Linux User Management
Linux systems, like Windows systems, can create different users, different groups of users. Using the system under different users has the appropriate permissions
- When creating a normal user, several files are modified and some initial files are copied to the user's home directory
The modified file path is
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
Files copied to the user's home directory are
. bash_logout. Bash_profile. BASHRC
If you mistakenly delete these three files under the root user, and then switch back to the root user, it will not be successful, the workaround is:
The original storage path for these three files is/etc/skel/,
Simply copy it back to the root home directory: cp/etc/skel/.bash*.
Finally executes the command source. Bash_profile Solve the problem
2. Detailed introduction of/ETC/PASSWD
SASLAUTH:X:499:76:SASLAUTHD User:/var/empty/saslauth:/sbin/nologin
Postfix:x:89:89::/var/spool/postfix:/sbin/nologin
Sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin
Tcpdump:x:72:72::/:/sbin/nologin
Localhost:x:500:500::/home/oldboy:/bin/bash
CAT/ETC/PASSWD intercept part of the content
First column: User name
Second column: X for password
Third column: UID (unique number per user)
Fourth column: GID (unique number per group)
Fifth Column: Remarks (You can specify a note by entering the USERADD-C user name when you create the user)
Sixth column: Home directory
Column Seventh: Specifies the role of Shell interpreter Shell used after login: The user's command is parsed and passed to the kernel for execution.
Execute command cat/etc/shells View the Shell interpreter category
[Email protected] ~]# Cat/etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
3. Detailed introduction of/etc/shadow
saslauth:!! : 17613::::::
postfix:!! : 17613::::::
Sshd:!! : 17613::::::
tcpdump:!! : 17613::::::
Localhost:$6$k3vi5v8s$yf1lqdfvk0nx5uvndaqyje9voufhadvk5og7n3kolw4ayg.za/ft2kmu4uhe1w8ejn1il.trbemydwdb7qt66. : 17624:0:99999:7:::
Cat/etc/shadow intercept part of the content, can be ordered by the man 5 shadow View instructions
First column: User name
Second column: Password after encryption (no password is two!)
Third column: Time of last password change (number of days from 1970)
Fourth column: Password minimum usage time, 0 means no limit (cannot change password frequently)
Fifth column: Maximum password use time (limit the period of password change)
Sixth column: Password warning period (early reminder password expiration time)
Seventh column: Password disable cycle (disables the user's cycle after the password expires)
Eighth column: Specify a specific date for password expiration
Nineth column: Reserved
4, the principle of creating users
Cat/etc/default/useradd Viewing the default configuration
[Email protected] ~]# Cat/etc/default/useradd
# useradd defaults file
group=100
The base directory for the Home=/home home directory
The number of days before the account is completely disabled after the Inactive=-1 password expires
Expire= Expiration Time
Shell=/bin/bash specifying the default shell interpreter
Skel=/etc/skel Specifying skeleton Directories
Create_mail_spool=yes whether to create a mailbox
5, the scope of the UID
0-100 Linux System Reservation
101-499 System Account (service)
500-60000 General Users
6. Useradd command
Parameters and Description Options:
-G--gid group name or ID of the primary group of the new account
Specify user group Useradd-g group ID b5 or useradd-g group name B5
Example:
Useradd-g 814 B5 or useradd-g incahome b5
-G--groups Groups List of supplementary groups of the new account
Specify multiple user groups, useradd-g multiple group names or group ID user names
Example:
Useradd-g test,incahome,a1 b6
-M--create-home Create the home directory of the user ' s home
-M--no-create-home do not create home directory for the user ' s home directories
Example:
Useradd-m-s/sbin/nologin B8
-p--password Password encrypted password of the new account
Specify a password for fixed encryption
Example:
Useradd-p ' EZNHDD48MHKGW ' C1
How to generate an encrypted password OpenSSL passwd 123456
-S--shell Shell login shell of the new account
Do not log in
Example:
Useradd-m-s/sbin/nologin B9
-u--uid UID User ID of the new account
Specify user UID to allow multiple machines to share files synchronously
Cases:
[Email protected] ~]# useradd-u 608 web
[[email protected] ~]# ID Web
uid=608 (web) gid=608 (web) groups=608 (web)
Infrequently used parameters
-B Specify the base directory
-C Specify Note information
-D Specify the user's home directory
-E Expiration Time
-F Disable Time
7. Chage command
This command is used for password aging management. It can modify the expiration date of the account and password
[Email protected] ~]# chage
Usage: chage [options] Login
Options:
-D,--lastday Last date set the most recent password setting time to "Last Date"
-E,--expiredate expiration date set account expiration to "Expiration date"
-H,--help displays this help information and launches
-I,--inactive inacitve expired inactive days after the password is set to a failed state
-L,--list display account age information
-M,--mindays the minimum number of days to change the minimum number of days between passwords is set to "minimum days".
-M,--maxdays maximum number of days will change two times the maximum number of days between passwords is set to "Maximum days"
-R,--root Chroot_dir CHROOT to the directory
-W,--warndays warning days set expiration warning days to "warning days"
8. Other Related commands
Usermod Modifying user parameters
Groups view the group that the user is in
NEWGRP Switch User Group, if you switch to another user's user group, you need to enter the group group password
GPASSWD Setting the group password
Bo Master original articles, reproduced please be sure to indicate the source
Linux Learning 16-linux user Management