Linux Basic Series (iv) system user and Group management

Linux is a multi-user, multi-tasking operating system, any user who wants to use the system resources, must apply to the system administrator an account, and grant the appropriate permissions to the account before entering the system. On the one hand, the user's account can help the system administrator to track the users who use the system and control their access to system resources, and on the other hand can help users organize files and provide security protection for users.

Each user account has a unique user name and password. Users can enter the system and their home directory only after they have provided the correct user name and password. (This is similar to the bank to apply for a personal account, the bank will create a personal account and password for you, and only give you some of the business has the appropriate rights, such as saving money, transfer, the bank can track your account information in the background, the user has the appropriate security protection).

Description of the user and group UID definitions

Linux Users:

Administrator: The UID is "0";

Normal User: UID is "1-65535"

Linux Group:

System Group: CentOS 6 The UID is "1-499" and CentOS 7 has the UID "1-999"

Normal Group:CentOS 6 The UID is"1000+", and theCentOS 7 uid is "

A simple understanding of the user name and its corresponding UID, user group, and group UID They are unique, such as we want to see the root user belongs to, you can directly query the user name, or the UID, as follows:

[[email protected] ~]# ID rootuid=0 (root) gid=0 (root) groups=0 [[email protected]host ~]# ID 0uid=0 (root) gid=0 (root ) groups=0 (Root)

Linux User and group-related configuration files

/ETC/PASSWD: User and its attribute information (name, UID, base group ID, etc.);

[Email protected] ~]# Cat/etc/passwdroot:x:0:0:root:/root:/bin/bash

Meaning: User name: Password: uid:gid: Additional group: Home directory: Default Shell

/etc/group: Group and its attribute information;

[Email protected] ~]# Cat/etc/groupgentoo:x:2201:mandriva

Meaning: Group name: Group Password: GID: List of users with the current group as additional groups (comma delimiter)

/etc/shadow: User password and its related attributes;

[Email protected] ~]# Cat/etc/shadowroot:$1$6usiqorh$544lsxloucbxu6onnahea.:16787:0:99999:7:::

Meaning: User name: encrypted password: the date of the most recent password change: Minimum password Age: Maximum password Age: password warning Period: Password Disable period: Account expiration Date: Reserved field

/etc/gshadow: group password and its related attributes;

User and group-related administrative commands

User creation command:useradd

Syntax format: useradd [options] LOGIN #useradd option username

The options include the following:

-U UID: User number (identity), [Uid_min,uid_max], defined in/etc/login.defs-g GID: Indicates that the user belongs to the base group, can be a group name, or gid;-c "COMMENT": User's comment information;-D: With the specified path as home directory (home directory), if this directory does not exist, then use the-M option to create a directory;-s shell: Indicates the user's default login SHELL, the available list is in the/etc/shells file;-G GROUP1: Specify additional groups for the user ; The group must exist beforehand;-r: Create System User:

Group Creation Command:groupadd

Syntax format: groupadd [option] ... group_name #groupadd option user Group

The options include the following:

-G GID: Indicates the GID number; [gid_min,gid_max]-r: Create System User: (CentOS 6:id<500; CentOS 7:id<10)

For example:

1. Add a new group named group1

#groudadd group1

2, Add a new group named group2, the user's UID is 120

#groupadd –g group2

Group Delete command: Groupdel

Groupdel [option] ... group_name #group option group name

For example: [[email protected] ~]# Groupdel Linux

For example: Create user Jim, login shell for /bin/csh, additional group Admin, annotated message "Gentoo distribution", home directory is /usr /jim

[[email protected] ~]# groupadd admin[[email protected] ~]# useradd-s/bin/csh-gadmin-c "Gentoo distribution"-d/usr/j Im-m Jim

Delete User command : Userdel

Command syntax: userdel [option] ... login #userdel option username

-r: Delete user home directory;

For example: [[email protected] ~]# userdel-r Jim #删除用户jim以及家目录

to switch users or execute commands as other users:su

Syntax format: su [Options ...] [-] [user [args ...]]

