Centos user management

######################################## #######################
Useradd user management
######################################## #######################

1. useradd-D
Show Default User Creation options

2. Create a template file location with the default user options
/Etc/login. defs
/Etc/defalt/useradd

Vi/etc/default/useradd
GROUP = 100
HOME =/home
INACTIVE =-1
EXPIRE =
SHELL =/bin/bash
SKEL =/etc/skel
GROUPS = video, dialout
CREATE_MAIL_SPOOL = no

3. Detailed description of user commands
Useradd [-d home] [-s shell] [-c comment] [-m [-k template] [-f inactive] [-e expire] [-p passwd] [-r] name


Main Parameters


-C: add the remarks text. The remarks text is saved in the remarks column of passwd.

-D: Specify the start directory when the user logs on.

-D: Change the default value.

-E: Specifies the validity period of the Account, which is permanently valid by default.

-F: specifies the number of days after the password expires.

-G: Specifies the group to which the user belongs.

-G: Specifies the additional group to which the user belongs. Multiple groups are separated by commas (,) and cannot contain spaces.

-M: automatically creates a user's logon directory.

-M: do not automatically create a user's logon directory.

-N: cancel the creation of a group named by the user name.

-R: Create a system account.

-S: Specifies the shell used after the user logs on.

-U: Specifies the user ID.

-P: Specifies the user password. The password must be encrypted.


Example:
1> create a user and use the default login. defs Option
Userdel tata

2> create a user and automatically create a user logon directory.-m is generally used with the-d option/home/username.
Useradd-m tata
3> create a user and specify the automatic logon directory
Useradd-d/home/tata-m tata

4> create a user, specify the automatic logon directory, and specify the affiliated group
Userdel-G users-d/home/tata-m tata

5> create a user, specify the automatic logon directory, affiliated group, and password
Useradd-p 'openssl passwd-1-salt "tata" tata '-G users-d/home/tata-m tata


6> create a user, automatically create the user logon directory, specify the private group and affiliated group
Useradd-m tata-g tata-G users


Useradd-p 'openssl passwd-1-salt "product_pub" product_pub '-G users-m-d/home/product_pub
Note: For openssl passwd participation in the following advanced proposition


You can also use the following statement for the initial password:
[Root @ www ~] # Useradd-G users smb1
[Root @ www ~] # Useradd-G users smb2
[Root @ www ~] # Useradd-G users smb3
[Root @ www ~] # Echo 1234 | passwd -- stdin smb1
[Root @ www ~] # Echo 1234 | passwd -- stdin smb2
[Root @ www ~] # Echo 1234 | passwd -- stdin smb3


######################################## #######################
Usermod: Modify the user information, that is, modify the content of the/etc/passwd file option.
######################################## #######################
Syntax: usermod [-LU] [-c <remarks>] [-d <logon directory>] [-e <validity period>] [-f <buffer days>] [-g <group>] [-G <group>] [-l <Account Name>] [-s <shell>] [-u <uid>] [User Account]


Note: usermod can be used to modify user account settings.


Parameters:
-C <remarks> modify the remarks of the user account.
-D logon directory> modify the directory when a user logs in.
-E <validity period> modifies the validity period of an account.
-F <buffer days> change the number of days after the password expires to close the account.
-G <group>: Modify the group to which the user belongs.
-G <group> modify the additional group to which the user belongs.
-L <Account name> modify user account name usermod-l new-user-name old-user-name
-L lock the user password to make it invalid.
-S <shell> modify the shell used after the user logs on.
-U <uid> modify the user ID.
-U unlocks the password. Linuxso.com linux security net


Usermod does not allow you to change the user account name to "positive" online. When usermod is used to change the user ID, it must be confirmed that the user does not execute any sequence on the brain. You need to change the crontab file of the user by hand. You also need to manually change the at work file of the user. The NIS server must be used to change the NIS settings on the server.


Example:
1. Add newuser2 to the staff group.
# Usermod-G staff newuser2
2. Change newuser's username to newuser1.
# Usermod-l newuser1 newuser
3. Lock account newuser1
# Usermod-L newuser1
4. Unlock newuser1
# Usermod-U newuser1


######################################## #######################
Userdel username delete user
######################################## #######################
Userdel tata
Userdel murray Note: delete user murray, but do not delete its home directory and files;
Userdel-r murray Note: delete user murray. Delete the user's home directory and files together;
You can use the optional-r switch to delete all your home directories and related information. If you want to keep the user's home directory,
Do not use the-r switch. This switch will not automatically delete all files belonging to this user in the system, but will only delete their home directories.


