CentOS User Account Management
1. User Management
/Etc/passwd user name configuration file
/Etc/shadow User Password Configuration File
(1) structure of/etc/passwd:
Username: password: uid: gid: commit: user home path: shell
Note:
Uid and gid are auto-incrementing by default;
User's home directory-common users in/home, root in/(or ~);
Shell refers to the logon method-Common/bin/bash,/sbin/nologin (set as not logged on );
(2) structure of/etc/shadow
Username: User Name
Password: password, encryption mode $1 (md5), $5 (SHA-256), $6 (sha-512 ),!! No Password, * locking users
Last password change time: the number of days from January 1
How many days can I change my password:
Password expiration time:
Warning password invalidation: Notification several days before password invalidation
Expiration date: change the password in time to prevent unavailability of users
Reserved fields
Plug: Linux time synchronization
Date-s defines the time (date Format)
Ntpdate time server address
Hwclock-h: Same as the time in BIOS
2. Operations on user accounts
(1) Basic operations
Add User: useradd-u [uid]-g [gid]-G [group]-d [home dir path]-M [don't create home path]
-S [shell such as/sbin/nologin,/bin/bash] [username] can create user-specified groups
Delete user: userdel-r is deleted along with the Home Directory
Add User Group: groupadd-g [gid] [groupname]
Delete user group: groupdel [groupname]
View: id [username]
Instance: the user fails to be switched and the user's home directory does not exist.
Solution:
# Mkdir
# Cp-rv/etc/skel/. B *
; # If you want to delete them together, the owner Group of the home directory must be the user
(2) Change the attributes of a user account
Usermod-u-g-G-s-d-L: Locked User-U: unlocked user
Chfn username: added a description of the user account
Set Password
Randomly generated password: mkpasswd-l fixed length-s defined special character-yum install-y mkpasswd)
Record tool: keepass
3. Switch users
Su-[username] Full switchover, environment variables and home directory switchover
Su-C ''command'-the user temporarily executes the command with the permission of a user
Sudo allows common users to temporarily execute commands with specified user permissions,
Set the User Password sudo/bin/ls/root/
Change the mongodo configuration, "user ALL = (source user) NOPASSWD :( no password required) the absolute path of the command to be executed"
Instance 1: Enter the password only once
Solution: passwd -- stdin
Echo-e "[new password] \ n [new passwd] \ n" | passwdpasswd -- stdin [username]; \ n is a carriage return-e Escape Character
Instance 2: remote login connection is too slow
Solution:
Vim/etc/ssh/sshd_config
Enable UseDNS * and change the value to no
/Etc/init. d/sshd restart or service sshd restart
Instance 3: disabling remote root does not prevent the use of root permissions to execute commands
Solution:
1. disable root Remote Login
Vim/etc/ssh/sshd_config
Enable PermitRootLogin .. and change the value to no.
/Etc/init. d/sshd restart or service sshd restart
2. Change the switch execution permission
Mongodo
[Username] ALL = (root) NOPASSWD:/bin/ls,/bin/su (location: root line) do not change the password
Su-[username]
Sudo su-