Linux Basics---Users

Users and Groups

I. Concepts of users and groups

The concept of users and groups is introduced as computers become more and more demanding for multiple users. The so-called user is the operating system used to identify the login system. Is that users and groups are the core elements that implement computer resource allocation. Group: is a collection of users with the same computer resources (mainly referred to as permissions).

In the computer kernel, users and groups are a number, which we call UID and GID. UID and GID have uniqueness in the system. Implementation of this process for name resolution to complete, in the Linux system using the GLib library system calls to complete.

Second, user identification

Identify user via 3A (authentication,authorization,audit)

Authentication: Using passwords to achieve

Authorization: Authorization

Audit: Auditing (implemented through the Operation log)

Iii. User and Group categories

User Category:

Admin User: Uid=0

System User: 1 <= UID <= 499

Normal User: UID >= 499

Group Category:

Administrators group: Gid=0

System Group: 1 <= GID <= 499

User group: GID >= 500

Iv. correspondence between users and groups

Single-to-one: a user exists in a group, that is, the user is the only member of the group

One-to-many: a user can exist in multiple user groups, and this user has common permissions for multiple groups

Many-to-one: multiple user groups can exist in a group that has the same permissions as the group

Many-to-many: multiple users can exist in multiple groups, that is, the extension of the above relationship

V. User and Group-related configuration files

1, relevant users of relevant documents

/ETC/PASSWD: User account information

/ETC/PASSWD-:/ETC/PASSWD backup (back up)

/ETC/PASSWD file Format:

Account:password:UID:GID:GECOS:directory:shell a user's information in one row

Specific meaning:

" TD width= "valign=" Top ">account

Field	password	uid< /td>	gid	gecos	dire Ctory	shell
meaning	user account string	Password locator (formerly password)	user identification number is the UID of the user, usually the value range of the UID number is 0~65535		Note information

Root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x : 3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/sync

Password Complexity policy:

• Numbers, lowercase, uppercase, and special characters at least three classes

• Minimum Length 5 bits

• Don't use easy-to-guess passwords

• Revise regularly and do not use passwords that have been used recently

Encryption method:

• Symmetric encryption: Encryption and decryption use the same key; Key distribution is difficult

• Public-Key Cryptography (Asymmetric Encryption): Encryption and decryption using a pair of child keys

• One-way encryption: Extract the unique characteristics of the data, mainly for the integrity of the data-only one-way encryption characteristics are fixed-length output, irreversible; avalanche effect

/etc/shadow: User password and associated account settings

/etc/shadow-:/etc/shadow backup (back up)

/etc/shadow file Format:

Login name:password:date of last password change:minimum password age:maximum password Age:password warning PERIOD:PASSWO RD Inactivity Period:account expiration date:reserved field One user information in a row, the user encrypts the consultation file. Since the/etc/passwd file is readable by all users, so that the user's password is vulnerable to disclosure, so the user's password information is separated from the/etc/passwd, and placed in a separate file, this file is/etc/shadow, This file only has read access to the root user, thus guaranteeing the security of the user's password.

Specific meaning:

TD width= "Valign=" "Top" >account expiration date

field		password	date of last password change	minimum password age	maximum password age	password warning period	password inactivity period	reserved field
Meaning	User name, corresponds with/etc/passwd	Password after encryption	The last time the password was modified (from 1970-01-01 to the current number of days)	Minimum password lifetime (days)	Maximum password age (days)	Password Expiration warning interval (days)	Inactivity Time (days)	Account expiration time, absolute time	Reserved area

Centos:$6$x/hwvp5q$5quun33gwjfhalxij1e.9xveulseq1k6upmcdp.ry8h7y9bs7xvnqrdqsxihwciuueweqfw0re8utpk37zah91 : 16252:0:99999:7:::mandriva:!! : 16255:0:99999:7:::gentoo:$6$queamrzj$l8g8osdrr6lzm8kcuu9cienynbgs/ sutsvnjf2prd5idrsyama.jrkh2gi86b3qqfmqr1ozqwx.tqtlybocnj/:16255:2:60:3:7::openstack:!! : 16255:0:99999:7:::

2, relevant group of related documents

/etc/group: Group's account information

Backup of the/etc/group-:/etc/group file

/etc/group file Format:

Group_name:passwd:GID:user_list

Specific meaning:

Field	Group_name	passwd	Gid	User_list
Meaning	Group name	Group Password Locator	Gruopid	Comma-separated list of users belonging to this group (as a subordinate group)

Root:x:0:bin:x:1:bin,daemondaemon:x:2:bin,daemonsys:x:3:bin,admadm:x:4:adm,daemon

/etc/gshadow: Password information for the group

Backup of the/etc/gshadow-:/etc/gshadow file

/etc/gshadow file Format:

Field	Group_name	passwd	Gid	User_list
Meaning	Group name	Password after encryption	User Group Manager	Group member

Root:::bin:::bin,daemondaemon:::bin,daemonsys:::bin,admadm:::adm,daemon

Vi. other relevant configuration files

(1) Etc/login.defs file

Used to define the default settings for creating a user, such as specifying the scope of the user's UID and GID, the user's expiration time, whether to create a user home directory, and so on.