######################################## #######################
Passwd password management
######################################## #######################
Passwd [Option] account name specific product see man passwd instructions
　　
3. Main Parameters
　　
-L: the name of the named account is locked and can only be used by users with super user permissions.
　　
-U: Unlock the account lock status. Only users with Super User Permissions can use it.
　　
-X, -- maximum = DAYS: maximum Password usage time (DAYS). Only users with Super User Permissions can use the password.
　　
-N, -- minimum = DAYS: minimum Password time (DAYS). Only users with Super User Permissions can use the password.
　　
-D: Delete the user's password. Only users with Super User Permissions can use it.
　　
-S: Check the password authentication type of a specified user. Only users with Super User Permissions can use the password.


######################################## #######################
Advanced proposition openssl passwd
######################################## #######################
Openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin]
[-Quiet] [-table] {password}

This command supports three hash algorithms:
Standard hash algorithm (crypt) for UNIX systems)
MD5-based BSD (1)

OPTIONS
-Standard hash algorithm for crypt UNIX systems
-1 MD5-based BSD note-1 is the number one, not the letter L
-Apr1 Apache $ apr1 $ hash
Any of the three options is used as the hash algorithm. The default value is-crypt.
-Salt string
The input is a salt string. The input is the heap added when hash is discrete. The default value is the current time.
-In file
Name of the file to be hashed
-Stdin
Read Password from standard input
-Quiet
When a standard Read Password is entered and the entered password is too long, the program will automatically shorten it. This option
Set will not issue a warning unless necessary.
-Table
In the output column, the plaintext password is output, a TAB is output, and the hash value is output.

Example:
# The default value is the 13-byte crypt algorithm.
Root @ OP_39_184_sles10:/home # openssl passwd tata
Xi39WUwNFP 1mA
Root @ OP_39_184_sles10:/home # openssl passwd tata
M4DBd/Ys2lbrk
Root @ OP_39_184_sles10:/home # openssl passwd-crypt tata
NRD7.BwG98Ulk
Root @ OP_39_184_sles10:/home # openssl passwd-crypt tata
7 jubybNYKQ/TQ
Root @ OP_39_184_sles10:/home # openssl passwd-crypt tata
GRZWFaTNrMIPU


#-1 MD5 34 bytes
Root @ OP_39_184_sles10:/home # openssl passwd-1 tata
$1 $2QDCG7. k $ Q6H/aSd8zNzCpX9iAJF2K1
Root @ OP_39_184_sles10:/home # openssl passwd-1 tata
$1 $36 irvjIG $ pzYRmRbeno63nhAfJ/Gyf/
Root @ OP_39_184_sles10:/home # openssl passwd-1 tata
$1 $ ypfFFaSg $ cz8MXJewT00cEsPpFqIUs/


#-Apr1 37 bytes
Root @ OP_39_184_sles10:/home # openssl passwd-apr1 tata
$ Apr1 $ xqrnyuZ9 $ rcCyBnf33RbV2M0jlT7F80
Root @ OP_39_184_sles10:/home # openssl passwd-apr1 tata
$ Apr1 $ tJ50XhCQ $ e201pOwVDACoLcU3BmzQt/




=- =-= -- =
User Management:


Useradd: Add a user

Adduser: Add a user

Passwd: set a password for the user

Usermod: Modify user commands. You can use usermod to modify the logon name and user's home directory;

Pwcov: Synchronize users from/etc/passwd to/etc/shadow

Pwck: pwck verifies whether the content of the user configuration file/etc/passwd and/etc/shadow is legal or complete;

Pwunconv: it is the vertical reverse operation of pwcov. It creates/etc/passwd from/etc/shadow and/etc/passwd, and then deletes the/etc/shadow file;

Finger: A Tool for viewing user comments

Id: view the UID, GID, and user group of the user.

Chfn: tool for changing user information

Su: User Switching Tool

Sudo: The sudo command is executed by another user (execute a command as another user), su is used to switch users, and then the user to complete the corresponding task through the switch, however, sudo can directly execute the following commands. For example, sudo can execute root authorization without the root password. Only root can execute the corresponding commands; however, you must edit/etc/sudoers through mongodo;


Except do: visodo is the command for editing/etc/sudoers. You can also use vi to edit/etc/sudoers.

Certificate ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Uid features

UID: It ranges from 0 to 65535.

0 represents the system administrator,

1 ~ 499 reserved for system use,

1 ~ 99 reserved for the system default account,

100 ~ 499 reserved for service

500 ~ 65535 is for general users.