Linux basic commands: managing users and groups

There are three types of user accounts: superuser, common user, and program User Group account: UID for the basic group and additional group user account: the root UID is 0, the program user is 1-499, and the general-a: User account File 1. in the passwd file, configure the row format root: x :... there are three types of user accounts: superuser, common user, and program user.
Group accounts include: Basic group and additional group
The user account ID is UID: the root UID is 0, the program user is between 1-499, and the common 500-60000
 
I. user account files
 
1. configure the row format in the passwd file
Root: x: 0: 0: root:/bin/bash
Each line of the passwd file contains seven configuration fields separated ":".
 
Field 1: user account name
Field 2: encrypted user password or placeholder "x"
Field 3: UID of the user account
Field 4: GID of the account of the BASIC group
Field 5: user's full name
Field 6: home directory
Field 7: logon shell and other information. the shell used after the user completes the login
2. configure row format in the shadow file
A shadow file is also called a "shadow file". by default, only the root user can read the file content and cannot edit it.
Tail-2/etc/shadow
Root: $1 kdjfaskdfkadjfaksdjf: 14374: 0: 99999: 7 :::
Bin: *: 14374: 0: 99999: 7: nine colons are used, respectively.
 
I. user account name
II. MD5-encrypted password string information, which can be "*" or "!" You cannot log on to the system. if this field is blank, you can log on without a password.
III. last password change time
4. minimum valid days of the password. the default value is 0.
5. maximum number of valid days for a password. the default value is 99999.
6. number of days in advance warning that the user's password will expire. the default value is 7 days.
7. how many days after the password expires to disable this user?
8. account expiration time. the default value is null, indicating that the account is permanently available.
9. Reserved fields
2. Manage user commands
 
① Useradd -- add user account useradd [option] user name
 
-U: indicates the user's UID, which must not be used.
-D: specifies the location of the user's home directory.
-E: specifies the expiration time of the user's account.
-G: specify the user's basic group name (or use the GID number)
-G: specify the user's additional group name (or use the GID number)
-M: Do not create a user directory, even if the/etc/login. defs system file is set to create a user directory
-S: specifies the user's logon shell
For example, create a secondary administrator account admin, specify the BASIC group as wheel, the additional group as root, and the home directory as "/admin"
[Root @ localhost ~] # Useradd-d/admin-g wheel-G root admin
 
② Passwd -- set a password for the user account
 
-D: Clear the password of the specified user. you can log on to the system using the user name only.
-L: The user account is locked.
-S: check the user account status (locked or not)
-U: Unlock the user account
 
③ Usermod -- modify user account attributes
 
-U: modifies the UID of a user.
-D: modify the location of the user's home directory
-E: modifies the expiration time of a user's account.
-G: modify the user's basic group name (or use the GID number)
-G: modifies the name of an additional group (or uses the GID number)
-M: Do not create and initialize the home directory for the user
-S: specifies the user's logon shell
-L: Change the login name of the user account)
-L: unlock a user account
-U: Unlock the user account
For example, change the login name admin of the user account to wycsy, which will take effect upon the next login.
Usermod-l wycsy admin
Grep "admin"/etc/passwd
 
④ Userdel -- delete a user account
 
-R: you can delete the user's home directory together.
 
III. group account management
 
① Id -- view the group accounts and IDs of mysql users to view the identity information of mysql Users
 
② Grep "^ root"/etc/group
 
③ Groupadd -- you can use the "-g" option to add Group accounts and specify GID numbers.
 
④ Gpasswd -- add or delete group members
 
-A: add
-D: delete
-M: add multiple users at the same time
For example, add wy and csy to the admin group at the same time.
Gpasswd-M wy, csy admin
Grep "^ admin"/etc/group
 
⑤ Groupdel -- delete a group account
 
4. user and group account query
 
(I) group -- query the group to which a user account belongs
(Ii) finger -- query detailed information of a user account
(3) user, w, who -- query the user information currently logged on to the host
 
Finger: lists user logon names, terminals, logon times, and personal information.
W: lists user names, terminals, executed commands, and other statistical information.
Who: List user name, terminal, logon time, source location, and other information
Users: lists user name information only.
Permission and ownership for managing files/Directories
 
1. view the permissions and ownership of files and directories
 
Ls-ld/etc/passwd
The query is divided into eight parts, 3 and 4, indicating the owner and Group of the file respectively.
1. drwxr-xr-x: This style is divided into four small parts, indicating the permissions of the file (directory ).
 
1st characters: indicates the file type, which can be d (directory), B (block device file), c (character device file),-(common file), l (link file), etc.
2-4 characters: indicates the access permission of the file owner to the file
5-7 characters: indicates the access permission of members in the file group to the file.
8-10 characters: indicates the access permission of any other user to the file.
 
II. set file/directory permissions
 
Chmod [ugoa…] [+-=] [Rwx] file or directory...
Or chmod nnn file or directory...
 
Ugoa: indicates the user category for this permission setting, u indicates the file owner, g indicates the users in the file group, o any other users, and a indicates all users.
 
+-=: Indicates the Operation action for setting permissions. + adds the corresponding permissions.-reduces the corresponding permissions. = sets the corresponding permissions.
 
Rwx: character combination of permissions, which can also be split and used
3. set the owner of the file/Directory
 
Chown owner [: [owner] file or directory...
Set the owner information separately and use ": group name"

For example, change the Group of the mymkdir file to the wheel group (after adjustment, other users in the wheel group will have the "r-x" permission)
Chown: wheel mymkdir
Ls-l mymkdir
For example, change the owner of all subdirectories and files in the/var/ftp/pub directory to an ftp user.
Chown-R ftp/var/ftp/pub
 
4. use additional permissions (available additional permissions: SET bit permissions (SUID, SGID), sticky bit ))
 
SET bit permission. you can use "u + s" and "g + s" to set suid and SGID respectively ("u-s" and "g-s" can remove SUID and SGID)
The passwd command can be used to demonstrate: by default, common users cannot modify/etc/passwd. it is precisely because they have the SET bit permission that they can modify their own passwords and grant them administrator permissions. However, this permission is limited to modifying their own permissions. password
 
The sticky permission is used to set special additional permissions for directories, after a directory is set with a sticky bit, even if you have the write permission on the directory, you cannot delete the file data of other users in the Directory (you can only operate on your own directory ). /Tmp and/var/tmp are typical directories.
 
This article is from the "Tiandao reward Qin-Chang Shuangyang" blog