First, the basic concept
Name resolution: The process of converting a user to the UID. Human use is the user name, the system identifies the UID code;
User authentication: Confirm the user and password, verify whether the user has permission to log in and use the system;
User authorization: To set the permissions of the file, determine whether the user has permission to manipulate the file;
Audit: Record the user's operation in this machine;
Authentication mechanism: Verify the user name and password are consistent, the default mechanism is called Shadow, commonly called shadow password (because the user name and password is not in a file);
Security context: The process inherits the permissions of the user initiating the process;
The process can initiate a two-step authentication: 1, whether the user has permission to the process, 2, whether the process has permission to initiate the file.
User Category:
1. Administrator: Root uid:0
2, ordinary Users: System users: The process of starting the system background service, cannot be logged in as an interactive user uid:1-499
User who can log on interactively: normal registration for logged on user uid:500-65535
Usually to facilitate the management of users, the user is divided into different groups (group), whose ID is called: GID
Group Category:
1. Admin group: Root gid:0
2, ordinary user group:
System Group: The group that holds the management system user gid:1-499
User groups: Store groups that manage users who can log on interactively gid:500-65535
User's private group: the group name and user name are the same, and typically contain only that user
Non-private groups for users: basic groups of users (groups formed during user actions)
Additional groups for users: Non-basic groups where users are located
[Email protected] ~]# Cat/etc/passwdroot:x:0:0:root:/root:/bin/bashtcpdump:x:72:72::/:/sbin/nologin
Root:x: 0:0: Root:/root:/bin/bash
User name password UID GID User's comment user home directory user currently using shell type
Tcpdump:x:72:72::/:/sbin/nologin: Its shell type is UID, GID range is between 1-499, Shell type is:/sbin/nologin is System user
[[email protected] ~]# grep "^\<tcpdump\>"/etc/grouptcpdump:x:72:
TCPDUMP:X: 72:
User name password GID user name Description information
Ii. commands for the management of users and groups
1. Add User: Useradd The default path is:/etc/default/useradd
Format: useradd option [parameter] User name
-U specify UID for user
-g Specifies the user's base group whose parameters are Group name or GID (already present)
-g Specifies the user's additional group, whose parameters are Group name or GID (already present)
-C Add User's description information
-d Specifies the user's home directory, which does not exist before the directory
-s Specifies the shell used by the user
(View the user's shell command: #cat/etc/shells; Lists the security shell:chsh-l that the user can use)
-r specifies that the user created is a system user
[Email protected] tmp]# useradd-u 65530-g 0-c klkjljk-d/home/mml-s/bin/bash mml[[email protected] tmp]# tail-1 /etc/passwdmml:x:65530:0:klkjljk:/home/mml:/bin/bash
Create user MML, whose uid is 65530,gid is 0, the description information is: KLKJLJK, home directory:/home/mml,shell type is bash, is interactive user (can login)
[Email protected] tmp]# useradd-r ll[[email protected] tmp]# tail-1/etc/passwdll:x:498:498::/home/ll:/bin/bash
The default User ll, whose UID and GID is 489, is the system user
2. Add Group: Groupadd format: Groupadd option group name
-g Specifies the ID number of the currently created group
-R Creating a system group
[Email protected] tmp]# groupadd-g 65530 aa[[email protected] tmp]# tail-1/etc/groupaa:x:65530:
[Email protected] tmp]# groupadd-r bb[[email protected] tmp]# tail-5/ETC/GROUPDISTRO:X:5000:PEGUIN:X:5001:MML:X:0:AA : x:65530:bb:x:498:
Create a group BB with a GID of 498, between the range 1--499, for the system group
3. View User Id:id format: ID option username
-U Displays user uid only
-G Displays user gid only
-N displays only the user name (used with the last two options)
[Email protected] tmp]# id-u mml65530[[email protected] tmp]# id-g mml0
4. Delete User: Userdel format: Userdel option user name
-r Delete a user's home directory
[Email protected] tmp]# userdel-r lluserdel:ll home directory (/HOME/LL) not found[[email protected] tmp]# tail-5/etc /passwdpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:privilege-separated SSH:/var/empty/sshd:/ Sbin/nologinoprofile:x:16:16:special user account to being used by oprofile:/home/oprofile:/sbin/nologintcpdump:x:72:72: :/:/sbin/nologinmml:x:65530:0:klkjljk:/home/mml:/bin/bash
5, modify the user's information: Usermod format: usermod option user name
-u Modify the UID of the user
-g Modify the user's GID
-c Modify the user's description information
-d Modify the user's home directory
-S Modify the user's shell type
(Use command: chsh-s shell user name, also can modify the user's shell type)
-g Modify the user's additional group, Use with-a
-r Modify the created user to be a system user
-l Modify User name
-L Lock User name
-U Unlock user name
[Email protected] tmp]# tail-1/etc/passwdtcpdump:x:72:72::/:/sbin/nologin[[email protected] tmp]# usermod-l cc-g Cpdump[[email protected] tmp]# tail-1/etc/passwdcc:x:72:14::/:/sbin/nologin
This shows only the usage and results of-G,-l, and the remaining options are similar to the useradd above
6, modify the group information: Groupmod format: Groupmod option group name
-G Modify Group GID
-N Modify Group name
This command is similar to the above Groupadd and is no longer an example here.
Linux System user-related knowledge points