Below is the centos6.4 under the/etc/login.defs, briefly introduced as follows:

[Email protected] ~]# Cat/etc/login.defs | Grep-v ^# | grep-v ^ $MAIL _dir/var/spool/mail# When creating a user, create a user MAIL file in the directory/var/spool/mail pass_max_days99999# Specify the maximum number of days that the password remains valid Pass_ min_days0# indicates how many days since the last password modification the user is allowed to modify the password pass_min_len5# the minimum length of the specified password pass_warn_age7# indicates how many day before the password expires the system notifies the user that the password is about to expire Uid_min 500# Specify a minimum UID of 500, that is, when adding a user, the user's UID starts at 500 uid_max60000# specifies that the maximum UID is 60000 gid_min 500# specifies a minimum GID of 500, that is, when the group is added, the group's GID starts with 500. gid_max60000# specifies that the maximum GID is 60000create_homeyes# This entry is to specify whether the user home directory is created, yes is created, and no is not created. UMASK 077# default Home directory mask Usergroups_enab yes######## #有待验证 ####################### #ENCRYPT_METHOD SHA512 #默认密码加密算法是SHA512

(2)/etc/skel catalogue

The/etc/skel directory defines the default profile for new users in the home directory, and changes the contents of the/etc/skel directory to change the profile information for the new user's default home directory, such as when a new user is created, and a similar. Bash_profile is seen in the new user's home directory. BASHRC,. Bash_logout, and so on, these files are present in the/etc/skel directory.

(3)/etc/default/useradd file

Useradd when adding a user's rule file, when we create a user through the Useradd command without any parameters, the user's default home directory is usually located under///, the default shell used is/bin/bash, which is/etc/default/ Defined in the Useradd file. Changing this file allows you to change the default configuration of the add user, which can be implemented through the parameters of the AddUser command in addition to this method.

[Email protected] ~]# Cat/etc/default/useradd # useradd defaults filegroup=100home=/home #把用户的家目录建在/Home Inactive=-1 # Whether to enable account expiration stop, 1 means not to enable expire= #帐号终止日期, not set to indicate that Shell=/bin/bash #所用SHELL的类型SKEL =/etc/skel is not enabled #默认添加用户的目录默认文件存放位置; When we add a user with AddUser, the files in the user's home directory are copied from this directory to the past Create_mail_spool=yes #当创建用户时, and a user MAIL file is created in the directory/var/spool/mail. Yes is created, no is not created.

Vii. management of users and groups

1) User's management commands

Useradd,adduser: Adding users

Command	Common parameters	Parameter meaning	Example
Useradd or AddUser	-U	Specify UID for user	Useradd-u 506 Gentoo
	-G	Specify the user's GID	Useradd-u 506-g-Gentoo
	-G	Specify additional groups for users, you can specify multiple additional groups	Useradd-u 506-g Linux,centos Gentoo
	-C	Add comment information, do not specify empty by default	Useradd-c ' This is a test user ' Ubantu
	-D	Specifies the user's home directory, if not specified, the default number of directories under the/hmoe/directory with the same name as the user name	useradd-d/tmp/redhat Redhat
	-S	Specifies the user's default shell, which is not specified by default,/bin/bash	Useaadd-s/sbin/nologin Slackware
	-R	Add a System User	Useradd-r MySQL
	-M	Automatically created if the user does not have a home directory
	-M	Force not to create home directory	Useradd-m ArchLinux
	-E	Expire_date Account Termination Date	USERADD-E 14/7/20 SuSE

Userdel: Deleting users

Usage: Userdel user_name

Common parameters:-R Delete User is to remove user's home directory such as Userdel-r Gentoo

passwd: Set a password for the user

common parameters	parameter meaning	example
--stdin	avoid interactive setup password	echo ' Acrhlinux ' | passwd archlinux
-l,-u	user lock, Solution Lock	passwd-l archlinux Passwd-u archlinux
-n,-x,-w,-i	set user's minimum use, maximum use, alarm, inactivity period

Usermod: Modify the user command, you can change the login name, the user's home directory through USERMOD, etc.

