Basic concepts and commands for CentOS users and groups
User Group:
Group type:
Administrator Group
Common User Group
System Group
Logon Group
Group ID: GroupID and GroupID
(Normal user 1-65536)
Administrator group: 0
Common User Group:
System group:
CentOS 5, 6: 1-499
CentOS 7: 1-999
Logon group:
CentOS 5, 6: 500 +
CentOS 7: 1000 +
Name resolution: groupname <--> gid
Resolution Library:/etc/group
Group type: user-centered
User master group: basic group; -----"
The user's container can form a logical concept and logical component for multiple users.
User's additional group: additional group;
Group type: divided by the users in the group
Private Group: it is the same as the user name and has only one user;
Public group: the Group contains multiple users;
Authentication Mechanism: The verified user is indeed the person he claims;
Compare the information stored in advance with the information provided during logon;
Where to store:
User Authentication Information Library:/etc/shadow -- shadow-shadized Password File
Authentication Information Library of the group:/etc/gshadow
Password: Encrypted storage. One-way encryption mechanism is used;
One-way encryption: Only data can be encrypted and cannot be decrypted. Data signature is extracted. The same password is used for encryption and decryption.
Same data: the encryption results are the same;
Fixed Length output:
Avalanche effect:
Algorithm:
Md5: message digest, 128 bits
Sha1: secure hash algorithm, 160 bits
Shares'
Sha256
Sha384
Sha512
Add salt: Get the random number. Add centos and gentoo users in the operation. The password is 123456, but the password information displayed in/etc/shadow is different because salt is added during calculation. prevents the same security risks
Random Number:
Entropy pool:
Pseudo-Random Number: Simulated by software;
/Dev/random: only the random number is returned from the entropy pool. When the random number is exhausted, the process will be blocked;
/Dev/urandom: returns a random number from the entropy pool. When the entropy pool is exhausted, the random number is returned from the pseudo-random number generator;
Zookeeper ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
User Information Library/etc/passwd
Hehe: User Name
X: it can be a password, a shadow password, or a placeholder. It was stored here earlier and is now stored in/etc/shadow.
501: User ID, UID
501: User Group ID, GID. ID of the user's main group
/Home/hehe: user's home directory
/Bin/bash: the default shell
Zookeeper ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Security Context:
Process: runs as a user. The operation permission of a process on resources depends on the user it represents;
File: Permission Model
Owner: owner
Group: group
Others: other
Mechanisms for the permission model to take effect:
The operator of the process:
Whether it is the same as the file owner. If yes, access the file as the file owner; otherwise
Indicates whether the object belongs to the file group. If yes, the object is accessed as a file group; otherwise
Access the file as another user of the file;
User and group management:
Mainly using commands:
GROUP: groupadd, groupmod, groupdel
User: useradd, usermod, userdel
Authentication: passwd
Group Resolution library file:/etc/group
Kgname: x: GID: user1, user2 ,...
Group Name: Password point: GID: list of users in this group as an additional group, separated by commas
Groupadd command: Add Group
Groupadd [Option] group
-G GID: indicates the GID;
-R, -- system: system group;
Groupmod command: Modify group information
Groupmod [Option] GROUP
-G GID
-N NEW_NAME: modifies the group name;
Groupdel command: Delete Group
Groupdel [Option] GROUP
User resolution Library:/etc/passwd
Name: password: UID: GID: GECOS: directory: shell
Useradd command: Add User
Useradd [Option] Login Name
-C, -- comment COMMENT: comment information, generally Full Name;
-D, -- home/PATH/TO/HOME_DIR: Specifies the PATH of the home directory. The target PATH cannot exist in advance. Otherwise, a warning will be given, and skel-related files will not be used for users;
-G, -- gid GROUP: the user's basic GROUP name or GID;
-G, -- groups GROUP1 [, GROUP2,... [, GROUPN]: List of additional groups to which a user belongs, separated by commas (,), with no spaces in the middle;
-M, -- create-home: force the creation of the home Directory;
-M: do not create the user's home directory, even if the system's setting (CREATE_HOME) in/etc/login. defs is yes;
-R, -- system: Create a system account
-S, -- shell SHELL: Specifies the user's logon shell name, which is left blank by default. The system selects the default logon SHELL Based on the shell variable in/etc/default/useradd;
-U, -- uid UID: Numeric Value of the user ID. This value must be unique unless the-o option is used. This value must be non-negative. The default value is greater than or equal to UID_MIN, and greater than the minimum value of any other user ID.
