File formats and default parameter definition files for authentication and parsing libraries in users and groups in Linux

Source: Internet
Author: User


Parse Library:/etc/passwd,/etc/group of group names and groups

Certification library:/etc/shadow,/etc/gshadow group password related content storage location


Files related to user accounts and group accounts are:

/etc/passwd

/etc/group

/etc/shadow

/etc/gshadow

/etc/default/useradd

/etc/login.defs (default property for login)

/etc/skel (home directory default storage file)


/ETC/PASSWD (information about the user):

The format of the user account in/etc/passwd (the new user account is stored in this directory using the Append method):

Root:x:0:0:root:/root:/bin/bash

1 2 3 4 5 6 7

650) this.width=650; "src=" Https://s3.51cto.com/oss/201711/08/38f539beef1b8dd14c96ddea36221758.png "title=" 1.png " alt= "38f539beef1b8dd14c96ddea36221758.png"/>

1: Login name of user account;

2: Use "x" to indicate the password placeholder, ensure that the data format does not change (formerly the location of the password, in order to secure the user account, in order to ensure that the location format does not change, with x instead);

3: Uid of the User:

4; The user's GID, which is the ID of the basic group of the user account;

5: Note information, such as: User position, user's full name, etc.;

6: Absolute path to the home directory of the user account (must be an absolute path);

7: Default login shell for user account;


/etc/group (For information about group accounts):

root:x:0:

1 2 3 4

650) this.width=650; "src=" Https://s4.51cto.com/oss/201711/08/d30ad4ae21002eb87615f885fe0b60fd.png "title=" 2.png " alt= "D30ad4ae21002eb87615f885fe0b60fd.png"/>

1: Group account name;

2: Group account password placeholder;

3: GID of group accounts;

4: A list of users with this group as additional groups, separated by "," between multiple user names;


/etc/shadow (User password location):

root:$6$ros3gbygl29jcae4$tdkzupufqm6g8u5g7eka8kuvs/enhphjosdgftdsuwde.qncrtricduvqobqydl2zrpxeid7xfwby9yt/ nuxf/:: 0:99999:7::: 650) this.width=650; "Src=" https://s1.51cto.com/oss/201711/08/ 47e1c110c73ae0c1356568d3d13e2b5a.png "title=" 1.png "alt=" 47e1c110c73ae0c1356568d3d13e2b5a.png "/>

Separated by a colon is 1 2 3 4 5 6 7 8 9, nine bits, meaning the following:

1: Login name of user account;

2: Password encryption algorithm +salt+ password encryption results;

3: The last time the password is changed, its representation is: the number of days from January 1, 1970 to the date represented by the current system time;

4: User password minimum period of use (how long the password can not be changed, if 0 means change password at any time, the number of days in units);

5: User Password maximum age (how long does not need to change the password also can log in normally)

6: The user password is used for the maximum number of days before the longest use period, when the user logs on to the system to send a warning message, the default is 7 days;

7: After the expiration of the user grace period (password expires after the use, password expires in the grace period will prompt to change the password, in the grace period outside the password lock, the default is endless);

8: The absolute expiration date of the user password, the absolute expiration time, its representation is: from January 1, 1970 to the date indicated by the specified date of the number of days (the absolute validity of the password will definitely expire);

9: reserved, not used;


/etc/gshadow (password authentication information for group accounts):

Root::

1 2 3 4

650) this.width=650; "src=" Https://s2.51cto.com/oss/201711/08/ce0d9fe2a08b47477ff958d06c51ef20.png "title=" 2.png " alt= "Ce0d9fe2a08b47477ff958d06c51ef20.png"/>

1: Name of the group account;

2: Encryption password for group account;

3: Group administrator, now obsolete, reserved for empty;

4: A list of user accounts with this group as additional groups;

Command:

GPASSWD: Set the password of the group and the members of the management Group;

Format: gpasswd [option] GROUPNAME

-A USERNAME: Adds the user specified by-A to the specified group;

-D USERNAME: Removes the user specified by-D from the specified group;


NEWGRP: Re-login to the system with a new group, need to be assigned the correct password settings (if no password, this operation can not be done, after logging off this command to restore the original settings, want to permanently valid, you must modify the configuration in the file);

Format: NEWGRP [-] [group]





/etc/default/useradd:

Role: A file that defines the default values for user properties when creating a user

650) this.width=650; "src=" Https://s5.51cto.com/oss/201711/08/7968172034e39f0fe940b2614dc7bbac.png "title=" 1.png " alt= "7968172034e39f0fe940b2614dc7bbac.png"/>

# useradd defaults file

GROUP=100//When creating a user, if the user is not assigned a base group, the user is assigned a group with the same user name as its base group;

Home=/home//When you create a user, if you do not specify a home directory for the user, a directory with the same name as the user is created in the/home directory;

Inactive=-1//When creating a user, set the grace period after the user password expires, default to-1, meaning to turn off the user password expiration grace function, that is, the grace period is forever;

expire=//When creating a user, set the absolute expiration date of the user password, which is not enabled by default;

Shell=/bin/bash//When creating a user, set the user's default login shell, the default value is/shell/bash;

Skel=/etc/skel//templates for default files that are provided for the user's home directory when the user is created;

Create_mail_spool=yes//When creating a user, whether to create a mailbox file directly for the user, created by default;


/etc/login.defs:

Function: Define shadow_utils related properties, including user mailbox path, password time parameter, UID and GID range, delete user account command, set private group (contain only one user and act as the user's primary group), permission bit mask, home directory creation switch, password encryption algorithm;

650) this.width=650; "src=" Https://s2.51cto.com/oss/201711/08/66510efefbb953e877115f87f674af15.png "title=" 2.png " alt= "66510efefbb953e877115f87f674af15.png"/>


Mail_dir/var/spool/mail

Specifies the path to a user-specified mailbox when the user is created

Pass_max_days 99999

Pass_min_days 0

Pass_min_len 5

Pass_warn_age 7

Settings related to the time parameter of the password


Uid_min 1000

Uid_max 60000

# System Accounts

Sys_uid_min 201

Sys_uid_max 999

Specify a selection range for the default ID


Gid_min 1000

Gid_max 60000

# System Accounts

Sys_gid_min 201

Sys_gid_max 999

Specify a selection range for the default ID


Userdel_cmd/usr/sbin/userdel_local

Specify the command to use when deleting a user


Create_home Yes

Whether to create a home directory for users when creating a user


UMASK 077

Mask that specifies the default permissions for the user home directory


Usergroups_enab Yes

Whether to turn on the private group switch


Encrypt_method SHA512

What algorithm to use for encryption



/etc/skel (catalog directory):

Function: Provides the default file for the newly created user's home directory;



This article from "Maureen Blog" blog, declined reprint!

File formats and default parameter definition files for authentication and parsing libraries in users and groups in Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.