Linux users are broadly divided into two types: one is: The administrator user, the second is the ordinary user, the ordinary user can also be divided into the system users and users logged in. Because Linux is a multi-user multi-tasking system, every user who wants to use the system resources should request an account from the administrator and log in to the system using this account. Each user has a name and password to log in to the user.
Each user has a unique user ID (USERID,UID), which is represented as a 16bits binary number 0-65535. Take CentOS as an example the UID of the Admin user is 0, the UID of the normal user is 1-65535, the UID of the system user is in CENTOS6 and earlier version is 1-499, in CentOS7 1-999. The logged-on user is in CentOS6 and earlier versions of 500-60000, and 1000-60000 in CentOS7.
Sometimes users need to be unified, so they can create groups of users. Similarly, the user group is divided into the Administrators group and the normal user group, they also have their group identification (GID), their allocation method and UID is exactly the same. Sometimes a user needs multiple identities to work in the system, so the user group can be divided into the user's primary group and additional groups. Also because the permissions can be divided into private groups and public groups, as the name implies that private groups belong to the user's own private, so the private group with the name of the user name and only one user, the public group can have more than one member.
when the user logs on to the Linux system, because Linux does not know the account name, it will first go to find a file named/etc/passwd, by identifying the UID for name resolution, user group name also needs to be resolved, but it is through/etc/ Group's file for name resolution . The user's password is stored under the/etc/shadow file, and the user group's password is stored under/etc/gshadow. In order to prevent account loss, passwords are stored by encryption, encryption algorithms usually have the following three categories: symmetric encryption, asymmetric encryption and single-entry encryption.
Symmetric encryption is the use of encryption and decryption of the same key, characterized by the fast encryption and decryption, the defect is the key distribution difficulties, need to remember too many keys;
Asymmetric encryption uses a pair of keys, and the key pair can be divided into public and private keys. The feature is that encryption and decryption use different keys, the flaw is the slow encryption speed;
Single encryption is only encryption can not be decrypted, its characteristics are fixed-length output, no matter how long the password, through its encrypted output is fixed-length, so some small changes are prone to avalanche effect. The main algorithms are MD5,SHA1 and so on.
User management of some common commands
Add User's command: Useradd format: useradd [options] Login name
Common options are:
-U 、--UID: Specify UID
-G 、--GID: Specifies the base group ID, which must exist beforehand
-G--groups: Indicates the additional group to which the user belongs, with multiple groups separated by commas
-C,--comment: Specify annotation information
-D: The home directory of the user with the specified path; Copy/etc/skel this directory and rename the implementation; The specified home directory path does not replicate the environment profile for the user if it exists beforehand
-S 、--Shell: Specifies the user's default shell, and all available shell lists are stored in/etc/shells
-R--system: Creating a System User
Create user Yes many default settings profile is/etc/login.defs
Useradd-d: Create a user's default configuration
useradd-d "Options": Modify the default option values and the modified results are saved in the/etc/default/yseradd file
Usermod command: Modify user Properties
command format usermod [options] Login name
Common Options-u: Modify UID
-G: Modify GID
-G: Modify the additional group to which the user belongs, and the original additional group will be overwritten
-A: Used with-G to append a new additional group to the user
-C: Modify annotation information
-D: Modify the user's home directory, the user's original file will not be transferred to the new location
-M: can only be used with the-D option to move the original home directory to the new home directory
-L: Modify user Name
-S: Modify the user's default shell
-L: Lock the user's password, which is added before the user's original password string! "
-U: Unlocking the user's password
Userdel command: Delete user
command format Userdel [options] Login name
Common Option-r: Delete User's home directory when deleting users
passwd command:
①PASSWD: Modify the user's own password
②PASSWD USERNAME: Modifies the password of the specified user, by default only the root has this permission
Common Options-L,-u: Locking and unlocking users
-D: Clear user password
-e Date: Expiration period, date;
-I days: non-acquisition period
-N Days: Minimum password usage period
-X days: Maximum password lifetime
-W Days: Warning period
Groupadd command: Adding a group
Groupadd "Options" groupname
Common Option-G: Specify GID; default is gid+1 of previous group
-r: Create a system group;
Groupmod Command: Modify Group properties
groupmod [Options] GroupName
Common Option-G: Modify GID
-N: Modify Group name
Groupdel: Deleting a group
Groupdel [Options] Group
GPASSWD command:
Group Password file:/etc/gshadow
GPASSWD [Options] Group
-a USERNAME: adding users to a group
-D USERNAME: Removing users from a group
NEWGRP command: Temporarily switch the specified group to a basic group
NEWGRP [-] [group]
-: Impersonate the user to re-login for reinitialization of working status
Chage command: Change user password expiration information
chage [Options] User name
Common option -M: The minimum number of days the password can be changed. At zero, the password can be changed at any time.
