2015-03-20linux User and Group management

Course Outline:
1./etc/passwd View all users of the system
Separated into 7 fields by:
(1) User name rules: uppercase and lowercase letters, numbers, minus signs (not appearing in the first place), dots, and underscores, other characters are illegal
(2) x put the password and put it on the/etc/shadow for security reasons.
(3) UID (0-4294967294=2^32-2) root uid=0 1-499 system reserved Normal account is starting from 500
(4) GID correspondence/etc/group
(5) Note that the field does not make any sense, and usually records some of the user's attributes, such as name, phone, address, etc. change with CHFN
(6) User home directory
(7) Shell/bin/bash,/bin/false,/sbin/nologin
Sun:x:501:501::/home/sun:/bin/bash
2./etc/shadow
Use: Separate 9 fields
(1) User name
(2) password, encrypted with SHA-512, irreversible
(3) The date the password was last changed, for example, the last time the password was changed is January 1, 2012, then this value is ' 365 x (2012-1970) + 10 + 1 = 15341 '.
(4) How many geniuses can change the password, 0 unlimited
(5) The number of days after the password expires, the default is 99999, can be understood to never need to change
(6) Warning period before expiry of password

(7) Account expiration period, how many days after expiration lock account

(8) Life cycle of account
(9) as a reserved use, no meaning

sun:$6$pztlxaxm$pgcboc59vpayho85g6rsquzhaz0s824h9jbv/bnab4ag8it.1a/gwneukk71wr1bc5nvyxztp6kurda6cghyn/ : 16648:0:19:7::16648:

[email protected]: ~# chage-m 9 Sun
[email protected]: ~# Cat/etc/shadow

Wang/$....obb.:2:5:6:7:4:3:

-D 2 3

-E 3 5

-I. 4 7

-M 5 4

-M 6 5

-W 7 6

-D,--lastday Last date set the most recent password setting time to "Last Date"
-E,--expiredate expiration date set account expiration to "Expiration date"
-H,--help displays this help message and exits
-I, the--inactive expired password will be disabled due to expiration of the password is set to "Invalid password"
-L,--list display account age information
-M,--mindays the minimum number of days to change the minimum number of days between passwords is set to "minimum days".
-M,--maxdays maximum number of days will change two times the maximum number of days between passwords is set to "Maximum days"
-W,--warndays warning days set expiration warning days to "warning days"

Vi/etc/login.defs Change Pass_max_days 99999 to 9

3. Add/Remove Users and Groups
Groupadd-g specifying GID
Groupdel If there are users within the group, you cannot delete
Useradd-u-g-d Specify home directory-m do not build home directory-S custom shell
Userdel-r Delete a user's home directory
CHFN Finger
4. Create and modify user passwords
passwd
Rules for creating passwords: longer than 10, with uppercase and lowercase letters and special characters, irregular, not with your own name, company name, your phone, your birthday, etc.
MKPASSWD Generate password tool, install expect package
5. User Identity Switch
Su-Used to initialize environment variables $PATH $HOME, etc.

Su can switch between users, what is power if superuser root switches to normal or virtual users without the need for a password? That's it! And the normal user to switch to any other users need password authentication;
sudo su to root requires input of root password is not secure

With sudo, we can delegate certain super powers to a targeted, sudo can also be called a restricted su;
Visudo Edit/etc/sudoers config file no command required to install Yum install-y sudo
Format: User host= (As_user) commands
For example: aming all= (Root)/bin/ls//It means, let aming this ordinary user, have root authority, for LS this command.
Application: Only allow the use of ordinary account login, and ordinary account login, you can not enter the password to sudo switch to the root account (root does not allow remote login)
User_alias user_su = Test, test1, aming//user alias, can write multiple users
Cmnd_alias SU =/bin/su//aliases for commands, multiple commands can be written
User_su all= (All) NOPASSWD:SU//The nopasswd means that the normal user does not need to enter their own password when using sudo.
Extended Learning:
1. KeePass Http://www.keepass.info
2. Usermod the difference between locked accounts and passwd locked accounts
3. A little doubt about the SU command
4. The difference between Su and sudo
5. Sudo-i can also log in to root?
6./etc/shadow Second paragraph password detailed introduction
7. Manually add the user's method http://www.aminglinux.com/bbs/thread-7616-1-1.html
8. Sudoer instance http://www.opensource.apple.com/... sudo/sample.sudoers

2015-03-20linux User and Group management