Linux account management

In linux, user accounts, user passwords, user group information, and user group passwords are stored in different configuration files. Etcpasswd: save the user

In linux, user accounts, user passwords, user group information, and user group passwords are stored in different configuration files.

/Etc/passwd: save the user account and related information (except the password ).
/Etc/shadow: save the password information of the user.
/Etc/group: stores all information about the user group.
/Etc/gshadow: save the password information of the user group.

In the passwd file, a user account is defined for one row. each row consists of multiple different Fields. the values of each field are separated, each field represents some information about the account. In the just-installed linux system, the passwd configuration file already contains a lot of account information, which is automatically created by the system, they are the accounts required for the normal operation of linux processes or some service programs. The value of the last field of these accounts is generally/sbin/nologin, indicating that this account cannot be used to log on to the linux system.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

In the passwd configuration file,

Mappings between fields from left to right and their meanings:

Root: x: 0: 0: root:/bin/bash

The first field is the user name (also known as the login name ).

Field 2: Password. because passwd does not save the password information, it is represented by x placeholder.

Field 3: User ID (UID ).

Field 4: User Group id (GID ).

Field 5: full name of the user name, which is optional and can be left unspecified.

Field 6: location of the user's main directory.

Field 7: shell type used by the user.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

In the shadow configuration file,

Mappings between fields from left to right and their meanings:

Root: $6 $ D2MTcvb $ JVtbwYZZGCZpj. Digest/cLhnzoxWi5qRjaarQZbaqX85MQguykAl/: 16125: 0: 99999: 7 :::

The first field is the username (also called the login name), which is the same as/etc/passwd. in this way, the passwd is associated with the user records in shadow. This field is not empty;

Field 2: password (encrypted). if some users are in this section *, this user cannot log on to the system. This field is not empty;

Field 3: The last time the password was modified. The time is the interval (days) from January 1, January 01, 1970 to the last time the password was modified );

Field 4: The minimum number of days between two password changes. if it is set to 0, this function is disabled. that is to say, how many days must the user modify the password;

Field 5: The maximum number of days between two password changes. this increases the administrator's timeliness in managing user passwords;

Field 6: The number of days in advance to warn the user that the password will expire. after the user logs on to the system, the system logon program reminds the user that the password will be extinct;

Field 7: The number of days after the password expires;

Field 8: User Expiration Date. This field specifies the number of days for the user to invalidate (days from January 1,). If the value of this field is blank, the account is permanently available;

Ninth field: reserved field. it is currently blank;

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

The user group is in the group configuration file,

Mappings between fields from left to right and their meanings:

Root: x: 0:

The first field is the name of the user group, which consists of letters or numbers. Same as the login name in/etc/passwd, the group name should not be repeated.

Field 2: The field stores the user group's encrypted password. Generally, the password is x because/etc/gshadow exists.

Field 3: similar to the user ID, it is also an integer used to identify a group in the system.

Field 4: list of all users in this group/B]. different users are separated by commas. This user group may be the user's primary group or an additional group.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

In the gshadow configuration file,

Mappings between fields from left to right and their meanings:

Root :*::

The first field is the name of the user group, which consists of letters or numbers. Same as the login name in/etc/group.

Field 2: The field stores the user group's encrypted password. If it starts! The password is invalid.

Field 3: Account of the user group administrator.

Field 4: Account of the user group. Same as in/etc/group

An account can have multiple user groups. the user group to which an account belongs at the current time is a valid user group.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

Query the current valid User group:

~ $ Groups

Zsp adm cdrom sudo dip plugdev lpadmin sambashare

The user group of the created file belongs to the valid user group zsp.

Change valid User group:

~ $ Newgrp test
~ $ Groups
Test zsp adm cdrom sudo dip plugdev lpadmin sambashare

The first list is the current valid user group.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>

/Etc/sudoers

Except for the root account, if you want to use sudo to run the root permission command, root must first use mongodo to modify/etc/sudoers, allow this account to use all or part of the root command function.

Root ALL = (ALL: ALL) ALL

The first field indicates which account of the system can use the sudo command. the default value is the root account;

Field 2: When the host of this account is online to the Linux host, this configuration value can be used to specify the client computer. Default value: root can be from any network host

Field 3: The identity of the account to be switched to for subsequent commands. by default, the root account can be switched to anyone;

Field 4: commands available for this identity.

By default, root can switch any identity and execute any command.

ALL is a special keyword that represents any identity, host, or command.