Introduction and Management of users and groups with basic Linux knowledge
This section describes the basic concepts of users and groups in Linux and corresponding configuration files. User Group Management includes adding, modifying, and deleting.
Introduction to Linux users and groups
User: a user of technologies, products, and services. A user in a computer is an object that uses computer functions.
User category: Manage Users and common users
Admin user: root
Common users: system users and logged-on users
System User: the user is assigned to the corresponding process, which features no interactive login. The system user is automatically used when the program starts.
Login User: Interactive Login
User ID: The UserID is the binary number of 16bits. The value range is 0-65535.
Administrator UID: 0
Common users: 1-65535
System User: 1-499 (CentOS6.x) 1-999 (CentOS7.x)
Login User: 500-60000 (CentOS6.x) 1000-60000 (CentOS7.x)
For the system, it relies on the UID to identify users.
GROUP: A group in the system can be considered as a container. All users under it have the characteristics related to this container.
If this group has three permissions to read and write a file, all the members of the group have three permissions to read and write the file.
A group can be divided into three types based on its nature:
1,
Administrator Group
Common User Groups: system groups and logon groups
Group ID: GroupID (GID)
Administrator group: 0
Common User Group: 1-65535
System User Group: 1-499 (CentOS6.x) 1-999 (CentOS7.x)
User Group: 500-60000 (CentOS6.x) 1000-60000 (CentOS7.x)
2,
Basic User Group
User's additional group
3,
Private group: the Group name is the same as the user name and only contains one user.
Public group: the Group contains multiple users.
--------------------------------------------------------------------------------
When a user logs on to the system, the system authenticates the logged on user. This authentication process is determined by comparing the information stored in the system file with the information provided during logon.
The comparison files include/etc/passwd,/etc/shadow,/etc/gshadow, and/etc/group.
The following is a detailed description of the four files.
The/etc/passwd file stores user-related information.
[Root @ localhost ~] # Tail-5/etc/passwd
User7: x: 3006: 3006:/testdir/user7:/bin/csh
User8: x: 3007: 3007:/testdir/user8:/bin/csh
User9: x: 3008: 3008:/testdir/user9:/bin/csh
User10: x: 3009: 3009:/testdir/user10:/bin/csh
Bkjia: x: 4322: 4322:/home/bkjia:/bin/bash
The file has a fixed expression format.
The meaning of each item in its format is as follows:
Item 1: name Username
The second item is password, which can be an encrypted password or a placeholder x. Here it is usually a placeholder and the password is placed in another file/etc/shadow, which is more secure.
Item 3: UID
Item 4: GID
Item 5: GECOS comments
Item 6: Home Directory of the Directory user
Item 7: default shell for shell users and default shell program for Logon
The/etc/group file stores group-related information.
[Root @ localhost ~] # Tail-3/etc/group
User 10: x: 3009:
Sysadmins: x: 5003:
Bkjia: x: 4322:
Item 1: groupname group name
Item 2: password
Item 3: GID
Item 4: userlist the user members in the group. the user list of the users in the group attached to this group.
/Etc/shadow: The file that stores user password information
[Root @ localhost ~] # Tail-3/etc/shadow
User9: $6 $ EYxzH/dhRFw/zg4V $ BQakOIX/HsZJobHdAhpSu5MK. pP1Jtpi/nVwktde/nodes/: 17016: 0: 99999: 7 :::
User10: $6 $5eJ8JKiwo/6h42 $ lhx. J9r6m6dKq8. xKQ82WeiRvLOAQcoTRvEw43DfmxsOB. Authorization. jxUE3W1: 17016: 0: 99999: 7 :::
Bkjia :!! : 17016: 0: 99999: 7 :::
Item 1: user Name
Item 2: password user password, ciphertext, sha512 Encryption by default
Item 3: From January 1, January 1, 1970 to the last time the password was changed
Item 4: Minimum Password Use period. The password can be changed in a few days. 0 indicates that the password can be changed at any time.
