1. User identifier UID and GID/etc/passwd articlePiece structure: There are several lines that represent a few accounts in your system with each line: Split, altogether 7 fields. 1. Account name 2. Password: Get up early Unix, now put the password data in the/etc/shadow file, where x means that 3.uid:0 represents the system administrator. 1-499: System account 500-65535: General users with 4.GID:/etc/group about 5. User Information description, this field can provide a lot of information when using finger. 6. Home folder 7.Shell: A Shell obtained after the user logs into the system.
/etc/shadow articlePiece structure: Total 9 fields 1. account name 2. Password 3. Date of recent password change: the date of accumulation starting in 1970/1/1. echo $ ((date--date= "2008/09/04" +%s)/86400+1) View the number of days added to a date 4. Non-modifiable days: not allowed to change again in a few days 5. Number of days to modify: Change 6 after setting the password. Password modification Days before deadline 7. Grace time after password expires (password expiration period) 8. Account expiration Date 9. Keep root forgotten password: Restart into user maintenance mode, the system actively gives the root privileges of the Bash interface; Mount the root directory after booting to the live CD to modify the/etc/shadow, empty the password inside; 2. Valid with initial user group Groups,newgrp/etc/group articlePiece structure four fields 1. User group name 2. User group password: often used for user group administrators, the same password has been moved to/etc/gshadow, currently using X instead of 3.GID 4. The user that the user group supports, if you want to add a user to the user group, add In: usr the GID for each user in the fourth column of/etc/passwd is the initial user group. When a user supports a multi-user group, the user group to which the file is created depends on the active user group (effective group) groups: Viewing the active user group with the groups Directive, the first output is a valid user group. NEWGRP: Use the NEWGRP instruction to switch the active user group, the user group that you switch must be the user group that you support. Using NEWGRP to change the currently active user group is to provide this functionality with a different shell. If you want to return to the original environment, you can use Exit to return to the original shell.
/etc/gshadowFile Structure four fields: 1. User group name 2. Password column, start with! Indicates no legal password, so there is no user group administrator. 3. User group Admin Account number 4. Account number of the user group: same as in/etc/group
3. New and deleted users: Useradd useradd:useradd [-u uid] [-G initgrp] [-G secondary GRP] [-mm] [-C info] [-D homedir] [-s Shell] Usern AME-E: After the date, format yyyy-mm-dd, can write shadow eighth, account expiration date-F: followed by Shadow 7th, specify whether the password will expire, 0 for immediate failure, 1 for the user to never fail to create the modified file: /ETC/PASSWD:/etc/shadow:/etc/group: Create a directory with the same master folder as the account. If the user specifies a user group when the user is created, the user group with the same name as the account is not actively created in/etc/group. Useradd Reference file: useradd-d: List useradd default values, this default value data from:/etc/default/useradd.GROUP=100: Initialize user group for new account use GID as 100 private user mechanism: The system creates an account-like user group as the initial user group. Public user mechanism: use gid=100 as the initial user group for the new account. Home=/home: Use the home folder base directory. Inactive=-1: Password Setting Value: Shadow 7th field expire=: Account Expiration Date: Shadow 8th field Shell=/bin/bash:ske L=/etc/skel: Home folder Reference Base directory: All data in the master folder is copied by/etc/skel, including. BASHRC Create_mail_spoll=yes: Create a user's mailbox additionally, the UID /gid also has the password parameter reference:/etc/login.defsMailbox directory; Shadow password 4,5,6 field content udi/gid specified value; Set value with home folder; user delete and password settings; use Useradd When you create a user, you will see:/etc/default/useradd/etc/login.defs/etc/skel*
4.PASSWD command Create password: Default user created, blocked, unable to sign in echo "AFDFGDGF" |passwd--stdin vbird1 passwd [-l] [-u] [--stdin] [-S] [-N days] [-X days] [w days] [--date] account #root功能 -l:lock meaning, will be added before shadow second column! , the password is invalid. -u: In contrast to lock, unlock meaning -s: List password-related parameters, and most content in shadow  -N: Number of days, 4th field, how many days are not modifiable -x: 5th, how many days must be modified  -W: First 6 segment, password expiration warning days -i: 7th, password expiration date passwd Not with the account is to modify their own password, with the account is to modify others password. 5.chage Displays the detailed password parameters. chage [-LDEIMMW] account name -L: List Account Details password parameters &NBSP ; -D: Modify shadow third field, change password recently, set 0, force user to change password &NBSp -E: Modify shadow eighth field, account expiration date, set 0 then the account cannot be used -I: Modify shadow seventh field, password expiration date & nbsp -M: Modify the Shadow fourth field, Minimum password retention days -M: Modify Shadow Fifth field, how long the password needs to be modified & nbsp -W: Modify shadow Sixth field, password warning date usermod: Fine-tune the account information  USERMOD [-cdegglsulu] username & nbsp -C:/ETC/PASSWD Fifth Column Description field -d:/etc/passwd Sixth Column main folder &N Bsp -e:/etc/shadow eighth field, account expiration Date -f:shadow seventh field, Password expiration date -g:passwd fourth field, i.e. gid -G: Group file, secondary User groups -L: Edit account name, passwd first column -S: &NBS P Next shell actual file -u: Modify passwd third column,uid -L: &nbs P Freeze password in shadowPassword column Plus! -u: Remove password before! userdel: Delete password Delete user data:/etc/passwd,/etc/shadow /etc/group,/etc/gshadow & nbsp /home/username,/var/spool/main/username Userdel [-R] username -R: Deleted together with the user's home folder. 