Learn linux--profiles for users and groups

2017-07-21 19:57:10 @ but may this heart have no grudge, especially original

I have to write carefully, do you have a serious look?

There are four main profiles for Linux users and groups, as follows:

/ETC/PASSWD: User and its attribute information (name, UID, primary group ID, etc.)

/etc/group: Group and its attribute information

/etc/shadow: User passwords and their associated properties

/etc/gshadow: group password and its related properties

/etc/passwd

As an example of user general users

Where: With ":" As the delimiter, so there are 7 properties, from left to right in turn

Login Name: Login username (user)

passwd: Password (x, password after encryption)

Why does the password appear as encrypted instead of the password for the following reasons

First we look at passwd's help document, the fifth chapter, you can find passwd as clear text, that is, other users to view the file can also see the password, simply speaking, is other users through the file to see all the password, is and is not safe, so the password for the password is encrypted.

　　

UID: User identification Number (500)

GID: Login Default group number (500)

GECOS: User's full name or comment (none here)

Home directory: Household Directory (/home/user)

Shell: The user uses the shell by default (/bin/shell)

/etc/shadow

As an example of user general users:

The same as ":" As a delimiter, so divided into 9 parts, from left to right in the following sequence:

Login Username: User

User password: Which is divided into three parts with "$", in turn,

$6: means the encryption method, here the encryption means SHA-512, need to know the encryption method or other encryption method of the same shoes please check the information yourself OH

$vYk 4dfwdebvrft6q: This section of the Help document is defined as "salt" salt, the popular saying is that the difference between the bit to generate the password is different, because the salt difference of micro, there is a different flavor.

$OBHC 3hoihdqbtjrhswkkgoclbvjaq.avuoxbzlwxquxtczjyr3z.cid4lkp64acdx2.sicb3rf49pg3v6zilt/: This part is the password bit.

Password Last modified: 17365,tip:17365/365=47,2017-47=1970, as the name implies, this number represents the number of days to change the password from 1970.1.1.

The number of days to wait for the password to be changed again: 0, indicating that password modification after at least 0 days to wait for the password can be changed again, if the bit changed to 2, indicating that after the password change, you need to wait two days before you can change the password again.

Password valid days: 99999, here is in fact permanent, indicating that the password is valid for 99,999 days, equivalent to permanent effect.

Number of days before the password expires: 7, which means that when the password expires in 7 days, the user will be prompted for the password to expire after each successful login.

The number of days after the expiration of the password expires: Here is empty, if here is 5, indicating that after the password expires, there are 5 days to change the account expires, that is, in the 5 days of time to cover the user can also set the password, but after the account expires, can not operate, can only be operated by the administrator.

Account Expiration days: This is empty, which indicates the number of days from 1970-1-1 to the date the account expires, and the account expires after that number of days.

The last one is also empty, which indicates reserved bits, which are reserved for later expansions.

/etc/group

Ibid., with ":" As the delimiter, so divided into four parts, followed by the following:

GroupName group name: User

Password bit: x, same reason

gid:500

Group member: Here is empty, here the group members represent the groups of additional groups, the test is as follows, the group's primary group is user, add the group's additional group is User1

But here is a problem, that is, the same as the User1 as the user additional group members, once again set it as the main team, again see/etc/group can find, the last one did not change, or User1, test the following

Add User2 as additional group, still no change, when said User1 deleted, again review the file, the last one User1 deleted, test as follows

PS: The problem is summarized as follows: This group is the member list of the secondary group. When a member first treats the group as a secondary group and then turns it into a primary group, it does not change. When a member leaves the group, it is deleted.

/etc/gshadow

The same as ":" As the delimiter, so divided into 4 parts, followed by the following

Group Name: User

Password bit: Ibid. understand this bit

Group Administrator bit: The place is empty, I do not test, this bit means the location of the group administrator, can be multi-member

Team members: Understand the same, no longer repeat

Test some commands if you do not know can enter the file, by hand to modify the file method also spoken to achieve the effect of the test. This section is mainly to the member of the group configuration file for a preliminary analysis, where there are explanations of the error of the place I hope you put forward, interested in the great God can carry out more in-depth learning, mutual learning, common progress, refill.

　　

Learn linux--profiles for users and groups