10, self-study--linux learning progress and Tasks "user and user group related actions"

User and user group related actions

User and user group definitions:

User: Resource acquisition identifier (resource allocation), which is one of the trusted elements of the security permission model

　　　　User group: A user group is a collection of multiple users that facilitates authorization for a class of users who require the same permissions

Password: User authentication

Linux is a multi-user, multi-tasking operating system.

Multi- user means: Multiple people use system resources at the same time; multitasking: Running multiple processes at the same time

Categories of users and user groups:

1. User: Name resolution Library/ETC/PASSWD

A, administrator

Root User ID (UID) is 0

b, ordinary users and system users

User ID (UID) for ordinary users:

CentOS 5,6:500+

CentOS 7:1000+

System User User ID (UID):

CentOS 5,6:1-499

CentOS 7:1-999

　　　　　　2. User group: Name Resolution Library/etc/group

A, Administrators group

The group ID is: 0

b, normal user group and system user group

Common User Group ID:

CentOS 5,6:500+

CentOS 7:1000+

System User Group ID:

CentOS 5,6:1-499

CentOS 7:1-999

3. User group Category:

To the user as the core is divided into:

User's primary group: Basic Group;

Additional groups for users: additional groups;

To accommodate the user to divide:

Private group: Same as user name, and only one user;

Group: Multiple users are included in the group;

Authentication mechanism for users and user groups

　　　　　The user password authentication method of Linux is used in Centos7 sha512

Authentication Information Base Storage location:

User's authentication (password) repository:/etc/shadow

Certification information base for groups:/etc/gshadow

Password: Encrypted storage, using one-way encryption mechanism

encryption method:
symmetric encryption: If encryption and decryption use the same secret Key. Des data Encryption Standard, 3DES,AES,
  Public Key cryptography: Dsa,rsa
  One-way encryption: The data entered is the same, the output is the same
  The input data is different, then the snow Collapse effect
  fixed-length output
&NB　　　　Sp　　　　　　　　　　Irreversible
  MD5: Information digest 128bits
  SHA1: Secure Hash algorithm: 160bits
  SHA256:
 sha512:

Operation:
　　　　　　　　　　　　　　　　　# md5sum file: detect password
　　　　　　　　　　　　　　　　　# Sha1sum file

User and user group management commands

　　　　To Add a group :

# Groupadd [options] Group

-G GID: indicates GID;

-r,–system: System Group

To Modify group information :

# groupmod [options] GROUP

-G GID

-N new_name: Modify group name;

　　　 To Delete a group :

# groupdel [options] GROUP

　　　 Add Users :

# useradd [options] Login name

-c,–comment Comment: Note information, typically full Name:

-d,–home/path/to/home_dir: Home directory path, the target path can not exist beforehand, otherwise there will be a warning, will not copy Skel related files to the user;　

-g,–gid Group: The user's basic team name or GID;

-g,–groups group1[,group2,... [, GROUPN]] : The list of additional groups to which the user belongs, separated by commas, with no spaces in between;

-m,–create-home: Forced to create home directory;

This parameter is commonly used when the Create_home variable is set

-M: Do not create user home directory, even if the system is set in/etc/login.defs (Create_home) is yes;

-r,–system: Create a System account

The UID used to create the system is within 0-999. And does not create a home directory

-s,–shell Shell: The user's login shell name, default is left blank, let the system according to the shell variable in the/etc/default/useradd to select the default login shell;

-u,–uid UID: The numeric value of the user ID. This value must be unique unless the-o option is used. This value must be non-negative, with a default value greater than or equal to uid_min, and greater than any other user ID minimum.

Note: When you create a signed-in user, the shell program for which you are customizing must be a login shell and be located in the/etc/shells file;

# useradd-d: Displays the default settings when creating a user;

　　　　　　　　　　　　　　# useradd-d option: Set a default option;

-e,–expiredate expire_date: The expiration period of the user account, which will be locked after expiration, the date is specified in the YYYY-MM-DD format

-f,–inactive Inactive: The number of days before the account is completely disabled after the password expires. 0 means disable now, 1 means disable this feature.

　　　　Configuration file:

To provide the user with a default configuration profile:

/etc/login.defs,/etc/default/useradd

Shadow password file:/etc/shadow

/etc/shadow the meaning of each field:

Login Name: Password: Last modified: Minimum password Age: Maximum password Age: Number of days ahead of warning: Inactive period: Date of inactivity: Reserved field

　　　　　To Modify your account information :

　　　　　　　　　　# Usermod [options]

-c,–comment Comment

-d,–home Home_dir: Modify the home directory to a new location, but you should generally use the-m option to ensure that the files in the original home directory are moved to the new directory;

-g,–gid GROUP

-g,–groups GRO up1[,group2,... [, GROUPN]] : The original additional group is overwritten when modified, and the-a option is used together to indicate adding new additional groups to the user;

-l,–login new_login: Modifies the user name of the current user;

-s,–shell Shell

-u,–uid UID

-l,–lock: Locks the user's password. This will place a "!" before the user encrypts the password.

-u,–unlock: Unlocks the user's password. This will remove the encrypted password before the "!"

　　　　 Delete user account :

# userdel [options] Login name

-r,–remove: Files in the home directory will be deleted with the user's main directory and the user's mailbox

　　　　　Password management commands :

(1) # passwd: Modify your password;

(2) # passwd Username: Modify other user's password, only root has this permission;

Password complexity:

(1) not less than 8 characters;

(2) You cannot use passwords that are too similar to past passwords;

(3) At least three classes of four characters should be used;

Options:

-L: Lock password

-U: Unlocking and decrypting

-D: Clear Password

Unlike Usermod, PASSWD has two in front of the password when locked!! No.

Special usage: You can avoid interactive

–stdin: Receive the password from the standard input;

echo "PASSWORD" | Passwd–stdin USERNAME

　　　　　　to add a password to a group :

Group Password file:/etc/gshadow

# GPASSWD [options] Group

-A USERNAME: Add the user to the group;

-D USERNAME: Remove this user from this group;

　　　　　　　　　　# NEWGRP command: Log in to a new group

　　　　　　　　　　# chage command: Modify the user account for various deadlines;

　　　　　　　　To View user-related information :
　　　　　　　　　　# ID UserName
-U: Display uid, used with-N to display user name
-G: Displays the base group ID, which is used with-N to display the base group name
-G: Displays all group IDs. Use with-N to display all group names

To modify a user's property definition:
　　　　　　　　　Modify user Default Shell:# Chsh
Modify User comments:# CHFN

To switch users:
　　　　　　　　　Su:switch User
To switch users:
　　　　　　　　　　　　　　# Su Username
-L (No-l non-login toggle): Login Switch
-C "COMMAND":

10, self-study--linux learning progress and Tasks "user and user group related actions"