harvey@ubuntu:/etc$ cat -b passwd 1 root:x:0:0:root:/root:/bin/bash 2 daemon:x:1:1:daemon:/usr/sbin:/bin/sh 3 bin:x:2:2:bin:/bin:/bin/sh 4 sys:x:3:3:sys:/dev:/bin/sh 5 sync:x:4:65534:sync:/bin:/bin/sync 6 games:x:5:60:games:/usr/games:/bin/sh 7 man:x:6:12:man:/var/cache/man:/bin/sh 8 lp:x:7:7:lp:/var/spool/lpd:/bin/sh 9 mail:x:8:8:mail:/var/mail:/bin/sh 10 news:x:9:9:news:/var/spool/news:/bin/sh 11 uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh 12 proxy:x:13:13:proxy:/bin:/bin/sh 13 www-data:x:33:33:www-data:/var/www:/bin/sh 14 backup:x:34:34:backup:/var/backups:/bin/sh 15 list:x:38:38:Mailing List Manager:/var/list:/bin/sh 16 irc:x:39:39:ircd:/var/run/ircd:/bin/sh 17 gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 18 nobody:x:65534:65534:nobody:/nonexistent:/bin/sh 19 libuuid:x:100:101::/var/lib/libuuid:/bin/sh 20 syslog:x:101:103::/home/syslog:/bin/false 21 messagebus:x:102:105::/var/run/dbus:/bin/false 22 colord:x:103:108:colord colour management daemon,,,:/var/lib/colord:/bin/false 23 lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false 24 whoopsie:x:105:114::/nonexistent:/bin/false 25 avahi-autoipd:x:106:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false 26 avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false 27 usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false 28 kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false 29 pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false 30 rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false 31 speech-dispatcher:x:112:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh 32 hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false 33 saned:x:114:123::/home/saned:/bin/false 34 harvey:x:1000:1000:Harvey,,,:/home/harvey:/bin/bash
harvey@ubuntu:/etc$ sudo cat -b shadow 1 root:!:16141:0:99999:7::: 2 daemon:*:16105:0:99999:7::: 3 bin:*:16105:0:99999:7::: 4 sys:*:16105:0:99999:7::: 5 sync:*:16105:0:99999:7::: 6 games:*:16105:0:99999:7::: 7 man:*:16105:0:99999:7::: 8 lp:*:16105:0:99999:7::: 9 mail:*:16105:0:99999:7::: 10 news:*:16105:0:99999:7::: 11 uucp:*:16105:0:99999:7::: 12 proxy:*:16105:0:99999:7::: 13 www-data:*:16105:0:99999:7::: 14 backup:*:16105:0:99999:7::: 15 list:*:16105:0:99999:7::: 16 irc:*:16105:0:99999:7::: 17 gnats:*:16105:0:99999:7::: 18 nobody:*:16105:0:99999:7::: 19 libuuid:!:16105:0:99999:7::: 20 syslog:*:16105:0:99999:7::: 21 messagebus:*:16105:0:99999:7::: 22 colord:*:16105:0:99999:7::: 23 lightdm:*:16105:0:99999:7::: 24 whoopsie:*:16105:0:99999:7::: 25 avahi-autoipd:*:16105:0:99999:7::: 26 avahi:*:16105:0:99999:7::: 27 usbmux:*:16105:0:99999:7::: 28 kernoops:*:16105:0:99999:7::: 29 pulse:*:16105:0:99999:7::: 30 rtkit:*:16105:0:99999:7::: 31 speech-dispatcher:!:16105:0:99999:7::: 32 hplip:*:16105:0:99999:7::: 33 saned:*:16105:0:99999:7::: 34 harvey:$1$GHg7l$G5x.F1Rf8RBgIfDyMfwGL/:16141:0:99999:7:::
harvey@ubuntu:/etc$ cat -b group 1 root:x:0: 2 daemon:x:1: 3 bin:x:2: 4 sys:x:3: 5 adm:x:4:harvey 6 tty:x:5: 7 disk:x:6: 8 lp:x:7: 9 mail:x:8: 10 news:x:9: 11 uucp:x:10: 12 man:x:12: 13 proxy:x:13: 14 kmem:x:15: 15 dialout:x:20: 16 fax:x:21: 17 voice:x:22: 18 cdrom:x:24:harvey 19 floppy:x:25: 20 tape:x:26: 21 sudo:x:27:harvey 22 audio:x:29:pulse 23 dip:x:30:harvey 24 www-data:x:33: 25 backup:x:34: 26 operator:x:37: 27 list:x:38: 28 irc:x:39: 29 src:x:40: 30 gnats:x:41: 31 shadow:x:42: 32 utmp:x:43: 33 video:x:44: 34 sasl:x:45: 35 plugdev:x:46:harvey 36 staff:x:50: 37 games:x:60: 38 users:x:100: 39 nogroup:x:65534: 40 libuuid:x:101: 41 crontab:x:102: 42 syslog:x:103: 43 fuse:x:104: 44 messagebus:x:105: 45 bluetooth:x:106: 46 scanner:x:107: 47 colord:x:108: 48 lpadmin:x:109:harvey 49 ssl-cert:x:110: 50 lightdm:x:111: 51 nopasswdlogin:x:112: 52 netdev:x:113: 53 whoopsie:x:114: 54 mlocate:x:115: 55 ssh:x:116: 56 avahi-autoipd:x:117: 57 avahi:x:118: 58 pulse:x:119: 59 pulse-access:x:120: 60 utempter:x:121: 61 rtkit:x:122: 62 saned:x:123: 63 harvey:x:1000: 64 sambashare:x:124:harvey
- 用户名为root,密码为!(!代表的意思不详),用户ID和组ID都为0,用户最先进入的目录就是/root,和内核交互细信息的内核是/bin/bash。init进程是所有用户进程的祖先进程PID为0,应该就是root用户和用户组权限限制的进行。
- 用户名为daemon,密码为*(表示禁止登录),用户ID和组ID都是1,组名是daemon,daemon用户和组是负责创建进程的daemon进程的PID就是根据daemon用户对/usr/sbin文件夹的权限来确定的,和内核交互使用的shell是/bin/sh。Daemon是一个特殊的进程,他独立于控制终端并且周期性的执行某种任务或等待某事的发生,常见的daemon进程为日志进程syslogd、web服务器httpd、邮件服务器sendmail、数据库服务器mysql。(syslogd的程序一定就是在/usr/sbin的目录下的,在daemon创建进程的时候可以直接从这里读取程序文件),daemon进程的父进程是init进程。因为他真正的父进程在fork出子进程后就先于子进程exit了,所以daemon是一个从init继承的孤儿进程。
linux的用户和组的详细管理机制使得linux内的资源更像是一个社会,root用户UID为0就是总统有最高的权限,而UID为1-499的用户是root领导下的各级社会部门(国会,银行,邮局等),他们都是由某个部门的leader在领导,而UID为500-60000的用户就是广大的民众和非政府组织。UID为1-499的服务进程也就是政府部门只是对外提供服务,除非服务进程对外开放访问资源的接口,否则不能使用其的资源。而普通用户则是直接用shell使用的计算机资源。
linux虽然可以进行丰富的权限管理,但如同社会虽然能管理但是制度很重要,linux的安全性只是从系统上保证了,真正安全不安全还是看怎么设置的权限管理。