Linux Account documentation

Linux Account documentation

Linux Account documentation

1. passwd explanation: this file is constructed in this way. Each row represents an account, and several lines represent several accounts. Many accounts are required for normal system operation, such as bin, daemon, adm, etc., path/etc/passwd

Eg: root: x: 0: 0: root:/bin/bash

Each row is separated by seven segments:

1) account name, which corresponds to UID

2) password: the early Unix system directly stores the password here, but because all programs in this file can read it, it is easy to cause the password data to be stolen, therefore, the password data of this field is put in/etc/shadow.

3) UID: The identifier of the user. Different permissions correspond to different ID segments, as follows:

0: When the UID is 0, it indicates that this account is a system account. Therefore, if you want other account names to have root permissions, change the UID of this account to 0.

1 ~ 499: The ID reserved for the system. In fact, except for 0, other UID permissions and features are not the same. By default, the number below 500 is used by the system as a reserved account.

Because the services started on the system want to run with lower permissions, we do not want to run as root, so we have to provide the owner account of these programs in operation, these accounts cannot be logged on.

Generally, system accounts are classified into two types based on the origins of system accounts:

1 ~ 99: You have a system account created by distributions.

100 ~ 499: The UID that can be used when a user has a system account Requirement

500 ~ 65535: for general users. However, linux kernel 2.6.x supports UID accounts of 2 ^ 32-1 = 4294967295.

4) GID: Related to/etc/group

5) User Information Description column: explains the meaning of the account. You can view the information through the finger command.

6) home Directory: root,/root; others,/home/User Name

8) Shell: bash command library used by the user

2. shadow explanation: stores the user password, path,/etc/shadow. Eg:

Root: $1 $/30QqE5e $ y9N/D0bh6rAACBEz. hqo00: 14126: 0: 99999: 7 :::

Shadow also uses: As the delimiter and is divided into nine fields. These nine fields represent:

1) Account Name

2) password: only the root user has the permission to read and write the file. Currently, the md5 encrypted ciphertext is generally used. The password length generated by the fixed encoding system must be consistent, therefore, when you change the length of this field, the password will become invalid.

3) Date of last password change: displayed as a timestamp

4) days when the password cannot be changed: the password of this account can be changed only a few days after the last change. 0, indicating that it can be modified at any time

5) Number of days when the password needs to be changed again: specifies the number of days after the last password change. If the password is not changed, the password will expire.

6) Warning days before the Password Change Period: when the user's password is about to expire, the system will send a warning comment to the account based on the setting of this field, remind him how many days later the password will expire. Please change the password as soon as possible.

7) account grace period after the password expires: After the password expires, the user can still log on to the system within this period. However, after logging on, the system will force the user to change the password and then log on to the system again.

8) Account Expiration date: after this date is reached, this account will be disabled regardless of whether the password expires or not.

9) retained: The last field is reserved. Check whether new features are added in the future.

3. Interpretation of group: each row of this file represents a group. The separator is divided into four columns, which indicates:

1) group name

2) group password: usually not set. This setting is usually used by the Group Administrator. Currently, it is rare to set a group administrator. Similarly, the password has been moved to/etc/gshadow, therefore, this field only has one x.

3) GID: Group ID

4) account names supported by the Group: separated by commas (,). To add users to the group, you only need to add the users here.

4. groups: displays the group to which the current user belongs. The first one is a valid group. That is, when a user creates a file, the group name is the group name.

5. newgrp valid group name: Switch the valid group in the supported (affiliated) group. After this command is executed, the system will enable the new shell and re-read the GID. Therefore, to switch to the original environment, exit and log on.

6. gshadow explanation: storage group password, path,/etc/gshadow, separator ":"

Eg: root ::: root, meaning of each segment,

1) group name

2) password column, starting! No valid password, that is, no group Administrator

3) Group Administrator Account

4) all accounts in the group

This article permanently updates the link address: