Linux System user-related knowledge points

First, the basic concept

Name resolution: The process of converting a user to the UID. Human use is the user name, the system identifies the UID code;

User authentication: Confirm the user and password, verify whether the user has permission to log in and use the system;

User authorization: To set the permissions of the file, determine whether the user has permission to manipulate the file;

Audit: Record the user's operation in this machine;

Authentication mechanism: Verify the user name and password are consistent, the default mechanism is called Shadow, commonly called shadow password (because the user name and password is not in a file);

Security context: The process inherits the permissions of the user initiating the process;

The process can initiate a two-step authentication: 1, whether the user has permission to the process, 2, whether the process has permission to initiate the file.

User Category:

1. Administrator: Root uid:0

2, ordinary Users: System users: The process of starting the system background service, cannot be logged in as an interactive user uid:1-499

User who can log on interactively: normal registration for logged on user uid:500-65535

Usually to facilitate the management of users, the user is divided into different groups (group), whose ID is called: GID

Group Category:

1. Admin group: Root gid:0

2, ordinary user group:

System Group: The group that holds the management system user gid:1-499

User groups: Store groups that manage users who can log on interactively gid:500-65535

User's private group: the group name and user name are the same, and typically contain only that user

Non-private groups for users: basic groups of users (groups formed during user actions)

Additional groups for users: Non-basic groups where users are located

[Email protected] ~]# Cat/etc/passwdroot:x:0:0:root:/root:/bin/bashtcpdump:x:72:72::/:/sbin/nologin

Root:x: 0:0: Root:/root:/bin/bash

User name password UID GID User's comment user home directory user currently using shell type

Tcpdump:x:72:72::/:/sbin/nologin: Its shell type is UID, GID range is between 1-499, Shell type is:/sbin/nologin is System user

[[email protected] ~]# grep "^\<tcpdump\>"/etc/grouptcpdump:x:72:

TCPDUMP:X: 72:

User name password GID user name Description information

Ii. commands for the management of users and groups

1. Add User: Useradd The default path is:/etc/default/useradd

Format: useradd option [parameter] User name

-U specify UID for user

-g Specifies the user's base group whose parameters are Group name or GID (already present)

-g Specifies the user's additional group, whose parameters are Group name or GID (already present)

-C Add User's description information

-d Specifies the user's home directory, which does not exist before the directory

-s Specifies the shell used by the user

(View the user's shell command: #cat/etc/shells; Lists the security shell:chsh-l that the user can use)

-r specifies that the user created is a system user

[Email protected] tmp]# useradd-u 65530-g 0-c klkjljk-d/home/mml-s/bin/bash mml[[email protected] tmp]# tail-1 /etc/passwdmml:x:65530:0:klkjljk:/home/mml:/bin/bash

Create user MML, whose uid is 65530,gid is 0, the description information is: KLKJLJK, home directory:/home/mml,shell type is bash, is interactive user (can login)

[Email protected] tmp]# useradd-r ll[[email protected] tmp]# tail-1/etc/passwdll:x:498:498::/home/ll:/bin/bash

The default User ll, whose UID and GID is 489, is the system user

2. Add Group: Groupadd format: Groupadd option group name

-g Specifies the ID number of the currently created group

-R Creating a system group

[Email protected] tmp]# groupadd-g 65530 aa[[email protected] tmp]# tail-1/etc/groupaa:x:65530:

[Email protected] tmp]# groupadd-r bb[[email protected] tmp]# tail-5/ETC/GROUPDISTRO:X:5000:PEGUIN:X:5001:MML:X:0:AA : x:65530:bb:x:498:

Create a group BB with a GID of 498, between the range 1--499, for the system group

3. View User Id:id format: ID option username

-U Displays user uid only

-G Displays user gid only

-N displays only the user name (used with the last two options)

[Email protected] tmp]# id-u mml65530[[email protected] tmp]# id-g mml0

4. Delete User: Userdel format: Userdel option user name

                                                                      -r         Delete a user's home directory

[Email protected] tmp]# userdel-r lluserdel:ll home directory (/HOME/LL) not found[[email protected] tmp]# tail-5/etc /passwdpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:privilege-separated SSH:/var/empty/sshd:/ Sbin/nologinoprofile:x:16:16:special user account to being used by oprofile:/home/oprofile:/sbin/nologintcpdump:x:72:72: :/:/sbin/nologinmml:x:65530:0:klkjljk:/home/mml:/bin/bash

5, modify the user's information: Usermod format: usermod option user name

                                                                                       -u      Modify the UID of the user

                                                                                       -g      Modify the user's GID

                                                                                       -c       Modify the user's description information

                                                                                        -d      Modify the user's home directory

-S Modify the user's shell type

(Use command: chsh-s shell user name, also can modify the user's shell type)

                                                                                       -g      Modify the user's additional group, Use with-a

                                                                                         -r       Modify the created user to be a system user

                                                                                         -l        Modify User name

                                                                                         -L       Lock User name

-U Unlock user name

[Email protected] tmp]# tail-1/etc/passwdtcpdump:x:72:72::/:/sbin/nologin[[email protected] tmp]# usermod-l cc-g Cpdump[[email protected] tmp]# tail-1/etc/passwdcc:x:72:14::/:/sbin/nologin

This shows only the usage and results of-G,-l, and the remaining options are similar to the useradd above

6, modify the group information: Groupmod format: Groupmod option group name

-G Modify Group GID

-N Modify Group name

This command is similar to the above Groupadd and is no longer an example here.

Linux System user-related knowledge points