-M: The maximum number of days the password remains valid.
- W: The number of days before the user's password expires before the warning message is received.
-E: The date when the account expires. This account will not be available after this day.
-D: The date of the last change.
-I: Stasis period. If a password has expired these days, then this account will not be available.
-L: Example the current setting. By non-privileged users to determine when their password or account expires
ID Command: Displays the user's true valid ID
ID [Options] ... User
-U: Display only UID
-G: Displays only the user's base group ID
-G: Displays only the IDs of all groups to which the user belongs
-N: Display name instead of ID
SU command: Switch user
Logon switching: Su-username will be reinitialized by reading the target user's profile, su-l USERNAME
Non-logon switchover: does not read the target user's profile for initialization su USERNAME
Administrators can switch to any other user without a password
-C ' command ': Run the command specified here only as the specified user
Rights Management:
users play a role in the system do not use, the permissions are different, the permissions are basically divided into R (read), W (write), X (execute) Three kinds of permissions. The model is: the rwxrwxrwx owner is the user or user group But the same permissions are different for the object and the meaning differs. The r=4,w=2.x=1 can also be used as a digital representation
File: R: Can get the data of the file, W: can modify the data of the file, X: The process that can run this file;
Table of Contents: R: You can use the LS command to get a list of all the files under it, W: can modify the list of files in this directory, x: Can be CD to this directory, and can use Ls-l to get all the file detailed property information
Files are typically data records and do not require (x) permission, i.e.-rw-rw-rw-, up to 666
The x permission of the directory indicates whether the user can enter, the default should be all permissions open, that is, drwxrwxrwx, 777 permissions.
Rights Management Commands:
chmod command: Change permissions
①chmod [OPTION] ... Mode[,mode] ... FILE ...
②chmod [OPTION] ... Octal-mode FILE ...
③chmod [OPTION] ...--reference=rfile FILE ...
Three types of users: U: belong to the main G: Group O: Other A: All
Options:-R,--recursive: recursive modification of the change files and directories recursively
Chown command: Change the genus Master Group
chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...
chown [OPTION] ...--reference=rfile FILE ...
-R,--recursive: Recursive modification
CHGRP command: Change the genus Group
chgrp [OPTION] ... GROUP FILE ...
CHGRP [OPTION] ...--reference=rfile FILE ...
The permissions that the process has to access the file:
Whether the owner of the process is the same as the owner of the file, and if it is the same, the master permission is applied
Otherwise, check whether the integrated owner belongs to the genus Group of the file, or, if so, the permissions of the belonging group.
Otherwise, the permission to apply other
normally user-created normal file and directory permissions are different, this is because there is a umask exists, umask for the file default permissions, is the file permissions of the reverse mask. By executing the umask command can see four digits,umask returns 4 digits, the first bit is special permission, you can see only the latter three bits, the general root user umask 0022 means----w--w-, The average user's umask of 0002 means-------W
Calculation of default permissions: File permissions: 666-umask, directory permissions: 777-umask
Umask command: View current umask
Umask MASK: Set umask But such settings are only valid for the current shell process
This article is from the "11448219" blog, please be sure to keep this source http://11458219.blog.51cto.com/11448219/1791350
Linux Users and Administrative privileges