Linux Basics-Users and groups. txt

1. Create a group

Increase the Oinstall group, specifying the group ID. [[email protected] ~]# groupadd-g 1023 oinstall add Oper system group. [Email protected] ~]# groupadd-r oper

2. Delete a group

[Email protected] ~]# Groupdel oper

3. Modify the Group

Modify the group ID of the Oinstall group to 1024[[email protected] ~]# groupmod-g 1024x768 oinstall Modify Oracleinstall Group group name Oinstall[[email protected] ~]# Groupmod-n Oinstall Oracleinstall

4. Create a user

Create an Oracle user with a user ID of 1010, a primary group of Oinstall, an additional group of DBA and Oper, and a home directory of/home/oracle,shell as bash. [[email protected] ~]# useradd-u 1010-g oinstall-g dba,oper-m/home/oracle-s/usr/bin/bash Oracle adds system users, system users are only used to start system processes , you cannot sign in to the interactive shell environment and do not create home directories and mailboxes for them. [Email protected] ~]# useradd-r CentOS

When these options are not specified, Useradd creates the user with the default options.

[Email protected] ~]# Useradd-dgroup=100home=/homeinactive=-1expire=shell=/bin/bashskel=/etc/skelcreate_mail_ Spool=yes

These default options are actually recorded in the/etc/default/useradd file, and the/etc/login.defs also affects the default actions for commands such as Useradd, Userdel, and so on.

These default options need to be noted in Skel=/etc/skel, which is a description of it in the Help manual.

Skeleton directory, which contains files and directories to be copied to the user's home directory when a user is created by using Useradd. This option is only valid if the-m (or--create-home) option is specified. If this item is not set, the skeleton directory uses the Skel variable in/etc/default/useradd or the default is/etc/skel. If you can, also copy ACLs and extended properties.

The user is logged in the/etc/passwd, separating the fields with a colon. The password here is just a placeholder, not a real user password.

Name:password:UID:GID:GECOS:directory:shell

The user password information is encrypted in the/etc/shadow, and the file permission is 000, but this is not valid for root, that is, the file only root can be opened.

[Email protected] ~]# ls-l/etc/shadow----------1 root root 3 20:35/etc/shadow

The password is encrypted into the following form, and $ is a delimiter. The 1th paragraph is encrypted (6), the 2nd is Salt (MA./WVPA), and the 3rd segment is the result of encryption.

$6$ma./wvpa$dqacbc90xxddatttjcpmghps3b5z5mc2vvpzpho5jspk6ggw4b4nvqriadrvrg2komppzj0vbs38qpovfzy1f0

Encryption method corresponding Table

ID | Method---------------------------------------------------------1 | md52a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since GLIBC 2.7)

There are several fields in the/etc/shadow file that are the term setting for the account or password, specifically referring to the man manual.

[[email protected] ~]# Man 5 Shadow

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7C/EA/wKiom1bb7jvQZL91AABG060MOGo371.png "title=" Password term " Width= "height=" 175 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:175px; "alt=" Wkiom1bb7jvqzl91aabg060mogo371.png "/>

Lastday is the last time the password was modified

Mindays is the minimum password period, and the password must not be changed during this period.

Maxdays is the maximum password age, and the user should change the password after expiration.

Warndays for the warning period, the password will soon expire, a period of time in advance to remind users to change the password.

Inactive is an inactive period, the password expires after a period of time to allow users to log in, but only after login to modify the password, can not do anything else.

After the inactive period the user still does not change the password, the user will be locked and no longer logged in.

The above is the password period, there is a field is the account term, the two are different concepts. The explanation in the Man Handbook is this.

Note that the account expiration differs from a password expiration. In case of a acount expiration, the user shall not being allowed to login. In case of a password expiration, the user isn't allowed to login using her password.

5. Change the age setting of the account or password

The minimum password age is 7 days, the maximum lifespan is 30 days, the warning period is 3 days, and the inactive period is 3 days. [[email protected] ~]# chage-m7-m30-w3-i3 mageedu Change the password the last time it was modified, it needs to be converted to a set time of January 1, 1970. [[email protected] ~]# chage-d16860 mageedu set the account expiration time to be converted to the set time to January 1, 1970 days. [Email protected] ~]# chage-e16920 mageedu

Calculate the number of days from the current time to January 1, 1970

[[email protected] ~]# let t= ' date +%s '/86400[[email protected] ~]# echo $t 16866

6. Delete a user

Deleting a user, by default, does not delete the user's home directory and mailbox. [[email protected] ~]# Userdel mageedu Delete the user, while deleting the user's home directory and mailbox. [Email protected] ~]# Userdel-r mageedu

7. Modify the user

[Email protected] ~]# usermod-u 1020-g oinstall-g dba,oper-m/home/oracle-s/usr/bin/bash oracle[[email protected] ~ ]# usermod-l rhel redhatenterpriselinux# switch to username [[email protected] ~]# usermod-l test# Lock user account [[email protected] ~]# Usermod- U test# Unlock user account

8. User Password Management

Modify the current user's own password [[email protected] ~]# passwd Modify other user's password [[email protected] ~]# passwd mageedu

Attention:

• Only the root user can modify the other user's password, other users can only modify their own password.

• Root does not need to enter the original password when changing the password, other users need to enter the original password to verify the identity.

• The root user can use any string as the password, while other user passwords must meet certain complexity requirements.

Lock user's password [[email protected] ~]# passwd-l mageedu unlock user's password [[email protected] ~]# passwd-u mageedu Clear User's password [[email protected] ~] # passwd-d Mageedu

9. Group Management

Set password for group [[email protected] ~]# gpasswd mageedu Delete group password [[email protected] ~]# gpasswd-r mageedu Add user member to group [[email protected] ~]# g Passwd-a Twoyang mageedu Remove a user member from a group [[email protected] ~]# gpasswd-a Twoyang mageedu

10. View User ID Information

[[email protected] ~]# iduid=0 (root) gid=0 (root)-U, groups=0 print only the--user user effective, id-g  Print only the effective group ID-G,--groups Print all group ids-n,--name print a name instead of a number, for -ugg

11. Switch Users

Switch to mageedu user identity and still use the root user's environment variable. [[email protected] ~]# su mageedu switch to mageedu user identity and load mageedu user's environment variables. [[email protected] ~]# su-mageedu executes the command "date +%h:%m:%s" using the mageedu user and returns the result. [[email protected] ~]# su-mageedu-c "Date +%h:%m:%s" 16:21:33

12. Log in to a new group

[[email protected] ~]# ID uid=0 (root) gid=0 (root) groups=0 (root) [[email protected] ~]# newgrp Mageedu[[email protected] ~] # iduid=0 (Root) gid=1000 (mageedu) groups=0 (Root), (mageedu) Note: If the new group you are logged into has a group password, you will need to verify the password before you can log in. Of course it's useless for root.

This article is from the "knfprex3a29" blog, make sure to keep this source http://knfprex3a29.blog.51cto.com/9761463/1748101

Linux Basics-Users and groups. txt