Linux account Management (i)

Organized from "Bird Brother's Linux private Dishes", collation: hua ke xiao tao http://www.cnblogs.com/hust-ghtao/

An important part of the administrator's job is "manage accounts". Because the whole system is in your management, and all the general user's account application must be through your assistance! So you have to know how to manage a server Host account. When managing the Linux account, we must first understand how Linux identifies each user.

1. The ins and outs of user login

1.1 Landing process

The users above the Linux system need to go through the following steps if they need to log on to the host to get the shell environment to work:

• First look for/etc/passwd whether you entered the account, if not, if not, if any, then the account corresponding UID and GID read out, in addition, the account's home folder and shell settings are also read together.
• Check the password. At this point, Linux will enter the/etc/shadow inside to find the account corresponding to the account and UID, and then check the password entered with the inside of the password is consistent.
• If all goes well, the landing succeeds and the Shell's control is obtained.

1.2/ETC/PASSWD file Structure

file similar to:

Each row represents an account, and the fields are separated by ":", with a total of seven fields, namely:

Account name: Password: uid:gid: User information is listed: Home folder: Shell

Description

• Password: the password for the early Unix system is placed on this field! However, the permission of this file is all the program can read, it is easy to cause the password data is stolen, so the password data of this field is then put in/etc/shadow, so here you will see an "X".
• Shell: The default shell will use bash, which is specified in this field. It is important to note that there is a shell that can be used to replace the login operation that allows the account to not get the shell environment, that is/sbin/nologin.

1.3/etc/shadow file Structure

Many programs run with permissions, and permissions are related to Uid/gid, so each program will of course read/etc/passwd to understand the permissions of different accounts. So

The/etc/passwd permission needs to be set to-rw-r--r--。 Because such a relationship password moved to/etc/shadow this file, and added a lot of restrictions. The file structure is similar to the following:

Each row represents an account, and the fields are separated by ":", with a total of nine fields, namely:

Account name: Password: Last changed date: Number of days that cannot be changed: number of days to change: Warning Days: Grace time: Expiry date: Reserved

2. Valid with initial user group

look at the two files directly related to the account, and then take a look at the user group profile:/etc/group and/etc/gshadow.

2.1/etc/group file Structure

the contents of the file are somewhat like this:

Each row represents a user group, and the ":" as the field separator, divided into 4 columns, respectively:

User group name: User group password: GID: Supported account name

Description

• User group password: usually not required, left to "user group administrator". Also moved to/etc/gshadow, so it is "X".
• Figure out the relationship between the Uid/gid and the password between the account-related files:

• valid user groups and initial user groups. Now there is a problem, an account can be added to a number of user groups, then at work, in the end, which user group to prevail? In/etc/passwd fourth column, the corresponding user group is the initial user group, the user login will be actively obtained, do not need to/etc/group fourth field to write the account. When the account is working, the commands for viewing and changing valid user groups are groups and NEWGRP, whichever is the active user group.

File structure of the 2.2/etc/gshadow

The file structure is as follows:

The meaning of each field:

User group name: Password: User group Management account: Account number

Description

• This file is associated with creating a "user group administrator". That is, the account is too many, root management can not come over, it is possible to create User group Administrator, responsible for the account into their own management of the user group.

Linux account Management (i)