Item 5: The most common term of use. The password must be changed in a few days. The value 99999 indicates that the password will never expire.
Item 6: warning period. The system notifies the user a few days before the password expires.
Item 7: expiration date. The account is locked several days after the password expires.
Item 8: reserved field. The number of days after which the account expires from January 1, January 1, 1970.
/Etc/gshadow this file is the file that stores the group password information. Its file format is the same as/etc/group, but it is not only in the second password section.
[Root @ localhost ~] # Tail-3/etc/gshadow
User10 :*::
Sysadmins: $6 $ RRCfdNW. e $ R1CqBN/. Dhj8oGvvy/NKsb0joGLQlSspiiQPs78xJ3 /::
Bkjia :! ::
Item 1: groupname group name
Item 2: password group password, ciphertext, default sha512 Encryption
Item 3: GID
Item 4: userlist the user members in the group. the user list of the users in the group attached to this group.
Password content is involved in all the four files here. Here we will insert password-related content, which will deepen our understanding of the encryption method.
In the above/etc/shadow and/etc/gshadow files, in the second password, we can see that there are $6 at the beginning. Here $6 indicates the sha512 encryption algorithm.
Encryption Algorithm:
Symmetric encryption: the same password is used for encryption and decryption.
Asymmetric encryption: one key pair is used for encryption and decryption.
Key pair: public key and Private Key
Because the above is still not safe enough, so there is a single encryption
Single-item encryption: data can only be encrypted and cannot be decrypted. Data Extraction signature:
Features: fixed-length output and avalanche effect (a slight change will cause a major change)
The following six encryption algorithms are used in Linux:
$1 md5 is represented by 128bits binary
$2 sha is represented by 160bits binary
$3 shares' binary representation by 224bits
$4 sha256 is represented by 256bits binary
$5 sha384 is represented by 384bits binary
$6 sha512 is represented by 512bits binary
Recently, because the md5 encryption method has been cracked, the default md5 Encryption Algorithm Used in Linux has been updated to sha512.
Linux user and group management
User Management: create, modify, and delete
User Creation:
Command Format: useradd [OPTION] USERNAME
OPTION:
-U indicates UID
-G: specifies the basic group ID, which must exist in advance.
-C indicates the comment information.
-G indicates the additional group to which the user belongs. The additional group must exist in advance.
-D indicates the user's home directory by copying/etc/skel/and renaming the directory. If the specified home directory exists in advance, the Environment configuration file will not be copied for the user.
-S specifies the user's default shell
-R: Create a system user
-D: displays the default configuration of the created user.
-D + [Option] modify the user's default configuration. The Modification result of/etc/login. def is saved in/etc/default/useradd.
User Modification
Usermod
Command Format: usermod [OPTION] USERNAME
OPTION:
-U: Change the user ID to the specified UID.
-G: Change the user's GID to a new GID.
-C. Modify the user's comment
-G: Modify the additional group to which the user belongs. The additional group must exist in advance.
-D. Modify the user's home directory. the user's original files will not be transferred to the new location.
-M and-d are used together to move the original home directory to the new home directory (-m is used after-d)
-L modify user name
-S: Modify the user's default shell
-L lock the User Password
-U unlock User Password
User Deletion
Userdel
Command Format: userdel [OPTION] USERNAME
OPTION:
-R: Delete the home directory when deleting a user.
Group Management: create, modify, and delete
Create Group
Groupadd
Command Format: groupadd [OPTION] GROUPNAME
OPTION:
-G specifies the GID. The default value is the GID + 1 of the previous group.
-R: Create a system group
Group Modification
Groupmod
Command Format: groupadd [OPTION] GROUPNAME
OPTION:
-G: Modify GID
-N: Modify group name
Delete Group
Groupdel GROUPNAME
Other commands
Groups USERNAME
View User Group Information
[Root @ localhost test] # groups gentoo
Gentoo: gentoo distro peguin netadmin
This indicates that gentoo is the basic group and distro peguin netadmin is the additional group.
