12. User and group account management

1. User account

A Normal user account: Normal user's task on the system is to do normal operation

B Superuser account: The Administrator's task on the system is to manage the normal user and the entire system. Have absolute control over the system and be able to perform all operations on the system.

2. Group accounts

A. Private group: When a user is created without specifying which group to belong to, Linux creates a private group with the same name as the user, which contains only that user.

B Standard group: When a user is created, a standard group can be selected, and if one user belongs to more than one group at the same time, the group to which the login belongs is the primary group, and the other is the additional group.

3. Account System files

A /etc/passwd each row defines a user account, which is readable for all users. Each line of accounts contains the following information:

User name: Password: User id: Group ID: NOTE: Host directory: Command interpreter

Root:x:0:0:redhat Linux:/root:/bin/bash

The password is x, which indicates that the user's password is protected by the/etc/shadow file.

User identification number: Unique within the system, the root user uid is 0, the average user starting from 1000, 1-999 is the system's standard account

Host directory: The directory that the user enters after logging in to the system

Command interpreter: Specifies the shell that the user uses, the default is/bin/bash

B /etc/shadow in order to increase the security of the system, the user password is usually protected with shadow passwords. Only the root is readable. Each line contains the following information:

User name: Password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time: Flag

Root:$1$k4gxdkjf$tikrvwuldq6oq4heofigq/:14831:0:99999:7:::

Last modified: From 1970-1-1 onwards, the number of days that the user last changed the password

Minimum time interval: the number of days from 1970-1-1 to which the user can change the password

Maximum time interval: The number of password days that must be changed since 1970-1-1

Warning TIME: Notification days before password expires

Inactivity Time: The number of days to disable an account after the user's password expires

C /etc/group

A means by which Linux manages and controls access to users when they are grouped. There can be multiple users in a group, and one user can belong to more than one group at a time. The file is readable to all users.

Group name: Group Password: GID: Group member

Root:x:0:root

D /etc/gshadow

The file user-defined user group password, group Administrator and other information is only readable by the root user.

Root:::root

4. Manage your account using the command line tool

? useradd username? useradd–u (uid number)? useradd–p (password)? useradd–g (group)? Useradd–s (SHELL) (user directory)? useradd–d (new UID)? Usermod–d (user directory)? Usermod–g (group name)? Usermod–s (SHELL)? Usermod–p (new password)? usermod–l (New login)? usermod–l (lock user account password)? usermod–u ( Unlock user account)? Userdel User name (delete user account)? Userdel–r Delete the account when deleting the directory (-d directory specified with the home directory, if this directory does not exist, you can also use the-M option to create a master directory.
Useradd-m Sam

Useradd adds a user name and creates a group name that is the same as the user name, but it does not create a directory based on the user name in the/home directory and does not prompt for a new password.

AddUser, the process of creating a user is more like a man-machine conversation, prompting you to enter a variety of information and then creating a new user for you based on that information.

5. Group account maintenance commands? Groupadd Group account name (Create New group)? Groupadd–g Specify group Gid?groupmod–g change the Gid?groupmod–n change group account name? Groupdel Groups account name (delete specified group account) 6. Password Maintenance commands ? passwd user account name (set user password)? passwd–l user account name (lock user account)? Passwd–u user account name (unlock user account)? Passwd–d user account name (delete account password)? Gpasswd–a user account name group account name Specify the user to add to the specified group? GPASSWD–D user account name group account name (remove user from the specified group)? Gpasswd–a user account name group account name (Administrator designated as Group) 7. User and group status commands? SU user name Switch user account VSU Rootvsu-r Oot?id User Name Displays the user's Uid,gid?whoami displays the current user name? Groups displays the group to which the user belongs? Sudovcat/etc/sudoers (sudo is a tool that allows a system administrator to allow a normal user to perform some or all of the root commands, such as Halt,reboot,su and so on. This not only reduces the login and administration time of the root user, but also improves security. sudo is not a substitute for the shell, it is for each command. There are several main features of this:
§sudo can restrict users from running certain commands on a single host.
§sudo provides a rich log of what each user has done in detail. It can upload logs to a central host or log server.
§sudo uses a timestamp file to perform a similar "ticket-check" system. When the user calls sudo and enters its password, the user obtains a ticket with a survival period of 5 minutes (this value can be changed at compile time).
The §sudo configuration file is a sudoers file that allows system administrators to centrally administer user permissions and use the host. The location where it is stored defaults to/etc/sudoers, and the attribute must be 0411. ）

12. User and group account management