Linux users and user groups and related commands (top)

/etc/passwd,/etc/group,/etc/shadow and/etc/gshadow Introduction:

1,/etc/passwd: This file is mainly to store user information, one line to record a user.

[Email protected]_server ~]# tail-2/etc/passwd
Named:x:25:25:named:/var/named:/sbin/nologin
Huangyisan:x:502:502::/home/huangyisan:/bin/bash

Observing each line, separated by ":", is divided into seven parts , representing the meaning:

The first part: represents the user name, such as Huangyisan.

The second part: represents the password, where x represents the placeholder.

Part III: UserID, is a unique identity.

Part IV: GroupID, is a unique identifier.

Part V: aliases, such as the named user alias is named

Part VI: User home directory, such as Huangyisan's home directory under/home/huangyisan

Part VII: The user's shell mode, such as Huangyisan's shell mode is/bin/bash

Detailed description of each section:

The first part: the user name that is encountered when landing

The second part: the password is encrypted after the record in the/etc/shadow inside, concrete see below/etc/shadow introduction

The third part: The administrator ID is 0, the normal user range is 1-60000. In Centos5 and 6, the system user range is 1-499, the login user range is 500+;CENTOS7, the system user range is 1-999, the login user range is 1000+. These configurations can be modified in/etc/login.defs.

Part Four: The Administrator group ID is 0, in centos5 and 6, the System user group is 1-499; The general user group is a researcher, in Centos7, the system user range is 1-999, the general user group is 1000+

Part V: Aliases

Part VI: The user is generally created by default to generate the user's home directory under/home/username

Part VII: There are multiple shell modes. The default is/bin/bash, more shells can view the/etc/shells file, if a user's shell is designated as/sbin/nologin, then this user is unable to log on to Linux, even if it is root, can not su to the user , such users call "anonymous user", generally such users can be used for FTP, can make ftpdown data, but not allowed to log on this FTP server.

2,/etc/group: This file mainly holds the user group information, one Row records a user group.

[Email protected]_server ~]# tail-4/etc/group
NAMED:X:25:
Huangyisan:x:502:huangyisan1,huangyisan3

The observation of each line, separated by ":", is divided into four parts , representing the meaning of

The first part: group names, such as the Huangyisan group

Part Two: User group password, x represents placeholder, password is encrypted and stored in/etc/gshadow

Part III: User group ID, which is described above, uniquely identifies

Part IV: Users in the group, the user to join the group, different users with "," separated, only additional groups will be here. (has been tested)

3,/etc/shadow: This file is mainly user record user password information.

[Email protected]_server ~]# tail-4/etc/shadow
Huangyisan:$6$5fvhr7cn$lcdiv1w5scbsjfkera4htflqm.kd7nd3txkdwmqbr7xuim3k5htsiqwth9koa4mfdnvaumg1kpczbxqdt2o2i0 : 16658:0:99999:7:::
huangyisan1:!! : 16658:0:99999:7:::
huangyisan2:!! : 16658:0:99999:7:::
huangyisan3:!! : 16658:0:99999:7:::

Observing each line, separated by a ":", a total of nine parts , respectively, represents the meaning of

Part I: User names, such as Huangyisan

The second part: password after encryption, if no password, then use two "!" To express. This password is divided into three parts, separated by "$", the first part in the form of numbers to represent the algorithm, a total of four ways (in doubt ), through the man 3 crypt can see four kinds:

id  | method 
                ---------------------------------------------------------
               1   |  MD5 
               2a  |  Blowfish  (Not in mainline glibc; added in some 
                    | Linux  Distributions) 
               5    | SHA-256  (since glibc 2.7) 
                6   | SHA-512  (since glibc 2.7) 
 

That Huangyisan is the encryption that belongs to the way 6, namely SHA-512. The second part is salt, the system is added by default "impurity", eight-bit composition, mainly to prevent the same password to get the same third part of the encrypted information. The third part is the password encryption information provided by the user with the password and the salt calculated together.

Part III: Indicates how much time has elapsed since the beginning of 1970-01-01 (Unix first) to the last notconsistent password.

Part IV: The maximum non-volatile password time, if it is 0, it means that the password can be changed immediately.

Part V: Password validity time, more than this time, the password expires, the account also temporarily expired, if 99999, will never expire.

Part VI: The password expires before the reminder time, such as 7, then the password expires in the first seven days, the system will notify the user notconsistent password.

Part VII: Password expiration can be logged in time, when the password expires, you can grace the number of days for users to log in, more than this time the password is not changed, then the account expires.

Part VIII: Account expiration Time, also calculated by 1970-01-01, to this point, the account is automatically invalid.

Ninth part: Reserved part.

4,/etc/gshadow: This file is mainly used for storing user group encryption and other information, a row of records a user group.

[Email protected]_server ~]# tail-3/etc/gshadow
huangyisan:$6$phakv/pr$kaf1nywqnl/sbgpqeiy/m9svp5oe2xfqkuegjyj2vo9c0j3u.4b41lqndszniz1wwf9zshpwl7myc3o6o4yzf/: : huangyisan1,huangyisan3
huangyisan1:!::
huangyisan3:!::

Observing each line, separated by a ":", a total of four parts , respectively, represents the meaning of

The first part: User group name, such as Huangyisan this group

The second part: User group password, only to set the user group password will have, otherwise, "!" Indicates null. This password is also divided into three paragraphs, and the same encryption rules as described above.

The third part: User group manager, this field can also be empty, if there are multiple user group manager, with "," Number segmentation ( do not understand what meaning )

Part IV: A member of the user group that contains only subordinate groups , separated by "," between multiple users.

Linux users and user groups and related commands (top)