Users and Groups
User:
1: User and UID correspondence
2: User needs to have permission to read, write, execute other user's files
Group:
1: Group and GID correspondence
2: The user needs to be added to the group
3: Each user has their own default group that can be attached to other groups
4: Users in the same group can share files and cooperate according to group permissions
UID(User ID): The Linux system to identify the user account, because the system does not recognize your account name, but by assigning a digital ID to the account, easy to identify, the account name is easy to user memory, easy to human operation
UID Range
root:0
System account: less than 500
General account: greater than 500
The corresponding account information is in /etc/passwd .
Corresponding password information in /etc/shadow
GID(Group ID): Same principle as UID
The corresponding account information is in/etc/group.
Corresponding password information in/etc/groupshadow
user logon verification process :
1: See if there is a corresponding account in the/etc/passwd, did not jump out, have read the account uid, GID, home directory, the use of the shell
2: Check the/etc/shadow to find the corresponding account UID, the password and enter the password to check
3: Check the correct and successful login
/etc/passwd data Format :
[Email protected] ~]# HEAD/ETC/PASSWD
Root:x:0:0:root:/root:/bin/bash
Separate seven parts with colons
1: Account name
2: Early password field, for security, to save password to/etc/shadow
3:uid
4:gid
5: User Information description
6: Home directory, root for/root, general user for/home/username
7:shell, the bash shell used when the user logs in,/sbin/nologin can make the account unable to login (unable to get the shell)
/etc/shadow data Format :
[Email protected] ~]# Head/etc/shadow
Root:$1$oh1b3zs5$mjryslofo0u7iaysumsvd0:16558:0:99999:7:::
1: User Name
2: Encrypt the password before this field is added! or *, you can invalidate the password, because, such as MD5 encryption, password length is fixed, the length change password will be invalid
3: The date of the most recent password change: 1 in 1970/01/01, cumulative days
4: The number of days the password can not be changed, the field 3 is the standard, how many days can not change the password, 0 means can be arbitrarily changed
5: Password needs to be changed within this number of days, otherwise expires , in field 3 as standard
6: Number of warning days before password expires, with field 5 as standard
7: Grace time after password expires, field 3 + field 5 value, password expiration time, expiry indication can also log in, but to change the password, invalid means that cannot be used
8: Password expiration date, directly set the expiration time to 1970 since the time standard
9: Reserved
/etc/group data Format :
[Email protected] ~]# Head/etc/group
root:x:0:
Bin:x:1:bin,daemon
1: Group name
2: Group password has been moved to/etc/gshadow
3:gid
4: Users belonging to this user group, add account name to this section can join this group
/etc/pshadow data Format :
[Email protected] ~]# Head/etc/gshadow
Root::
Bin:::bin,daemon
1: Group name
2: Password
3: User group Administrator account, through GPASSWD can set up a management group, user group Administrator
4: Users belonging to the secondary user group
Related commands
ID: View User parameter information
Useradd: Adding users
Useradd [-U UID] [-G initial user Group] [-G secondary user Group] [-Add description Password file Fifth column] [-D home Directory] [-s specify login Shell] account name
passwd: Change Password
Usermod: Modify user settings, same parameters as Useradd
Userdel: Deleting users
Userdel-r username//-R complete deletion of all user data, including mailbox and crontab residue
Groupadd: Adding groups
Groupadd [-G GID] GroupName
Groupmod: Modify
Groupmod [-G GID] [-n Modify group name] GroupName
Groupdel: Deleting a group
The premise is that the empty group
CHSH: Modifying the shell
Chsh-l//View available shells
Chsh-s Shellname//Modify the shell of the current user
Specific Experiments :
1: Create users, user groups and group members according to the following requirements:
Groupadd Admin
Useradd-g admin Mary
Useradd-g Admin Alice
Useradd-s/sbin/nologin Bobby
passwd Mary
echo Password | passwd--stdin Mary
2: Create a local directory/common/admin according to the following requirements.
Mkdir-p/common/admin
Chgrp-r Admin/common/admin
--This directory must have readable, writable, and executable permissions for the group members of the admin group. However, other people cannot have any permissions other than the owning group and owner of this directory.
Chmon 770/common/admin
chmod g+s/common/admin
3: Change umask to 003 to view the root user and normal user permissions to create files and directories (minus 3 to remove the W permission instead of the pure minus 3)
4: Copy/etc/fstab/to/var/tmp.
Cp/etc/fstab/var/tmp
Cd/var/tmp
chmod 770 Fstab
Setacl-m u:alice:rwx Fstab
This article is from the "Call Me boxin" blog, so be sure to keep this source http://boxinknown.blog.51cto.com/10435935/1663833
Linux account management and related commands and actions