For example:

[[email protected] ~]# su jimjimlv   #切换至用户jimjimlv [[email protected]  root]$ ls   #已切换至用户jimjimlv, try to run the LS command  ls: cannot open directory .:  permissiondenied   #此时报错 because the current directory is still under root, and user JIMJIMLV is not authorized to access the file under the root user directory,[[email protected]  root]$ su – root   #切换为root用户  Password:Last login: Tue Jan   5 19:22:53 PST 2016 on pts/0[[email protected]~]# su –  jimjimlv    #切换至用户jimjimlv, this time we use the "-" option        last login:  tue jan  5 19:23:04 pst 2016 on pts/0[[email protected]  ~]$ ls   #成功切换至用户jimjimlv, the current directory is also the home directory for users JIMJIMLV, desktop documents  downloads   game.sh music  pictures  playground public  templates   videos[[email protected] ~]$ su - rootpassword:last login: tue jan  5  19:23:37 pst 2016 on pts/0[[email protected] ~]# su jimjimlv[[email  protected] root]$ su - root -c ls  #以root账号执行ls命令Password: anaconda-ks.cfg  config.sh passwd  passwd

Summarize:

Su UserName: Non-login switch, that is, the target user's configuration file will not be read;

Su-username: Login switch, will read the target user's configuration file; switch completely;

a different Identity execution command:su [-] username-c ' command '

Note:root su to other users do not need password, non- root user needs a password when switching;

User Property Modification:usermod

syntax Format:usermod [option] Login #usermod option username

-U UID: New uid-g GID: New Basic Group-G: New add-on group, the original additional group will be overwritten, if the original, you want to use the-a option to represent the Append;-s SHELL: The new default shell;-c ' COMMENT ': new annotation information;-D HOME: New home directory, files in the original home directory will not be moved to the new home directory at the same time, to move, then use the-M option;-l login_name: new name;-l:lock Specify user-u:unlock specified user-e YYYY-MM-DD: Indicates user account expiration date ;-F INACTIVE: Set inactivity Period

For example: Modify the user jimjimlv Shell is /bin/zch, home directory is /HOME/JIMJIMLV, the annotation information is " Revies deitribution", user group is"Linux"

[Email protected] home]# usermod-s/bin/zch-d/home/jimjimlv-m-C "revies distribution"-G Linux JIMJIMLV

User Password management:passwd

An important part of user management is the management of user passwords. The user account has just been created without a password, but is locked by the system, cannot be used, it must be given a password before it can be used, even if a blank password is specified.

specifying and modifying the user password the shell command is passwd. A superuser can specify a password for himself and another user, and a normal user can only use it to modify his or her password. The format of the command is:

Passwd [options] UserName Passwd option user name

-L: Lock the specified user, that is, disable the account-u: Unlock the specified user-D: Make the Account no password-n mindays: Specify the minimum age of Use-X maxdays: Maximum use of-W warndays: How many days in advance warning-I inactivedays: inactivity period;-F : Force user to change password at next logon

Complexity Policy for passwords:

1, the use of numbers, uppercase letters, small letters and special characters in at least 3 ;

2, long enough;

3, the use of random password;

4, regular replacement; Do not use passwords that have been used recently;

For example:

Modify user Rain the login password

[Email protected] ~]# passwd rainchanging password for user rain.new password:retype New password:passwd:all authenticat Ion Tokens updatedsuccessfully.

Allow only administrators to change passwords

[[email protected] ~]$ passwd jimjimlvpasswd:only root can specify a user name. [[email protected] ~]$ passwd rainpasswd:only root can specify a user name.

Use the option "-l "Lock the user account so that it cannot log in

[Email protected] ~]# passwd-l rainlocking password for user Rain.passwd:Success

This article is from the "near home" blog, be sure to keep this source http://nearlv.blog.51cto.com/2432295/1732074

Linux Basic Series (iv) system user and Group management