This paper mainly introduces the basic concepts of users and groups in Linux, the corresponding configuration files, and the management of user groups including adding, modifying and deleting.
Introduction to Linux User and group concepts
user : A consumer of technology, products, and services. The user on the computer is the object that uses the computer's capabilities.
User category: Managing Users and ordinary users
Admin User: Root
Normal User: System user and login user
System users: Assigned to the corresponding process use, features no interactive landing. Automatically use the appropriate system user when the program starts.
Login User: Interactive login
User ID: The userid abbreviation UID is a binary number of 16bits whose representation range: 0-65535
Administrator uid:0
Normal Users: 1-65535
System User: 1-499 (centos6.x) 1-999 (centos7.x)
Login User: 500-60000 (centos6.x) 1000-60000 (centos7.x)
For the system, it relies on the number of UID to identify the user
Group : A group in a system can be seen as a container, and all users below it belong to the container's related attributes.
If this group has read and write execution of three permissions on a file, then all members under it will have read and write execution three permissions on the file.
Groups according to their different properties can be divided into three kinds:
1.
Administrators group
Normal User group: System Group, login group
Group ID: groupid abbreviation GID
Administrators group: 0
Normal User group: 1-65535
System User group: 1-499 (centos6.x) 1-999 (centos7.x)
Login User group: 500-60000 (centos6.x) 1000-60000 (centos7.x)
2.
Basic Group of users
Additional Groups for users
3.
Private group: The group name is the same as the user name and contains only a single user
Public groups: Multiple users are included in a group
When the user logs on to the system, the system will authenticate the logged-in user, the authentication process is judged by comparing the information stored in the system files with the information provided at login.
Compare files with/etc/passwd,/etc/shadow,/etc/gshadow,/etc/group
Below are the details of these four files.
/etc/passwd This file stores user-related information
| 123456 | |
You can see that the file has a fixed expression format.
The meaning of each entry in its format is as follows
First: for name User name
The second item: for password, it can be an encrypted password or a placeholder x, which is usually a placeholder, and it is more secure to put the password inside another file/etc/shadow.
The third item: UID
Fourth: for GID
Item Fifth: annotation information for Gecos
Sixth item: Home Directory for directory Users
Seventh: The default shell for Shell users, the default shell program when logging in
/etc/group This file stores group-related information
| 1234 | [[email protected] ~]# tail -3 /etc/groupuser10:x:3009:sysadmins:x:5003:laowang:x:4322: |
First item: GroupName Group name
Second entry: password password
Item III: GID
Fourth item: UserList the user member of the group to this group as the user list for the additional group of users.
/etc/shadow This file is a file that stores user password information
| 1234 | [[email protected] ~]# tail -3 /etc/shadowuser9:$6$EYxzH/dhRFw/zg4V$BQakOIX/HsZJobHdAhpSu5MK.pP1Jtpi/nVwktde/eoOxz5zm1oPUfliy4gzKPmYB5Wf0fBX6OPEEDvNWoUl3/:17016:0:99999:7:::user10:$6$5eJ8JKiwo/6h42$lhx.J9r6m6dKq8.xKQ82WeiRvLOAQcoTRvEw43DfmxsOB.qfiO1Esyu2oZVCFcejq613h0WEA3G0FD.jxUE3W1:17016:0:99999:7:::laowang:!!:17016:0:99999:7::: |
First entry: User username
The second item: password user password, ciphertext, by default using SHA512 encryption
Third item: From January 1, 1970 to the time the password was last changed
Fourth: The minimum password age, the password can be changed in a few days, 0 means can be changed at any time
Fifth: The most frequently used period, the password must be changed in a few days, 99999 means never expire
Sixth: Warning period, a few days before the password expires system to remind users
Seventh: Expiration period, the password expires a few days after the account is locked
Eighth: the reserved field, from January 1, 1970, the number of days after the account expires.
/etc/gshadow This file is the file that stores the group password information, and its file format is the same as/etc/group, but not only in the second cipher section.
| 1234 | [[email protected] ~]# tail -3 /etc/gshadowuser10:*::sysadmins:$6$RRCfdNW.e$R1CqBN/5WZ8HrYuDlQrgRlP313sg5NNDCdrq2eGkUsieaZAjMM.Dhj8oGvvy/NKsb0joGLQlSspiiQPs78xJ3/::laowang:!:: |
First item: GroupName Group name
Second item: Password group password, ciphertext, default SHA512 encryption
Item III: GID
Fourth item: UserList the user member of the group to this group as the user list for the additional group of users.
