[Linux] account management

When a user logs on to Linux, Linux will perform the following checks: 1) match the user name entered in the etcpasswd file to obtain the UID and GID of the user name (where GID and etcgroup are associated), Home directory, and Shell settings 2) Check the user's password etcpa in etcshadow

When a user logs on to the Linux system, the Linux system performs the following checks:

1) match the input username in the/etc/passwd file to obtain the UID and GID (in which GID and/etc/group are associated), Home directory, and Shell settings for this username.

2) Check the password of the user in/etc/shadow.

/Etc/passwd file structure each row of this file represents an account, as shown below:

oracle:x:501:501::/home/oracle:/bin/bash

1. username 2. password: The early password is put in this field, but the current password has been put in/etc/shadow separately, so this field has no meaning, with 'X' placeholder 3. UID: 0: root 1 ~ 499: System account, such as bin, daemon, adm, nobody, etc.> = 500: normal user account 4. GID: Associated with/etc/group. user information description: it is generally useless. it is null. 6. main Folder 7. default shell/etc/shadow file structure

oracle:$6$AsOW5s9y$1JhRl0RYwGN48TVNMqF6sFrTKbo9.tvdHUR.xeFHzoFIqtzWnTrBE7oa99qlXOIRidfQyNPcGyS9eX2Ajy.Od0:16024:0:99999:7:::

1. username 2. encrypted password 3. date on which the password was recently changed: the change date is an integer that indicates the number of days accumulated since January 1, January 1, 1970. 4. days when the password cannot be changed (compared with the 3rd fields): 0 indicates that the password can be changed at any time. 5. the number of days the password needs to be changed (compared with the 3rd fields): indicates that the user must change the password within the number of days; otherwise, the password will be unavailable. 99999 (January 1, 273) indicates that no change is required. 6. the number of days of warning before the password needs to be changed (compared with 5th fields) 7. the number of days after the password expires (compared with 5th fields) 8. account expiration date 9. reserved field
/Etc/group File structure

oinstall:x:501:dba:x:503:oracle
1. user group name 2. user group password: moved to/etc/gshadow3. GID4. account of the user group
In the preceding example, oracle belongs to both the oinstall and dba groups. why is the 4th column of oinstall empty? This is because it is the initial user group (that is, the user group after oracle login), and dba is not. Next let's take a look at what is a valid user group. although a user can belong to multiple user groups, there can only be one valid user group at the same time (the default is the initial user group ), you can run the groups command to view the following information:
[oracle@lx16 ~]$ groupsoinstall dba
As shown above, the most effective user group is the valid user group. to change the current valid user group, run the newgrp command:
[oracle@lx16 ~]$ newgrp dba[oracle@lx16 ~]$ groupsdba oinstall
Account ManagementUseraddUseradd is used to create a user. its default value can be obtained using the following command:
# useradd -DGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelCREATE_MAIL_SPOOL=yes
That is to say, when you use the useradd username command to add a user, the above default value will be used. The following are examples:
Useradd zhuxj -- create a default user useradd-u 700-g users zhuxj -- specify uid as 700 and user group as usersuseradd-r zhuxj -- create a system user

PasswdAfter an account is created using useradd, the account is locked by default. you must use the passwd command to set a password for the account.
Passwd zhuxj -- change the password of zhuxj passwd -- change your password

UsermodSimilar to useradd, used to modify a user
UserdelDelete a user. its usage is as follows:
Userdel [-r] username-r: delete together with the home directory