In the Linux World -- Linux System Management 2

Source: Internet
Author: User
Article Title: galloping in the Linux World-Linux System Management 2. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
2. shadow file
  
Currently, in most Unix/Linux systems, the/etc/shadow file is used to store the encrypted password information and password validity period information of the user account. The following example shows several records in the shadow file (corresponding to the above passwd file ):
  
Root: $1 $ Vfcp2rdI $ R0bDID/CvD3FfTeTtnk7u.: 12489: 0: 99999: 7 :::
Bin: *: 12489: 0: 99999: 7 :::
Daemon: *: 12489: 0: 99999: 7 :::
......
Desktop :!! : 12489: 0: 99999: 7 :::
Mengqc: $1 $ pNPtXOsd $ gk5mQEfx5hJfPzpmgQ78k/: 12489: 0: 99999: 7 :::
  
In the shadow file of the Linux system, each user is provided with a record and each field is separated by ":". The nine fields are listed in the following order:
  
◆ Registration name;
  
◆ Ciphertext password;
  
◆ The last time the password was changed, the number of days since January 1, January 1, 1970;
  
◆ The number of days that cannot be changed after the password is changed;
  
◆ The number of days after the password is changed (that is, the password validity period );
  
◆ Number of days before password failure warning to users;
  
◆ The number of days after the password expires before the account is blocked;
  
◆ The number of days from January 1, January 1, 1970 when the account is blocked;
  
◆ Reserved fields.
  
The mechanism for changing the password in Unix/Linux is simple: when you change the password, use the passwd command, which is usually located in/usr/bin. A common user can only change his or her own password, and must answer the old password. root can change the password of any user in the system, and the system will not ask the old user's password at this time.
  
   Create and delete accounts
  
To create a user account, follow these steps:
  
Step 1: Add a record to the/etc/passwd file; Step 2: Create the user's home directory; Step 3: Set the user's default configuration file (such. bashrc ).
  
In almost all Linux systems, the useradd or adduser commands are provided, which can complete the above work. These two commands are usually the same. In addition, root users can use the KDE Desktop System to create accounts and passwords for new users. The procedure is "Control Panel" → "user and group" → "Add new user". Enter the relevant parameters as prompted on the screen, including the user name and description (optional), password and confirmation, and then set the user-group relationship.
  
To delete an existing user account, you must delete this user's record item from the/etc/passwd file and delete the user mentioned in the/etc/group file, delete the user's home directory and other files created or belonging to the user. You can use the userdel command or the Desktop System "Control Panel"> "user and group ", in the "local users and groups" window, select the user to be deleted, click the "delete" icon, and click "OK ".
  
In some cases, you need to temporarily invalidate an account. For example, if the user does not pay, or the system administrator suspects that the hacker has obtained the password of an account, the account can still log on after the restriction is lifted, this is the so-called account seizure. When you need to seal up an account, you can remove the user records from the/etc/passwd file, but keep the user's home directory and other files; or in the/etc/passwd (or/etc/shadow) file, add the symbol "*" before the first character of the passwd field recorded by the relevant user. For example, to seal up the user account mengqc mentioned above, modify the user record in the/etc/shadow file as follows:
  
Mengqc: * $1 $ pNPtXOsd $ gk5mQEfx5hJfPzpmgQ78k/: 12489: 0: 99999: 7 :::
  
In this way, the login of this user account is restricted.
  
However, this will make it difficult for users to figure out what has happened. To avoid unnecessary misunderstanding, the administrator can also use another method to seal up the user: Set the Shell of the user account to a specific program that prints only one piece of information. In this way, anyone who wants to log on to this account will not be able to log on and learn the specific cause. You can also contact the system administrator to solve the problem.
  
The following is a "tail scripts" sample program used to replace the User Shell Program:
  
#! /Usr/bin/tail + 2
This account has been closed due to a security breach.
Please call 36 and wait for the men in black to arrive.
  
The first two characters (#!) in the above Code (#!) Tell the core that the other part of this line is to explain the commands to be run in this file. In this way, the tail command will display everything except the first line on the screen. Generally, this type of tail scripts is stored in a path independent of the user directory to avoid confusion with user commands.
  
   Workgroup Management
  
The Working Group can be used to organize related user accounts logically. With the support of the Group, users are allowed to share files in the group. In Linux, each file has a user and a group owner. That is to say, any file in the system belongs to a user in a group. Use the "ls-l" command to view the users and groups to which the file belongs. For example, the file ex1 ex1 exexexists in the/home/mengqc directory. Run "ls-l" to output the following results:
  
$ Ls-l ex1
-Rwxr-x --- 1 mengqc 31 Aug 17 09:18 ex1
  
Each user belongs to at least one group. This subordination corresponds to the gid field in the system/etc/group file, but a user can belong to multiple groups. Similar to the/etc/passwd file, each group in the system corresponds to a row of records in the/etc/group file. The attributes of each field in the record are defined as follows:
  
Group Name: Password: Group ID: User List
  
The meaning of each field is as follows:
  
◆ Group name (group_name): As the name suggests, the group name is the name of the Working Group.
  
◆ Passwd: The group password, which is not commonly used. Other users in this group are allowed to use newgrp to access resources in this group.
  
◆ Group ID: GID is used by the system to identify different groups. It is unique in the system. In the/etc/passwd file, the user's group ID field uses this number to specify the user's default group.
  
◆ User list (user_list): the user list is a set of user registration names separated by commas (,), listing all the members of this group. However, note that these listed users correspond to the GID field (that is, the user's default group) in the/etc/passwd file) it is different from the GID field in the current/etc/group file. That is to say, the default user of the group does not have to be listed in this field.
  
The following are some record items extracted from A/etc/group file:
  
Root: x: 0: root
Bin: x: 1: root, bin, daemon
Daemon: x: 2: root, bin, daemon
......
Desktop: x: 80:
Mengqc: x: 500:
  
In Linux, both root and bin are management groups. Many files in the system belong to these two groups. Mengqc is a common user group.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.