Here are the four files involved in the password content, here to plug in the relevant content of the password , this content will deepen the understanding of the encryption method.
In the above/etc/shadow,/etc/gshadow two files, in the second password, we see that the beginning of the $6, here $6 represents the SHA512 encryption algorithm.
Encryption Algorithm :
Symmetric encryption: Encrypt and decrypt using the same password
Asymmetric encryption: Encrypt and decrypt using a pair of keys
Key pair: Public key, private key
Because the above is still not enough security, so there is a single encryption
Single encryption: Can only encrypt, cannot decrypt, extract data signature:
Its characteristics: fixed-length output, avalanche effect (a little change will cause large changes)
The following 6 encryption algorithms are used in Linux:
$ MD5 represented by 128bits binary
$ $ sha is represented by 160bits binary
$ sha224 is represented by 224bits binary
$4 sha256 is represented by 256bits binary binary
$ sha384 is represented by 384bits binary binary
$6 sha512 is represented by 512bits binary binary
Recently, the MD5 encryption algorithm used by Linux by default has been updated to SHA512 because the MD5 encryption method has been cracked.
Linux users, Group management
User Management : Create, modify, delete
User created:
Command format: useradd [OPTION] USERNAME
OPTION:
-U Specify UID
-g Specifies the base group ID, which needs to exist beforehand
-C indicates annotation information
-G indicates the additional group to which the user belongs, and additional groups need to exist beforehand.
-D indicates the user's home directory, by replicating/etc/skel/this directory and renaming the implementation, the specified home directory path will not replicate the environment profile for the user if it exists beforehand
-S Specify user default Shell
-R Create System user
-D Display the default configuration for creating users
-D + [options] Modify the user's default configuration/etc/login.def modified results are saved in/etc/default/useradd
User modification
Usermod
Command format: usermod [OPTION] USERNAME
OPTION:
-U modifies the user's ID to the specified new UID
-G Modify the user's GID for the new GID
-C Modify the user comment information
-G to modify the additional group that the user belongs to, additional groups need to exist beforehand.
-D Modify the user home directory, the user's original files will not be transferred to the new location
-M is used with-D to move the original home directory to the new home directory (-M is used after-D)
-L Modify User name
-S modifies the user's default shell
-L Lock User Password
-U Unlock user password
User Delete
Userdel
Command format: Userdel [OPTION] USERNAME
OPTION:
-R Delete Home directory when deleting user
Group Management : Create, modify, delete
Group creation
Groupadd
Command format: groupadd [OPTION] GROUPNAME
OPTION:
-g specifies GID, which defaults to the previous group's gid+1
-R Creating a system group
Group modification
Groupmod
Command format: groupadd [OPTION] GROUPNAME
OPTION:
-G Modify GID
-N Modify Group name
Group Delete
Groupdel GROUPNAME
Other orders.
Groups USERNAME
To view the group information that the user belongs to
| 12 | [[email protected] test]# groups gentoogentoo : gentoo distro peguin netadmin |
This indicates that the basic group of Gentoo users is Gentoo,distro Peguin Netadmin is its additional group.
Here are a few examples of how users, group management specific role
1, create user U1, add group G1,G2, default shell is/bin/csh, annotation information is "UUU"
To accomplish this, create the group G1, G2, and then create the U1.
| 1234567 | [[email protected] ~] # groupadd g1 [[email protected] ~] # groupadd g2 [[email protected] ~] # useradd u1 -g g1,g2 -s /bin/csh -c "UUU" [[email protected] ~] # tail  -1 /ETC/PASSWD u1:x:4323:4323:uuu: / HOME/U1 |
2. Create the following user, group, and group memberships
Group with the name Admins
User U2, using admins as a subordinate group
User U3, also use admins as a subordinate group
User U4, non-interactive login system, the default home directory for/TEST/U4,U2, U3, U4 password are CentOS
| 123456789101112131415161718 | |
Non-interactive means that its default shell is/sbin/nologin
3, modify the U4 user's home directory for the/home/u4, require the original files can still be accessed by users
| 123456789101112131415161718192021222324 | |
For more information, please contact Ding Feng Hu Jiashong
tel.18824258907
qq.2881064155
Introduction and management of Linux based users and groups
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
