User and group management under Linux

The relationship between a user and a group is that there are several users under the group, and each user must belong to a unique group. A group can be understood as a collection of permissions. User-managed commands are: Useradd, Userdel, Usermod, passwd, Chsh, CHFN, finger, id, chage. The commands for group management are: Groupadd, Groupdel, Groupmod, gpasswd.

(i) User roles under Linux system

Under the Linux system, the user's roles are different, the permissions and the tasks that can be accomplished are different, the user roles are identified by UID, and under Linux, the UID of the root user should be noted.

1) Root

System Administrator Super User, the system is unique, can log on the system, can operate any file and command, with the highest permissions, the UID value is 0.

2) Virtual user

Separate from the real users, such users can not log on to the system, but in the use of certain services, such users are added by default system.

3) Ordinary Real users

Such users can log into the system, but only the contents of their own home directory, limited accounts, such users are the administrator to add their own.

(ii) Introduction of user-related documents

In Windows, users can be managed by using the administrative tools of the users and groups in the Computer Management tool to manage users and groups under Linux by managing user profiles (which differ from user profiles in Windows).

1)/etc/passwd

User account file, record all user records, each line represents a user information, 7 fields have their own meaning. For example: root:x: 0:0: Root:/root:/bin/bash, these 7 fields represent user name, password, UserID, GroupID, user-related instructions, user home directory path, user's Landing shell.

2)/etc/shadow

The shadow file of the user account, contains the user's encrypted password and other information, two files complement each other to record the user information, this file can only be read and manipulated by Root. Each row contains 8 fields, with the following descriptions:

1th field, user name, 2nd field, encrypted password, 3rd field, last password change time, number of days from January 1, 1970, 4th field, how many days the password can not be changed, 5th fields, how many days must change the password, 6th fields, the password expires the number of days before a warning The 7th field, if the password expires a few days after the account is not used, you will not be able to log in, 8th field, if you do not use the account on this date will not be able to login, can be in YYYY-MM-DD format, can also use the number of days from January 1, 1970.

3)/etc/login.de

Using VIM, you can modify the contents of this file, and the following sections describe which locations are useful.

Mail_dir, mail storage directory, pass_max_days password valid for the longest time, pass_min_days, the password is the shortest period of time; Pass_min_len, minimum password length; pass_warn_age, password expiry prompt; uid_ Min,uid minimum value, uid_max,uid maximum value, gid_min,gid minimum, gid_max,gid maximum, create_home, whether to create home directory; Umask,umask value; Usergroups_enab, When a user is deleted, the group is deleted when the user is not present in the same name group.

4)/etc/skel

The directory that holds user startup files, similar to the Windows user profile directory, provides users with a user environment where files are all hidden files. When adding users, the files are copied from the directory to the user's home directory, rather with a unified landing template.

Turn on and off the project Password command. Open the user's projection password, so that the password is better protected, not easy to be obtained by other users. This option is a security option that executes a command that stores the user name and password in two files, and the shadow file is the password file.

Pwconv, open the project Password command; Pwunconv, close the project password command.

(c) User management1) useradd Create user command

Useradd Jake creates a user named Jake. Useradd common options and meanings are as follows:-d Specifies the user's home directory,-g specifies the user group,-g specifies the user's additional group;-u Specifies the user's UID value;-P creates a password. For example, useradd-d/rose-g group-g root-u 505 Rose, create a rose user, specify the home directory under/rose, add to the group group, attach to the root group, and set the UID number to 505.

2) Users

Users view all logged-in user (WHO).

3) passwd Set password command

Note: Users who do not have a password set cannot use it. For example: passwd rose sets a password for the user rose. Common options and meanings are as follows:-d delete password;-f Force the next login change password;-l stop account usage;-U enable the account that has been stopped;-S displays the password information.

Common settings or Password methods are: a) passwd username, and then enter two times password (not visible) in the console;

b) passwd--stdin username, then enter the password once in the console (visible);

c) echo "NewPassword" | passwd--stdin Username, use the pipeline to upload the new password to standard input.