--------------------------------------------------------------------------------
The following are several examples to illustrate the specific functions of user and group management.
1. create user u1 and add group g1 and g2. The default shell is/bin/csh, and the comment is "UUU"
To implement the above content, you must first create group g1 and g2, and then create u1.
[Root @ localhost ~] # Groupadd g1
[Root @ localhost ~] # Groupadd g2
[Root @ localhost ~] # Useradd u1-G g1, g2-s/bin/csh-c "UUU"
[Root @ localhost ~] # Tail-1/etc/passwd
U1: x: 4323: 4323: UUU:/home/u1:/bin/csh
[Root @ localhost ~] # Groups u1
U1: u1 g1 g2
2. Create the following user, group, and group member relationships
Group named admins
User u2, using admins as the affiliated group
User u3 also uses admins as the affiliated group
User u4 cannot log on to the system interactively. The default home directory is/test/u4, And the passwords of u2, u3, and u4 are centos.
[Root @ localhost ~] # Useradd-G admins u2
[Root @ localhost ~] # Useradd-G admins u3
[Root @ localhost ~] # Useradd-s/sbin/nologin-d/test/u4 u4
[Root @ localhost ~] # Echo "centos" | passwd -- stdin u2
Change the user u2 password.
Passwd: All authentication tokens have been successfully updated.
[Root @ localhost ~] # Echo "centos" | passwd -- stdin u3
Change the u3 password.
Passwd: All authentication tokens have been successfully updated.
[Root @ localhost ~] # Echo "centos" | passwd -- stdin u4
Change the u4 password.
Passwd: All authentication tokens have been successfully updated.
[Root @ localhost ~] # Tail-5/etc/passwd
Bkjia: x: 4322: 4322:/home/bkjia:/bin/bash
U1: x: 4323: 4323: UUU:/home/u1:/bin/csh
U2: x: 4324: 4324:/home/u2:/bin/bash
U3: x: 4325: 4325:/home/u3:/bin/bash
U4: x: 4326: 4326:/test/u4:/sbin/nologin
The default shell is/sbin/nologin.
3. Modify the home Directory of u4 users to/home/u4, so that the original file can still be accessed by users.
[Root @ localhost ~] # Usermod-d/home/u4-m u4
[Root @ localhost ~] # Ll/home
Total usage 8
Drwx ------. 3 fedore 89 August 2 22:04 fedore
Drwxr-xr-x. 3 root 74 August 2 22:00 gentoo
Drwx ------. 5 bkjia laowang 4096 August 4 16:06 bkjia
Drwxr-xr-x. 3 root 74 August 3 10:49 test1
Drwx ------. 3 u1 u1 74 August 4 17:25 u1
Drwx ------. 3 u2 u2 74 August 4 17:38 u2
Drwx ------. 3 u3 u3 74 August 4 17:38 u3
Drwx ------. 3 u4 u4 74 August 4 18:18 u4
[Root @ localhost ~] # Tail-1/etc/passwd
U4: x: 4326: 4326:/home/u4:/sbin/nologin
[Root @ localhost ~] # Ll/test/
Total usage 948
-Rw-r --. 1 gentoo 0 August 4 16:05
-Rw-r --. 1 gentoo 0 August 4 16:05 B
-Rwxr-sr-x. 1 root 33040 August 4 16:02 echo
-Rw-r --. 1 gentoo 59 Aug 17 16:09 Fedora
-Rw-r --. 1 gentoo root 34 August 4 16:23 bkjia2
Drwx --- rwx + 2 root 26 August 3 11:46 t1
-Rw-r --. 1 root 162 August 3 08:49 userpd
-Rw-r --. 1 root 432 August 3 08:45 user.txt
-Rwxr-sr-x. 1 root 910040 August 4 16:02 vi
This article permanently updates the link address: