Linux account management and related commands and operations

Source: Internet
Author: User
Tags md5 encryption

Users and Groups

User:

1: User and UID correspondence

2: User needs to have permission to read, write, execute other user's files

Group:

1: Group and GID correspondence

2: The user needs to be added to the group

3: Each user has their own default group that can be attached to other groups

4: Users in the same group can share files and cooperate according to group permissions

UID(User ID): The Linux system to identify the user account, because the system does not recognize your account name, but by assigning a digital ID to the account, easy to identify, the account name is easy to user memory, easy to human operation

UID Range

root:0

System account: less than 500

General account: greater than 500

The corresponding account information is in /etc/passwd .

Corresponding password information in /etc/shadow

GID(Group ID): Same principle as UID

The corresponding account information is in/etc/group.

Corresponding password information in/etc/groupshadow

user logon verification process :

1: See if there is a corresponding account in the/etc/passwd, did not jump out, have read the account uid, GID, home directory, the use of the shell

2: Check the/etc/shadow to find the corresponding account UID, the password and enter the password to check

3: Check the correct and successful login

/etc/passwd data Format :

[Email protected] ~]# HEAD/ETC/PASSWD

Root:x:0:0:root:/root:/bin/bash

Separate seven parts with colons

1: Account name

2: Early password field, for security, to save password to/etc/shadow

3:uid

4:gid

5: User Information description

6: Home directory, root for/root, general user for/home/username

7:shell, the bash shell used when the user logs in,/sbin/nologin can make the account unable to login (unable to get the shell)

/etc/shadow data Format :

[Email protected] ~]# Head/etc/shadow

Root:$1$oh1b3zs5$mjryslofo0u7iaysumsvd0:16558:0:99999:7:::

1: User Name

2: Encrypt the password before this field is added! or *, you can invalidate the password, because, such as MD5 encryption, password length is fixed, the length change password will be invalid

3: The date of the most recent password change: 1 in 1970/01/01, cumulative days

4: The number of days the password can not be changed, the field 3 is the standard, how many days can not change the password, 0 means can be arbitrarily changed

5: Password needs to be changed within this number of days, otherwise expires , in field 3 as standard

6: Number of warning days before password expires, with field 5 as standard

7: Grace time after password expires, field 3 + field 5 value, password expiration time, expiry indication can also log in, but to change the password, invalid means that cannot be used

8: Password expiration date, directly set the expiration time to 1970 since the time standard

9: Reserved

/etc/group data Format :

[Email protected] ~]# Head/etc/group

root:x:0:

Bin:x:1:bin,daemon

1: Group name

2: Group password has been moved to/etc/gshadow

3:gid

4: Users belonging to this user group, add account name to this section can join this group

/etc/pshadow data Format :

[Email protected] ~]# Head/etc/gshadow

Root::

Bin:::bin,daemon

1: Group name

2: Password

3: User group Administrator account, through GPASSWD can set up a management group, user group Administrator

4: Users belonging to the secondary user group

Related commands

ID: View User parameter information

Useradd: Adding users

Useradd [-U UID] [-G initial user Group] [-G secondary user Group] [-Add description Password file Fifth column] [-D home Directory] [-s specify login Shell] account name

passwd: Change Password

Usermod: Modify user settings, same parameters as Useradd

Userdel: Deleting users

Userdel-r username//-R complete deletion of all user data, including mailbox and crontab residue

Groupadd: Adding groups

Groupadd [-G GID] GroupName

Groupmod: Modify

Groupmod [-G GID] [-n Modify group name] GroupName

Groupdel: Deleting a group

The premise is that the empty group

CHSH: Modifying the shell

Chsh-l//View available shells

Chsh-s Shellname//Modify the shell of the current user

Specific Experiments :
1: Create users, user groups and group members according to the following requirements:

    • A group named admin.

Groupadd Admin

    • A user named Mary, with admin as its second-owning group.

Useradd-g admin Mary

    • A user named Alice, with admin as its second owning group.

Useradd-g Admin Alice

    • A user named Bobby, and this user does not have an interactive shell environment in the system, which is Nologin

Useradd-s/sbin/nologin Bobby

    • Mary,alice,bobby users must use "password" as the user password.

passwd Mary

echo Password | passwd--stdin Mary

2: Create a local directory/common/admin according to the following requirements.

    • The owning group for this directory is "admin".

Mkdir-p/common/admin

Chgrp-r Admin/common/admin

    • --This directory must have readable, writable, and executable permissions for the group members of the admin group. However, other people cannot have any permissions other than the owning group and owner of this directory.

Chmon 770/common/admin


    • --All documents or directories created in/common/admin automatically inherit from the admin group.

chmod g+s/common/admin


3: Change umask to 003 to view the root user and normal user permissions to create files and directories (minus 3 to remove the W permission instead of the pure minus 3)

4: Copy/etc/fstab/to/var/tmp.

    • Both the owner and the group of the document are root

Cp/etc/fstab/var/tmp

    • No permissions for any other user

Cd/var/tmp

chmod 770 Fstab

    • Alice can read and write files to and from the file

Setacl-m u:alice:rwx Fstab


This article is from the "Call Me boxin" blog, so be sure to keep this source http://boxinknown.blog.51cto.com/10435935/1663833

Linux account management and related commands and actions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.