4)Userdel Delete Account command

Userdel rose deletes the rose account. Userdel-r Rose deletes the user's login directory and the files in the directory (similar to the removal of Windows user chooses whether to delete the user's document).

5) usermod Modify account command

Usermod-l newname oldname. The common options are the-D,-G,-G,-u, and so on, as with the useradd command parameter. For example, usermod-d/home/rose-g group0-g group1-u rose refers to changing the home directory, primary Group and additional group, and UID value of the rose user.

6) User's lock and unlock

Usermod-l Rose Lock Rose User

Usermod-u rose unlocks the rose user

7) GPASSWD commands for users to add to other groups

Gpasswd-a U1 G1 adds U1 to G1 Group, gpasswd-d U1 G1 exits U1 group, G1 Gpasswd-a U1 assigns administrator of G1 Group to G1. Note: Only root and Group admins can change group membership.

8) ID View ID information command

ID rose to view the rose user's ID information. Id-print Real and effective user and group IDs. Its usage is after the option followed by the User name ID [option] ... [USERNAME]. The function is to print the user's ID and group of Id,print users and group information for the specified USERNAME, or (if USERNAME omitted) for the current User Common options are-u,-g. -U is the only print user id,-g is the print group ID only.

9) Root Single user

If you want your computer to be unable to log in except for the root account, do touch nologin in the/etc directory and create 1 files named Nologin. If the system has only one person to use, consider modifying the/etc/inittab file to change the default startup value to 2.

(iv) Presentation of relevant documents of the Group 1)/etc/group

User group's characteristics in system management for the system administrator to provide a great convenience, but security is also worth attention, such as a user under the system management has the most important content, it is best to let users have a separate user group, or the user under the permissions of the file is set to fully private In addition, the root user group is generally not easy to add ordinary users.

The content of/etc/group includes user group, user group password, GID and users (user) contained in the user group, one record per user group, the format is as follows: Group_name:passwd:GID:user_list. For example, bin:x: 1:bin,daemon. The bin is a group, X is a password segment, and the GID is a 1,bin user group that includes bin, daemon, and GID 1 for other users (can be viewed through/etc/passwd).

2)/etc/gshadow

/etc/gshadow is a/etc/group password file, and the user group management password is stored in this file. /etc/gshadow and/etc/group are complementary two files; for large servers, for many users and groups, custom some relational structure more complex permissions model, set user group password is very necessary. For example, we do not want to allow some non-user group members to permanently own the permissions and features of the user group, we can use the password authentication method to let some users temporarily have some user group features, the user group password will be used.

/etc/gshadow format is as follows, each user group exclusive line: Groupname:password:admin,admin,...: Member,member,...

1th field: User group, 2nd field: User group password, this segment can be empty or!, if it is empty or has!, indicates no password; 3rd field: User group manager, this field can also be empty, if there are multiple user group managers, with, number split; 4th field: Group member, if there are multiple members, use, number split.

(v) Group Management 1)Groupadd Adding a user group

Common options and meanings are:-g specifies that the gid;-o is used in conjunction with the G option and can be the same as the GID for an existing group. For example, Groupadd-go 501 G1 Create a group G1 its GID can be duplicated with an existing group.

2) gpasswd set password for user group

In general, it is not necessary to set the password for the user group; For example, gpasswd rose modifies the password for the Rose group.

3) Groupdel Delete user group

Groupdel G1 Delete G1 Group (no user's empty group).

4) Groupmod Modify Group Properties

Its common properties are:-g specifies that the new gid;-o and-G use the same groupadd-o;-n to modify the group name. For example GROUPMOD-G 601 G1 modifies the GID of G1 to 601. As another example, Groupmod-n G11 G1 renamed the G1 Group to G11.

5) newgrp Switch User group

NEWGRP root switch to the root group.

User and group management under Linux