Linux System user-related knowledge points

Source: Internet
Author: User

First, the basic concept

Name resolution: The process of converting a user to the UID. Human use is the user name, the system identifies the UID code;

User authentication: Confirm the user and password, verify whether the user has permission to log in and use the system;

User authorization: To set the permissions of the file, determine whether the user has permission to manipulate the file;

Audit: Record the user's operation in this machine;

Authentication mechanism: Verify the user name and password are consistent, the default mechanism is called Shadow, commonly called shadow password (because the user name and password is not in a file);

Security context: The process inherits the permissions of the user initiating the process;

The process can initiate a two-step authentication: 1, whether the user has permission to the process, 2, whether the process has permission to initiate the file.

User Category:

1. Administrator: Root uid:0

2, ordinary Users: System users: The process of starting the system background service, cannot be logged in as an interactive user uid:1-499

User who can log on interactively: normal registration for logged on user uid:500-65535

Usually to facilitate the management of users, the user is divided into different groups (group), whose ID is called: GID

Group Category:

1. Admin group: Root gid:0

2, ordinary user group:

System Group: The group that holds the management system user gid:1-499

User groups: Store groups that manage users who can log on interactively gid:500-65535

User's private group: the group name and user name are the same, and typically contain only that user

Non-private groups for users: basic groups of users (groups formed during user actions)

Additional groups for users: Non-basic groups where users are located

[Email protected] ~]# Cat/etc/passwdroot:x:0:0:root:/root:/bin/bashtcpdump:x:72:72::/:/sbin/nologin

Root:x: 0:0: Root:/root:/bin/bash

User name password UID GID User's comment user home directory user currently using shell type

Tcpdump:x:72:72::/:/sbin/nologin: Its shell type is UID, GID range is between 1-499, Shell type is:/sbin/nologin is System user

[[email protected] ~]# grep "^\<tcpdump\>"/etc/grouptcpdump:x:72:

TCPDUMP:X: 72:

User name password GID user name Description information

Ii. commands for the management of users and groups

1. Add User: Useradd The default path is:/etc/default/useradd

Format: useradd option [parameter] User name

-U specify UID for user

-g Specifies the user's base group whose parameters are Group name or GID (already present)

-g Specifies the user's additional group, whose parameters are Group name or GID (already present)

-C Add User's description information

-d Specifies the user's home directory, which does not exist before the directory

-s Specifies the shell used by the user

(View the user's shell command: #cat/etc/shells; Lists the security shell:chsh-l that the user can use)

-r specifies that the user created is a system user

[Email protected] tmp]# useradd-u 65530-g 0-c klkjljk-d/home/mml-s/bin/bash mml[[email protected] tmp]# tail-1 /etc/passwdmml:x:65530:0:klkjljk:/home/mml:/bin/bash

Create user MML, whose uid is 65530,gid is 0, the description information is: KLKJLJK, home directory:/home/mml,shell type is bash, is interactive user (can login)

[Email protected] tmp]# useradd-r ll[[email protected] tmp]# tail-1/etc/passwdll:x:498:498::/home/ll:/bin/bash

The default User ll, whose UID and GID is 489, is the system user

2. Add Group: Groupadd format: Groupadd option group name

-g Specifies the ID number of the currently created group

-R Creating a system group

[Email protected] tmp]# groupadd-g 65530 aa[[email protected] tmp]# tail-1/etc/groupaa:x:65530:
[Email protected] tmp]# groupadd-r bb[[email protected] tmp]# tail-5/ETC/GROUPDISTRO:X:5000:PEGUIN:X:5001:MML:X:0:AA : x:65530:bb:x:498:

Create a group BB with a GID of 498, between the range 1--499, for the system group

3. View User Id:id format: ID option username

-U Displays user uid only

-G Displays user gid only

-N displays only the user name (used with the last two options)

[Email protected] tmp]# id-u mml65530[[email protected] tmp]# id-g mml0

4. Delete User: Userdel format: Userdel option user name

                                                                      -r         Delete a user's home directory

[Email protected] tmp]# userdel-r lluserdel:ll home directory (/HOME/LL) not found[[email protected] tmp]# tail-5/etc /passwdpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:privilege-separated SSH:/var/empty/sshd:/ Sbin/nologinoprofile:x:16:16:special user account to being used by oprofile:/home/oprofile:/sbin/nologintcpdump:x:72:72: :/:/sbin/nologinmml:x:65530:0:klkjljk:/home/mml:/bin/bash

5, modify the user's information: Usermod format: usermod option user name

                                                                                       -u      Modify the UID of the user

                                                                                       -g      Modify the user's GID

                                                                                       -c       Modify the user's description information

                                                                                        -d      Modify the user's home directory

-S Modify the user's shell type

(Use command: chsh-s shell user name, also can modify the user's shell type)

                                                                                       -g      Modify the user's additional group, Use with-a

                                                                                         -r       Modify the created user to be a system user

                                                                                         -l        Modify User name

                                                                                         -L       Lock User name

-U Unlock user name

[Email protected] tmp]# tail-1/etc/passwdtcpdump:x:72:72::/:/sbin/nologin[[email protected] tmp]# usermod-l cc-g Cpdump[[email protected] tmp]# tail-1/etc/passwdcc:x:72:14::/:/sbin/nologin

This shows only the usage and results of-G,-l, and the remaining options are similar to the useradd above

6, modify the group information: Groupmod format: Groupmod option group name

-G Modify Group GID

-N Modify Group name

This command is similar to the above Groupadd and is no longer an example here.

Linux System user-related knowledge points

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.