Note: When creating a logon user, the custom shell program must be a logon shell and be located in the/etc/shells file;
Useradd-D: displays the default settings when a user is created;
Useradd-D option: Set a default option;
GROUP = 100: Do you want to add a private GROUP with the same name as a user when creating a user?
HOME =/home: Do you need to create a HOME directory when creating a system group, especially when creating a system group?
INACTIVE =-1: INACTIVE duration is disabled-1
EXPIRE =: If the expiration time is no time, it indicates that the instance will never EXPIRE.
SHELL =/bin/bash: default shell
SKEL =/etc/skel: Where to copy the user's skeleton Information
CREATE_MAIL_SPOOL = yes: No user is created. Set a mailbox in var/spool.
-E, -- expiredate EXPIRE_DATE: the expiration date of the user account; locked after expiration; date specified in YYYY-MM-DD format
-F, -- inactive INACTIVE: the number of days before the account is permanently disabled after the password expires. 0 indicates that this function is disabled immediately, and-1 indicates that this function is disabled.
Provide users with the default configuration file:
/Etc/login. defs,/etc/default/useradd
Shadow password file:/etc/shadow
Login Name: Password: last modification time: Password's shortest term: Password's longest term of use: days warned in advance: inactive period: account's disabled Date: reserved field
Password: $ encryption algorithm $ salt $ encrypted password string
Usermod command: Modify account information
-C, -- comment COMMENT
-D, -- home HOME_DIR: Change the home directory to a new location, but the-m option should be used at the same time to ensure that the files in the original home directory will be moved to the new directory;
-G, -- gid GROUP
-G, -- groups GROUP1 [, GROUP2 ,... [, GROUPN]: The change will overwrite the existing additional group. Use the-a option together to add a new additional group to the user;
-L, -- login NEW_LOGIN: modifies the User Name of the current user;
-S, -- shell SHELL
-U, -- uid UID
-L, -- lock: lock the user's password. This will place a "!" before the user's encrypted password.
-U, -- unlock: unlock the user's password. This will remove "!" before the encrypted password.
Userdel command: delete user account
Userdel [Option] Login Name
-R, -- remove: files in the user's home directory will be deleted along with the user's home directory and user's mailbox
Passwd command: password management command
Passwd [-l] [-u [-f] [-d] [-e] [-n mindays] [-x maxdays] [-w warndays] [-I inactivedays] [-- stdin] [username]
(1) passwd: change your password;
(2) passwd username: Modify the password of another user. Only root has this permission;
Password Complexity:
(1) It cannot be less than 8 characters;
(2) You cannot use a password that is too similar to the previous one;
(3) at least three of the four types of characters should be used;
Option:
-L: Lock the password
-U: Unlock and decrypt
-D: Clear the password
-- Stdin: Enter the receiving password from the standard;
Echo "PASSWORD" | passwd -- stdin USERNAME
Id command: view User-related id information;
Id [OPTION]... [USER]
-U: only view uid
-G: only view gid
-G: view the IDs of all groups;
-N: Display name, not ID;
Su command: switch user
When switching users:
(1) do not read the configuration file of the target user (non-Logon switch, semi-switch );
Su USERNAME
(2) read the configuration file of the target user (LOGIN switch, full switch );
Su-l USEcRNAME
Su-USERNAME
-C command, -- command = command: only run the command specified here as the specified user without executing the real identity switch operation;
Note: you do not need to authenticate the password when switching from root to any other user. A common user needs a password when switching from root to other users;
Gpasswd command: Add a password to the group
Group Password File:/etc/gshadow
Gpasswd [Option] group
-A USERNAME: adds a user to a group;
-D USERNAME: Remove this user from this group;
