:5:
     7    disk:x:6:
     8    lp:x:7:
     9    mail:x:8:
    10    news:x:9:
    11    uucp:x:10:
    12    man:x:12:
    13    proxy:x:13:
    14    kmem:x:15:
    15    dialout:x:20:
    16    fax:x:21:
    17    voice:x:22:
    18    cdrom:x:24:harvey
    19    floppy:x:25:
    20    tape:x:26:
    21    sudo:x:27:harvey
    22    audio:x:29:pulse
    23    dip:x:30:harvey
    24    www-data:x:33:
    25    backup:x:34:
    26    operator:x:37:
    27    list:x:38:
    28    irc:x:39:
    29    src:x:40:
    30    gnats:x:41:
    31    shadow:x:42:
    32    utmp:x:43:
    33    video:x:44:
    34    sasl:x:45:
    35    plugdev:x:46:harvey
    36    staff:x:50:
    37    games:x:60:
    38    users:x:100:
    39    nogroup:x:65534:
    40    libuuid:x:101:
    41    crontab:x:102:
    42    syslog:x:103:
    43    fuse:x:104:
    44    messagebus:x:105:
    45    bluetooth:x:106:
    46    scanner:x:107:
    47    colord:x:108:
    48    lpadmin:x:109:harvey
    49    ssl-cert:x:110:
    50    lightdm:x:111:
    51    nopasswdlogin:x:112:
    52    netdev:x:113:
    53    whoopsie:x:114:
    54    mlocate:x:115:
    55    ssh:x:116:
    56    avahi-autoipd:x:117:
    57    avahi:x:118:
    58    pulse:x:119:
    59    pulse-access:x:120:
    60    utempter:x:121:
    61    rtkit:x:122:
    62    saned:x:123:
    63    harvey:x:1000:
    64    sambashare:x:124:harvey
    1. 用户名为root,密码为!(!代表的意思不详),用户ID和组ID都为0,用户最先进入的目录就是/root,和内核交互细信息的内核是/bin/bash。init进程是所有用户进程的祖先进程PID为0,应该就是root用户和用户组权限限制的进行。
    2. 用户名为daemon,密码为*(表示禁止登录),用户ID和组ID都是1,组名是daemon,daemon用户和组是负责创建进程的daemon进程的PID就是根据daemon用户对/usr/sbin文件夹的权限来确定的,和内核交互使用的shell是/bin/sh。Daemon是一个特殊的进程,他独立于控制终端并且周期性的执行某种任务或等待某事的发生,常见的daemon进程为日志进程syslogd、web服务器httpd、邮件服务器sendmail、数据库服务器mysql。(syslogd的程序一定就是在/usr/sbin的目录下的,在daemon创建进程的时候可以直接从这里读取程序文件),daemon进程的父进程是init进程。因为他真正的父进程在fork出子进程后就先于子进程exit了,所以daemon是一个从init继承的孤儿进程。

         linux的用户和组的详细管理机制使得linux内的资源更像是一个社会,root用户UID为0就是总统有最高的权限,而UID为1-499的用户是root领导下的各级社会部门(国会,银行,邮局等),他们都是由某个部门的leader在领导,而UID为500-60000的用户就是广大的民众和非政府组织。UID为1-499的服务进程也就是政府部门只是对外提供服务,除非服务进程对外开放访问资源的接口,否则不能使用其的资源。而普通用户则是直接用shell使用的计算机资源。

       linux虽然可以进行丰富的权限管理,但如同社会虽然能管理但是制度很重要,linux的安全性只是从系统上保证了,真正安全不安全还是看怎么设置的权限管理。
  • 相关阅读:
    MVC框架及其应用
    《企业应用架构模式》-阅读笔记1
    《架构之美》阅读笔记3
    《架构之美》-阅读笔记2
    《架构之美》阅读笔记1
    一线架构师实践指南第三篇—— Refined Architecture(预习)
    知识图谱_示例图
    一个考研党的敷衍的毕业设计_知识图谱
    一线架构师阅读笔记三
    一线架构师阅读笔记二
  • 原文地址:https://www.cnblogs.com/zhanghaiyublog/p/3597859.html
Copyright © 2020-2023  润新知