Basic methods of user management in Linux system

User-managed configuration files

User Information file:/etc/passwd

Password file:/etc/shadow

User group file:/etc/group

User group password file:/etc/gshadow

User profile:

/etc/login.defs

/etc/default/useradd

New user information file:/etc/ske1

Landing information:/etc/motd/etc/issue

/ETC/PASSWD file format

User type

Linux users are divided into three types:

Super User (Root uid=0)

Normal User (UID 500-60000)

Pseudo User (UID 1-499)

Note: Root is not necessarily superuser, but the uid=0 user must be superuser.

Pseudo user

Pseudo-users are related to system and program services

Bin Daemon shutdown halt, and so on, any Linux system has these pseudo users by default

Mail News Games Apache ftp MySQL and sshd, and related to Linux system processes

Pseudo-users typically do not need or fail to log on to the system

can have no host directory

User Group

Each user belongs to at least one user group

Each user group can include multiple users

Users in the same user group enjoy the same permissions as the group

/etc/shadow file format

/etc/group file format

Add Users manually

Add a record to the/etc/passwd,/etc/group, and/etc/shadow files, respectively

Create User host Directory

Setting the default profile in a user-hosted directory

Set User initial password

SetUID

Thinking: Why can ordinary users change their passwords?

Setuid definition: When an executable program has setuid permissions, the user executes the program as the owner of the program.

Example: 1. Grant the touch command setuid permission

2. When VI command to grant SETUID permission

3. Find Setuid Program:

The code is as follows:

Find/-perm-4000–o–perm-2000

Add user

Useradd SET option Username-D View default parameters

U:uid

G: Default-owning user group GID

G: Specify multiple groups to which the user belongs

D: Host Directory

S: Command interpreter Shell

C: Descriptive information

E: Specify user Expiration Time

The code is as follows:

#useradd Ksharpdabu//Add Ksharpdabu This account

< p> #passwd Ksharpdabu/Modify Ksharpdabu password

Or familiar with system files, you can manually add users directly

User Group Administration commands

Add a user group Groupadd

The code is as follows:

Groupadd-g 888 WebAdmin

Create a user group WebAdmin with a GID of 888

Delete user group: Groupdel Group name

The code is as follows:

#groupdel webuser//delete WebUser this group

Modify user group Galaxy: Groupmod

The code is as follows:

#groupmod-N Apache WebAdmin

Modify the WebAdmin group name Apache

User Group Administration commands

GPASSWD set group password and members in administrative group

-A add user to user group

-d remove user from user group

-A set User group administrator

-R Delete user group password

-r prevents users from switching to this group

Modify user Information

Usermod

The code is as follows:

#usermod-G Softgroup Ksharpdabu

Add user Ksharpdabu to the Softgroup user group

The code is as follows:

#usermod-L ksharpdabu-d/home/samlee–g WebAdmin Tom

Change user Tom's login username to Ksharpdabu, join Wenadmin Group, and change user directory to/home/ksharpdabu

User Management commands

Pwk Detect/etc/passwd files (lock files)

VIPW Edit/etc/passwd file

ID View User ID and group information

Finger View User Details

Su Switch User (su– environment variable switch)

Passwd–s View User Password status

Who, W view current logged-in user information

User Group Administration commands

groups see which user groups the user belongs to

NEWGRP Switching user groups

GRPCK user group configuration file detection

CHGRP Modify the group to which the file belongs

VIGR Edit/etc/group file (lock file

User Group Authorization instance

Authorized users Jack and Mary have write permission to the directory/software

The code is as follows:

# Groupadd Softadm

< p># usermod-g Softadm Jack

< p># gpasswd-a Mary Softadm

< p># chgrp Softadm/software

< p># chmod G+w/software

The code is as follows:

# Ls-ld/software

< P>drwxrwxr-x 2 root softadm 06:17/software

< p># grep Softadm/etc/group

< P>softadm::100:jack,mary

Disabling and restoring Users

Disable

The code is as follows:

# usermod-l Username

< p># passwd-l username

Recovery

The code is as follows:

# usermod-u Username

< p># passwd-u username

Delete User

Userdel–r User Name

-r: Delete User Directory

Manual removal:

Use the Find command to locate files belonging to a user or group of users

Find Options-user,-uid,-group,-gid

Move and back up files that need to be retained

Delete unwanted files

To clear related table entries in a user file

Clear User Host Directory

User Management commands

Change settings password

-L View User password settings

-M password modified minimum days

-m password modified maximum number of days

-d Password Last modified date

Number of days to lock accounts after the-l password expires

-E Sets the expiration date for the password, if 0, for the password to expire immediately, or 1 to represent the password never expires

-W Set the number of days to start a warning before the password expires

Start or deactivate the shadow feature

Pwconv/pwunconv

Grpconv/grpunconv

System-config-users

Authconfig/etc/sysconfig/authconfig

Bulk Add Users

newusers command to import user information files

Pwunconv command cancels shadow password function

CHPASSWD Command Import password file (password file format: Username: password)

Pwconv command to write password to shadow file

Instance: adding 10 users at a time

Limit user Su to root:

The code is as follows:

# Groupadd Sugroup

< p># chmod 4550/bin/su

< p># chgrp Sugroup/bin/su

< p># ls-l/bin/su

< p>-r-sr-x-1 root Sugroup 18360 2010/bin/su

Once set, only users in the Sugroup group can use the SU switch to root

The code is as follows:

# Useradd Helen

< p># passwd Helen

< p># usermod-g Sugroup Helen to add Su's privileges to Helen

Use sudo instead of SU:

Temporarily become root when executing sudo command

The root password is not compromised.

Provide limited command usage rights to users only

Profile:/etc/sudoers, editing the configuration file command Visudo

Ordinary users use command sudo.

Format: User name (group name) host address = command (absolute path)

System Weak password test tool The use method of John the Ripper;

The code is as follows:

# TAR-XZVF John-1.7.6.tar.gz

< p># CD John-1.7.6/run

< p># make

Cracked User Ksharpdabu Password

The code is as follows:

# grep ksharpdabu/etc/passwd >/TEST/KSHARPDABU.PASSWD

< p># grep Ksharpdabu/etc/shadow >/test/ksharpdabu.shadow

< p>#/test/john-1.6.6/run/unshadow/test/ksharpdabu.passwd

< P>/test/ksharpdabu.shadow >/test/ksharpdabu.john

< p>#/test/john-1.6.6/run/john/test/ksharpdabu.john