User and group management and user Group Management

User and group management and user Group Management

1. User Account
A. Common User Account: common users perform common operations on the system.
B. Super User Account: the Administrator's task on the system is to manage common users and the entire system. It has absolute control over the system and can perform all operations on the system.

 

2. group account
A. Private Group: When you create A user without specifying the group to which the user belongs, Linux creates A private group with the same name as the user. This private group only contains this user.
B. Standard group: When you create a user, you can select a standard group. If a user belongs to multiple groups at the same time, the group to which the user logs on is the master group, and the other is the additional group.

 

3. Account System Files

A./etc/passwd each line defines A user account, which is readable to all users. Each account contains the following information: User name: Password: User ID: Group ID: Comment: Home Directory: Command Interpreter root: x: 0: 0: RedHat Linux:/root: the/bin/bash password is X, indicating that the user's password is protected by the/etc/shadow file. It is unique in the system and the UID of the root user is 0, A common user starts from 1000, and 1-is the system's standard account home directory: the directory command interpreter that the user enters after logging on to the system: Specifies the shell used by the user. The default value is/bin/bash.

B./etc/shadow to improve system security, the user password is usually protected by shadow passwords. Only root readable. Each line contains the following information: User name: Password: last modification time: minimum interval: maximum interval: warning time: inactive time: expiration time: Flag root: $1 $ K4gXdkjf $ TIKrvWuldq6oQ4HEoFIGQ/: 14831: 0: 99999: 7 ::: last modification time: minimum interval from January 1, to the number of days when the user last changed the password: maximum time interval from January 1, to the number of days the user can change the password: From January 1, to January 1, the number of days the password must be changed warning time: notification of no activity time before the password expires: the number of days after the user password expires until the account is disabled

C./etc/group is a way for Linux to manage users and control access permissions when users are grouped. A group can have multiple users. A single user can belong to multiple groups at the same time. This file is readable to all users. Group Name: group password: gid: group member root: x: 0: root

D./etc/gshadow the file user-defined user group password. The Group Administrator and other information are only readable by the root user. Root: root

 

4. Use the command line tool to manage accounts

① User

Useradd Username
Useradd-u (UID)
Useradd-p (password)
Useradd-g (Group)
Useradd-s (SHELL)
Useradd-d (user directory)
Usermod-u (New UID)
Usermod-d (user directory)
Usermod-g (group name)
Usermod-s (SHELL)
Usermod-p (new password)
Usermod-l (New login name)
Usermod-L (Lock user account password)
Usermod-U (unlock user account)
Userdel username (delete user account)
Userdel-r: delete directories When deleting accounts

Eg:

Eg1: add an account

Useradd-m ltw parameter-m is used to set the system to automatically create the user root directory when adding an account

Eg2: Modify the logon name of The ltw account
Usermod-l litingwei ltw

Eg3: Modify the logon directory of the litingwei account (Note: You need to manually create the litingwei directory before modification)

Usermod-d/home/litingwei

Eg4: the password of the litingwei account is locked.

The account is unavailable after usermod-L litingwei is locked.

Eg5: Unlock the password of the litingwei account

Usermod-U litingwei

 

5. group account maintenance commands

Groupadd group account name (create new group)
Groupadd-g specify group GID
Groupmod-g: the GID of the reorganization
Groupmod-n change the account name
Groupdel group account name (delete specified group account)

Eg:

Eg1: Add a group groupadd superman
Eg2: Modify the superman group groupmod-g 355 superman
Eg3: Delete the superman group groupdel superman

6. password maintenance command

Passwd User Account Name (Set User Password)
Passwd-l User Account Name (locked)
Passwd-u User Account Name (unlock user account)
Passwd-d User Account Name (delete account password)
Gpasswd-a user account name group account name (add a specified user to a specified group)
Gpasswd-d user account name group account name (delete the user from the specified group)
Gpasswd-A user account name group account name (designate the user as the Group Administrator)

Eg2: Modify the root password (the root password has not been set. You need to set the password before using it)

Passwd root

 

7. user and group status commands

Su user name switch user account su root su-root
Id: indicates the UID and GID of the user.
Whoami displays the current user name
Groups displays the user group
Sudo cat/etc/sudoers

Sudo is a tool that allows the system administrator to allow common users to execute some or all of the root commands, such as halt, reboot, and su. This not only reduces the login and management time of the root user, but also improves the security. Sudo is not a substitute for shell. It is intended for every command. It has the following features:

§ Sudo can restrict users from running certain commands only on a host.
§ Sudo provides a wide range of logs that detail what each user has done. It can upload logs to the central host or log server.
§ Sudo uses a timestamp file to execute a similar "ticket checking" system. When the user calls sudo and enters its password, the user receives a 5-minute ticket (this value can be changed during compilation ).
§ The Sudo configuration file is a sudoers file, which allows the system administrator to centrally manage user permissions and hosts used. It is stored in/etc/sudoers by default, and the attribute must be 0411.