6. User features finger: View user information, mostly/etc/passwd file information finger [-S ] username  -S: List only user account, full name, terminal code and login time &NBSP ;  -M: List the same person as the next account,  CHFN: A little change finger meaning -F: Next full name -o: Office room no &NBSP ; -P: Office Phone &nbsP -H: Home phone chsh:change shell abbreviation. -L: List system available shell -S: Modify your shell &NB Sp CHFN, Chsh permissions when suid, so that ordinary users can use it. id: Query for uid/gid information about someone or yourself ID username7. New and deleted users gro upadd: Groupadd [-G GID] [-r] User group name &NBSP ;-g:  -R: New System user group, with/etc/ Gid_min in Login.defs about Add File data:/etc/group /etc/gshadow Groupmod: Similar to usermod -G: Modify GID numbers (don't change gid) &NBS P -N: Modify existing group name groupdel: Delete user group  GPASSWD: User group admin function GPASSWD groupname &NBsp GPASSWD [-A username,...] [-M User2] groupname GPASSWD [-RR] groupname -A: Group Name control to a user after-a -M: Add some accounts to the reorganization -r: Remove the groupname password and nbsp -r: GroupName password Bar expires GPASSWD [-ad] User groupname   ;  -A: Add a user to GroupName -d: A Users removed from groupname  CHGRP: Modify group 8. Specific permissions for the host: ACL Usage (access control list)  ACL related to file system support, ACLs are supported by the vast majority of file systems. dumpe2fs-h/dev/hda2 See if acl is turned on in superblock mount-o remount,acl/ &NB Sp Open acl Long-term modification support ACL, modify/etc/fstab file, add LABEL=/1 & nbsp;/ ext3 defaults,acl acl Setup tips: GETFACL,SETFACL&NBsp  SETFACL [-BKRD] [{-m|-x} ACL parameters] target file name -M: set subsequent ACL parameters and cannot be combined with-X &NB Sp x: Remove subsequent ACL parameters, cannot be combined with-M -B: Remove all ACL settings parameters -K: Delete default ACL parameters -r: Recursive settings acl -D: Set default ACL parameters, only valid for directory The data created in this directory references this default value!
Setfacl-m u:vbird1:rx acl_test1 #acl_test1文件加入vbird1用rx权限 setfacl-m u::rwx acl_test1 #不加用户代表该文件的所有者 Setfacl-m g::rwx Acl_test1 #不加组名, which represents the user group for the file
9. User identity Switch su  SU- read to loginshell  SU No-toggle, read variable set to No N-login Shell Way, sudo [-b] [-u new user account] -B: After The continuation of the command allows the system to execute itself, does not affect the current shell -u: After the user to switch, if there is no such item, for root status when executing sudo, The system determines whether the user has permission to execute sudo in the/etc/sudoers file. If the user has sudo permission, let the user enter their own password to confirm; If the password succeeds, then execute sudo command & nbsp; modify/etc/sudoers file with visudo command sudoers content with four fields root all= (All) ALL 1. User account: Used to indicate that those users can execute sudo commands 2. login host, default root for any network host 3. switchable identity, 4. Executable commands %groupname all= (All) & nbsp All #加% indicates that users of this user group can perform sudo %groupname all= (All) Nopasswd:all & nbsp #免密码执行 myuser1 all= (root)  /USR/BIN/PASSWD #务必使用绝 To paths myuser1 all= (root)  !/USR/BIN/PASSWD,!/USR/BIN/PASSWD ROOT,!/USR/BIN/PASSWD [[: alpha:]*] #务必使用绝对路径 by alias visudo: user_ Alias ADMPW=pro1,pro2,pro3 cmnd_alias admpwcom=!/usr/bin/passwd,!/usr/bin/passwd root,!/ USR/BIN/PASSWD [[:alpha:]*]  ADMPW all= (All) admpwcom
Cmnd_alias (Command alias) Host_alias (host alias)
10. User Special shell and Pam module PAM module invoke process: 1. User When you execute passwd, and enter a password  2.PASSWD call the PAM module for validation; &NB Sp The 3.pam module looks for a profile with the same name as passwd according to/etc/pam.d/  4. Based on/ The settings within the ETC/PAM.D/PASSWD, referencing the relevant PAM module for validation analysis. 5. Pass the result of the validation (unsuccessful or otherwise) back to the passwd program.  6.PASSWD the next action based on the return information of Pam. (ref. P437) 11. User's information transfer query:w,who,last,lastlog User talk:write,mesg,wall Write user account [user's terminal port] Write Root tty2 infomation crtl-d end input & nbsp When you do not want to have a message immediately interrupted, can execute MESG N, will not receive any messages, except the root user. View current status with MESG, wall for broadcast 12. User mailbox Mail13. Manually added user  PWCK: Check/etc/ passwd the account information and the actual home folder exists, and/etc/passwd and/etc/shadow information is consistent  PWCONV: Mainly to move the account number and password in/etc/passwd to/etc/ The shadow. This is due to the lack of shadow design in the early UNIX.  PWUNCONV: Break the password in/etc/shadow to/etc/passwd and remove/etc/shadow  CHPASSWD: Read in unencrypted password, and writes the encrypted password to the shadow. Often used to create users in batches.
Brother Bird's Linux private dishes 7-------14 Chapter Linux account management and ACL permissions settings