10, self-study--linux learning progress and Tasks "user and user group related actions"

Source: Internet
Author: User
Tags stdin

User and user group related actions

User and user group definitions:

User: Resource acquisition identifier (resource allocation), which is one of the trusted elements of the security permission model

    User group: A user group is a collection of multiple users that facilitates authorization for a class of users who require the same permissions

Password: User authentication

Linux is a multi-user, multi-tasking operating system.

Multi- user means: Multiple people use system resources at the same time; multitasking: Running multiple processes at the same time


Categories of users and user groups:

1. User: Name resolution Library/ETC/PASSWD

A, administrator

Root User ID (UID) is 0

b, ordinary users and system users

User ID (UID) for ordinary users:

CentOS 5,6:500+

CentOS 7:1000+

System User User ID (UID):

CentOS 5,6:1-499

CentOS 7:1-999

      2. User group: Name Resolution Library/etc/group

A, Administrators group

The group ID is: 0

b, normal user group and system user group

Common User Group ID:

CentOS 5,6:500+

CentOS 7:1000+

System User Group ID:

CentOS 5,6:1-499

CentOS 7:1-999

3. User group Category:

To the user as the core is divided into:

User's primary group: Basic Group;

Additional groups for users: additional groups;

To accommodate the user to divide:

Private group: Same as user name, and only one user;

Group: Multiple users are included in the group;

Authentication mechanism for users and user groups

     The user password authentication method of Linux is used in Centos7 sha512

Authentication Information Base Storage location:

User's authentication (password) repository:/etc/shadow

Certification information base for groups:/etc/gshadow

Password: Encrypted storage, using one-way encryption mechanism

encryption method:
symmetric encryption: If encryption and decryption use the same secret Key. Des data Encryption Standard, 3DES,AES,
  Public Key cryptography: Dsa,rsa
  One-way encryption: The data entered is the same, the output is the same
  The input data is different, then the snow Collapse effect
  fixed-length output
&NB    Sp          Irreversible
  MD5: Information digest 128bits
  SHA1: Secure Hash algorithm: 160bits
  SHA256:
 sha512:

Operation:
                 # md5sum file: detect password
                 # Sha1sum file


User and user group management commands

    To Add a group :

# Groupadd [options] Group

-G GID: indicates GID;

-r,–system: System Group

To Modify group information :

# groupmod [options] GROUP

-G GID

-N new_name: Modify group name;

    To Delete a group :

# groupdel [options] GROUP

    Add Users :

# useradd [options] Login name

-c,–comment Comment: Note information, typically full Name:

-d,–home/path/to/home_dir: Home directory path, the target path can not exist beforehand, otherwise there will be a warning, will not copy Skel related files to the user; 

-g,–gid Group: The user's basic team name or GID;

-g,–groups group1[,group2,... [, GROUPN]] : The list of additional groups to which the user belongs, separated by commas, with no spaces in between;

-m,–create-home: Forced to create home directory;

This parameter is commonly used when the Create_home variable is set

-M: Do not create user home directory, even if the system is set in/etc/login.defs (Create_home) is yes;

-r,–system: Create a System account

The UID used to create the system is within 0-999. And does not create a home directory

-s,–shell Shell: The user's login shell name, default is left blank, let the system according to the shell variable in the/etc/default/useradd to select the default login shell;

-u,–uid UID: The numeric value of the user ID. This value must be unique unless the-o option is used. This value must be non-negative, with a default value greater than or equal to uid_min, and greater than any other user ID minimum.

Note: When you create a signed-in user, the shell program for which you are customizing must be a login shell and be located in the/etc/shells file;

# useradd-d: Displays the default settings when creating a user;

              # useradd-d option: Set a default option;

-e,–expiredate expire_date: The expiration period of the user account, which will be locked after expiration, the date is specified in the YYYY-MM-DD format

-f,–inactive Inactive: The number of days before the account is completely disabled after the password expires. 0 means disable now, 1 means disable this feature.

    Configuration file:

To provide the user with a default configuration profile:

/etc/login.defs,/etc/default/useradd

Shadow password file:/etc/shadow

/etc/shadow the meaning of each field:

Login Name: Password: Last modified: Minimum password Age: Maximum password Age: Number of days ahead of warning: Inactive period: Date of inactivity: Reserved field

     To Modify your account information :

          # Usermod [options]

-c,–comment Comment

-d,–home Home_dir: Modify the home directory to a new location, but you should generally use the-m option to ensure that the files in the original home directory are moved to the new directory;

-g,–gid GROUP

-g,–groups GRO up1[,group2,... [, GROUPN]] : The original additional group is overwritten when modified, and the-a option is used together to indicate adding new additional groups to the user;

-l,–login new_login: Modifies the user name of the current user;

-s,–shell Shell

-u,–uid UID

-l,–lock: Locks the user's password. This will place a "!" before the user encrypts the password.

-u,–unlock: Unlocks the user's password. This will remove the encrypted password before the "!"

     Delete user account :

# userdel [options] Login name

-r,–remove: Files in the home directory will be deleted with the user's main directory and the user's mailbox

     Password management commands :

(1) # passwd: Modify your password;

(2) # passwd Username: Modify other user's password, only root has this permission;

Password complexity:

(1) not less than 8 characters;

(2) You cannot use passwords that are too similar to past passwords;

(3) At least three classes of four characters should be used;

Options:

-L: Lock password

-U: Unlocking and decrypting

-D: Clear Password

Unlike Usermod, PASSWD has two in front of the password when locked!! No.

Special usage: You can avoid interactive

–stdin: Receive the password from the standard input;

echo "PASSWORD" | Passwd–stdin USERNAME

      to add a password to a group :

Group Password file:/etc/gshadow

# GPASSWD [options] Group

-A USERNAME: Add the user to the group;

-D USERNAME: Remove this user from this group;

          # NEWGRP command: Log in to a new group

          # chage command: Modify the user account for various deadlines;


        To View user-related information :
          # ID UserName
-U: Display uid, used with-N to display user name
-G: Displays the base group ID, which is used with-N to display the base group name
-G: Displays all group IDs. Use with-N to display all group names

To modify a user's property definition:
         Modify user Default Shell:# Chsh
Modify User comments:# CHFN

To switch users:
         Su:switch User
To switch users:
              # Su Username
-L (No-l non-login toggle): Login Switch
-C "COMMAND":









10, self-study--linux learning progress and Tasks "user and user group related actions"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.