User, User Group Management command notes and exercises

Users, Groups, permissions

Security context (Secure):

Permissions:

R, W, X

File:

R: Readable, you can view the contents of the file using commands like Cat

W: writable, can edit or delete this file

X: Executable, executable, can be submitted to the kernel at the command prompt as a command to run

Directory:

R: You can perform LS for this directory to list all the files of the content

W: You can create files in this directory

X: You can switch to this directory using a CD, or you can use Ls-l to view the details of internal files

Rwx

r--Read Only

R-x Read and Execute

---no permissions

0---No permissions

1 001--x Execution

2 010-w-Write

3 011-wx Write and Execute

4 r--Read Only

5 101 R-x Read and Execute

6 rw-Read and write

7 111 rwx Read and write execution

755:rwxr-xr-x

User: UID,/etc/passwd

Group: GID,/etc/group

Shadow Password:

Users:/etc/shadow

Group:/etc/gshadow

User Category:

Admin: 0

Normal Users: 1-65535

System Users 1-499

General Users 500-60000

User group:

Administrators group:

Normal Group:

System Group:

General Group:

User Group Category:

Private group: When a user is created, a group with the same name as the user name is automatically created if no group is established for it

Basic group: Default group for users

Additional groups, additional groups: groups other than the default group

Process: Tom Tom

Object:

/etc/passwd

Account: Login Name

Password: password

Uid:

GID: Basic Group ID

Comment: Notes

Home dir: Home directory

Shell: User's default shell

/etc/shadow

Account: Login Name

Encrypted password: encrypted password; You can lock the account

Encryption method:

Symmetric encryption: Encrypt and decrypt using the same password

Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key

Private key encryption, public key decryption;

Public key encryption, private key decryption.

One-way encryption: Hash encryption: Extract data signatures, common terms data integrity check

1. Avalanche effect

2. Fixed-length output

Md5:message Digest, 128-bit fixed-length output

Sha1:secure hash algorithm, 160-bit fixed-length output

Useradd USERNAME

Groupadd GRPNAME

User management:

Useradd, Userdel, Usermod, passwd, Chsh, CHFN, finger, id, chage

Group Management:

Groupadd, Groupdel, Groupmod, gpasswd

Rights Management:

Chown, Chgrp, chmod, umask

/ETC/PASWD:

User name: Password: Uid:gid Comment: Home directory: Default Shell

/etc/group:

Group name: Password: GID: List of users with this group attached to the group

/etc/shadow:

User name: Password: Last time the password was modified: Minimum Age: Maximum Age: Warning Time: Inactive time: Expiry time:

useradd [Options] USERNAME

-U UID is greater than or equal to 500, but cannot be already used

-G GID (Basic Group) group must exist

-G GID, ... (additional groups) can have multiple

-C "COMMENT"

-d/path/to/directory Specify a directory for the user home directory

-S Shell Path

-m-k (copy/etc/skel content to home) forces the home directory to be created for the user

-M does not create a home directory for users, even if the user defined in/etc/login.defs must have a home directory

-R Add System user (1-499 ID number, cannot log into system, no home directory)

/etc/login.defs

Environment variables:

PATH

Histsize

Shell saves the current shell

/etc/shells: Specifies the security shell that is available for the current system

Eg:useradd-c "Tony Blare"-d/home/blare User4

Userdel:

Userdel [options] USERNAME do not specify parameters, the user's home directory will not be deleted

-r: Delete User's home directory at the same time

ID: View user's account attribute information

-U Display user name

-G Display Default group

-G Show additional groups

-N Display name instead of ID number

Finger: View user account information

Finger USERNAME

To modify user account properties:

Usermod

-U UID

-G GID (GID must exist)

-G (-a) overwrites previous additional groups when not with-a

-C

-D (-M) is not available for-M, the old home directory file will not be accessible, and-m will be copied to the new home directory

-S SHELL

-L Modify the user's login name

-L Lock user account

-U Unlock user account

CHSH: Modifying the user's default shell

CHFN: Modify user's comment information

Password Management:

passwd [USERNAME]

--stdin

Eg:echo "Jingming" | passwd User4--stdin

-L Lock Account

-U Unlock Account

-D Delete User password

-N Set Minimum password age

PWCK: Checking the integrity of user accounts

Group Management:

Create Group: Groupadd

-G Specify GID

-R added as System Group (gid=1-499)

Groupmod

-G GID

-N GRPNAME Group name

Groupdel

GPASSWD: Add password to Group

NEWGRP Login The basic group of the current user as a new basic group, you can use GPASSWD to set a password for the group, exit with exit

Practice:

1, create a user Mandriva, whose ID number is 2002, the basic Group is distro (group ID 3003), the additional group is Linux:

Groupadd distro-g 3003

Groupadd Linux

Useradd-u 2002-g distro-g Linux Mandriva

2. Create a user fedora with the full name of Fedora Community, the default shell is tcsh

Useradd-s '/bin/tcsh '-C "Fedora Community" fedora

3, modified Mandriva ID number is 4004, basic group is Linux, additional group is distro and Fedora

Usermod-u 4004-g linux-g Distro,fedora Mandriva

4, to the Fedora password, and set its minimum password period of 2 days, the longest is 50 days

Passwd-n 2-x Fedora

5. Change the default shell of Mandriva to/bin/bash

Usermod-s/bin/bash Mandriva

6, add the system user HBase, and do not allow its login system

Useradd-r-S '/sbin/nologin ' hbase

Chage changing user password expiration information

-D most recent modification time

-E: Expiry time:

-I: Inactive time

-m minimum term of use

-M maximum lifespan

-W Warning Time

This article is from the "Richier" blog, make sure to keep this source http://richier.blog.51cto.com/1447532/1629867

Users, user groups Manage command notes and exercises