Learn about Linux users and user groups one day

After learning the previous content, I think you have a certain understanding of linux. today we will look at an important part of linux, that is, the user) and user groups, and how to manage users and user groups (groups first let us know some users and users...

After learning the previous content, I think you have a certain understanding of linux. today we will look at an important part of linux, that is, the user) and user groups and how to manage users and groups
First, let's take a look at some user and group knowledge.

 

Linux User role

 

Root User: the only user in the system that can log on to the system and operate any files and commands of the system, with the highest permissions;
System users: these users do not have the ability to log on to the system, but are indispensable users for system operation, such as bin, daemon, adm, ftp, mail, etc; such users are owned by the system, rather than those subsequently added. of course, we can also add such users by ourselves;
Ordinary users: These users can log on to the system, but can only operate the contents of their home directories; limited permissions; these users are added by the system administrator as needed;

If I want to add many users to the system, and these users have the same permissions, will these identical permission settings be inconvenient? Of course not. we can use user groups.
A user group is a collection of users with the same features. It is identified by GID.
We can plan these users with the same features into a group to facilitate management.

We can also compare users and user groups to our families. A family member is equivalent to a user, and a family member is equivalent to a group. Family members have the same permissions. Such as entering the house and watching TV. However, family members still have personal privacy, such as personal diaries. These are permissions not available to other members of the family. In this case, what is outside the home is called another ).

The file format is as follows:

Note:
1. if the UID is 0, the administrator ROOT has the highest permissions. If you want to change a user to the system administrator ROOT, you can change the user's UID to 0. Therefore, the Super Administrator of the system is not necessarily only ROOT. However, it is not recommended to change the UID of other users to 0!
2. the system defaults the UID from 1 ~ 499. This is mainly because of security considerations. services on the system should have as few running restrictions as possible, and these accounts should not be able to log on to the system (/sbin/nologin.
In this system account
1 ~ 99: The system account created by the Linux system;
100 ~ 499: The account UID that can be used if you have System account requirements.
3. UID ranges from 500 ~ 65535 is the UID used by general users. In fact, the system currently provides up to 32 power-1 (4294967295) UIDs of 2.

 

/Etc/shadow user (user) shadow password file;
This file is similar to the passwd format. it is also separated by ":", but the meaning is slightly different.

The file format is as follows:

Note:
1. because of the special nature of this file (the place where the password is placed), his permission has only one R permission (The Permission problem is that we will study it later. here we will first understand it ).
2. add one in front of the password column! Or *, changing the length of the password field will temporarily invalidate the password. that is to say, the login permission of a user is forbidden.
3. in RHEL6, the encryption algorithm is different from the previous version, and the length of the encrypted field is increased a lot.
4. calculate the accumulated days of a date. we can use echo $ (date-date = "2011/01/06" + % s)/86400 + 1. Here, is the date to be calculated. 86400 is the number of seconds per day, and % s is the total number of seconds accumulated since. plus 1 indicates the completion of the 1970/01/01 day.

After talking about this, you may still be confused. it doesn't matter. let's look at the example.

14980 yes:
The first and second fields: username and password. I believe everyone understands this, but you may doubt that the passwords will not be translated into plain text. you can rest assured that the passwords are the same, the passwords encrypted by the system are also different. Therefore, it is not easy to reverse the password.
The third field 14980 indicates the last password change date:
Field 4 3: The password can be changed three days later. that is to say, opser cannot change its password before.
If you want to change your password, the following prompt will appear:
You must wait longer to change your password
Passwd: Authentication token manipulation error
The fifth field is 30: The password expiration date is 30 days later (2011/01/06 + 30 = 2011/02/06 ). That is to say, the password expired on February 1. However ~ During this period, I changed my password (not from 2011/01/06? Because the password cannot be changed within three days, because the third field also changes when the password is changed, the last 30 days will be pushed back. This is because this value refers to the third field.
Field 6: 7 indicates that the user password is about to expire 7 days before the password expires.
Field 7 5: If the user hasn't changed the password until, the password has not expired yet and there is a 5-day grace period. That is to say, you may log in before, but the system will force you to enter the old password and new password. If the password is not modified on February 11, the password becomes invalid.
The eighth field 15005: Regardless of the preceding restrictions, the account will be invalid as long as 15005 = 14980 + 25 = 2011/01/06 + 25 = 2011/01/31.
Through the above instructions, we should understand the significance of this file!

 

Configuration files related to user groups

 

/Etc/group User group configuration file;
The file format is as follows:

/Etc/gshadow User group shadow file;
The file format is as follows:

The formats and meanings of these two files are very similar to the configuration files of users. here we will not explain them more. if you want to know more, then you can use man to learn by yourself.

Note: The password column in the/etc/gshadow file is "!". The user group does not have a user group administrator. The biggest function of gshadow is to create a user group administrator.

From: Yufei blog