Common parameters	Parameter meaning	Example
-u,-g,-s,-c	Modify the user's Uid,gid, default shell, annotation information	Usermod-u 800-g 6666-s/bin/zsh-c ' Beijing Zhongguancun ' Gentoo
-g-a	When you modify a user's additional group, you want to keep the original additional group, and you need to use the-A and otherwise overwrite the original additional group	Usermod-a-G Gentoo,centos,linux Ubantu
-d-m	Modify the home directory, if you want to save all the files in the original home directory, then use with-M	usermod-d/tmp/linux-m Gentoo
-l,-u	Locking and unlocking users	Usermod-l Redhat Usermod-u Redhat

Chown: The genus group that changed the file

common parameters		example
-r,-r	change this directory and all the files in this directory belong to the main group	1, modify/tmp/ The genus Group for the Mylinux file is Gentoo Chown gentoo:gentoo/tmp/mylinux or chown gentoo.gentoo/tmp/mylinux 2, modify/ The owner of the Tmp/mylinux file is Gentoo Chown gentoo/tmp/mylinux 3, modify/tmp/mylinux file belong to Gentoo 4, modify/ The main genus of the files under the tmp/test/directory is the Gentoo

PWCOVN: Synchronizing users from/etc/passwd to/etc/shadow

PWCK:PWCK is verifying that the contents of the user profile/etc/passwd and/etc/shadow files are legitimate or complete

Pwunconv: Is Pwcov the reverse operation, is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file

Finger: Viewing the user Information tool

[email protected] ~]# finger centoslogin:centos name:directory:/home/centos Shell:/bin/bashon sin Ce Sat Jul 5 11:21 (CST) on PTS/2 from 172.16.9.17 8 hours minutes Idleno mail. No Plan.

ID: View the UID, GID, and user group belonging to the user

[email protected] ~]# ID centosuid=500 (CentOS) gid=500 (CentOS) groups=500 (CentOS), (magedu)

CHFN: Change user Information tool

SU: User Switching tool

Common parameters:

Su-l usename or su-username full switch

SU-C executes the command as a switch user, for example:

[Email protected] ~]# su-centos-c ' WhoAmI ' CentOS

Sudo:sudo is executed by another user (execute a command as another user), SU is used to switch the user, and then to complete the task by switching to the user, but sudo can execute commands directly, such as sudo does not need root The password can perform the root assignment and only root can execute the corresponding command, but you have to edit the/etc/sudoers through Visudo to achieve

Visudo:visodo is the command to edit the/etc/sudoers, or you can edit the/etc/sudoers directly with VI without this command.

Sudoedit: Same as sudo function

2) Group Management commands

Groupadd: Adding user groups

Common parameters:

-G: Specify the group ID for example: groupadd-g CentOS

-r: Specify a system group

Groupdel: Deleting a user group

Groupmod: Modifying user group information

CHGRP: Changing the group to which the user belongs

Groups: Displays the user group to which the user belongs

GRPCK: Check the/etc/group file and/etc/gshadow file to check that the data is stored correctly

GRPCONV: Synchronize or create/etc/gshadow with file contents of/etc/group and/etc/gshadow, if/etc/gshadow does not exist create

Grpunconv: Synchronize or create/etc/group by/etc/group and/etc/gshadow file contents, then delete gshadow file

Eight, manually create a user

1, manually add a line in the/etc/passwd (of course, the user name, UID can not use already exist)

Test1:x:2222:2222::/home/tes1t:/bin/bash

2. Generate Password information

echo ' Redhat ' | Sha512sum

20641bd9d93708c844f59bf5f5d5bfb16fd5c3cece84127f56072579f778e6aca04ca7985eb4a7f555bd9532115205884d11fc5323534618da7596c30 0b4666d

and add this line in/etc/shadow

test1:$6$brfe2dsw$ 20641bd9d93708c844f59bf5f5d5bfb16fd5c3cece84127f56072579f778e6aca04ca7985eb4a7f555bd9532115205884d11fc5323534618da7596c30 0b4666d:16255:0:99999:7::::

3. Manually add a line to the/etc/group

test1:x:2222:

4, copy the relevant documents to the home directory

Cp-r/etc/skel//home/test1

5. Modify Home Directory Permissions

Chown-r test1.test1/home/test1/

This completes the creation of a user, which can be landed.

This article is from the "After Dark" blog, be sure to keep this source http://guoting.blog.51cto.com/8886857/1434957