Linux User and Group management basics

1. What is the user and what are the privileges?

1.1 When we think of the Linux system as a club that offers a lot of services, then the user is the member of the club, and the members are able to enter the club and enjoy the designated services in a series of identity checks. This can be called authentication (authencattion), access to the Linux system based on the user's credentials or (account), to verify whether the user is a legitimate user, legal can enter the system, otherwise refused to log in.

1.2 Club According to the member's various identity identification to determine which members can enjoy the benefits of the services, this can be called as an Authorization (authorzation), Linux system according to the identity of the user into the system to give appropriate access to the system resources.

1.3 In the course of enjoying the services provided, the club will conduct some verification of this behavior to see if the member has a service beyond the scope of interest and records the member's service items. The Linux system also records the behavior of the user and audits it in order to avoid the user's actions beyond their rights, called Audits (Accounting).

Linux system through authentication, authorization, audit of the user's behavior reasonable management.

2. User Management

2.1. How the user identifies

2.1.1 Computer is easy to recognize is the number, the user of the computer is easy to use a meaningful string, when users log in to the system, the computer will be the user name through the file map to the corresponding number, this and the user name corresponding to the number in the system to become the UID, The Linux system uses the UID to identify the users in each system.

2.1.2 files that record user accounts and related information in the system:

2.1.2.1/ETC/PASSWD records the user's user name, UID, basic group information, such as, for the/etc/passwd file part of the content:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/26/wKioL1Xd2YDj_WSGAAFQa_kZWRw115.jpg "title=" Passwd.png "alt=" Wkiol1xd2ydj_wsgaafqa_kzwrw115.jpg "/>

Each row of this file represents a user, and the fields of the different attributes are separated by semicolons (:), with each field having the following meanings:

Login Name: Password field: Uid:gid: User description: Home directory: User default Shell

2.1.2.2/etc/shadow Record user passwords and related attributes, such as parts of a file:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/26/wKioL1Xd3ECB-fRVAADxPFM_RpU699.jpg "title=" Shadow.png "alt=" Wkiol1xd3ecb-frvaadxpfm_rpu699.jpg "/>

The meaning of each field in the file:

Account: Encrypted Save password: date of last password change:minimum password age:maximum password Age:password warning Period:password inactiv ity period:account Expiration date:reserved field

2.1.3 Categories of users

Admin user (uid = 0)

Normal user :

System users

The system is running the service using the user, such users can not log on to the system, no home directory, no default shell ( depending on the system's different UID range, CENTOS6 (1-499) CentOS (1-999))

Logged in user

Assign users individually using other unassigned UID

2.1.4 Password Complexity policy

(1 ), the use of numbers, lowercase letters, uppercase, special characters, at least three classes in four categories;

(2), long enough;

(3), use random password;

(4), regular replacement;

2.2 User Management related commands

2.2.1 Useradd adding users

Useradd: Create User

useradd [Options] LOGIN

useradd-d [Options]

-r: Create a System user

-U uid: Specifies uid;

-G GID: Specifies the base group to which the user belongs, which must exist beforehand

-C ' COMMENT ':

-d/path/to/somewhere: Specifies the user's home directory path; The location cannot exist beforehand, otherwise its user-related profile will be copied;/etc/skel

-S Shell: Sets the user's default shell;

Cat/etc/shells

-G GID,... : Specifies the additional group to which it belongs;

-M: Do not create home directory for users;

2.2.2 Userdel Delete a user

Userdel [-R] USERNAME

-R: Delete the user's home directory at the same time;

2.2.3 passwd Set User password

passwd [OPTION] [UserName]

-l:lock User

-u:unlock User

-N mindays: Minimum period of use;

-X maxdays: Default is 99,999 days;

-W Warndays:

-I. Inactivedays:

--stdin: Receive user password from standard output;

echo ' CentOS ' | passwd--stdin CentOS

2.2.4 Usermod Modifying user properties

Usermod [OPTION] ... LOGIN

-U UID

-G GID

-G Gid[,gid,...] : Modify the additional groups that the user belongs to, and use the-a option;

-S SHELL

-C ' COMMENT '

-D Home: When the user's home directory is modified to a new location, the user's original file is not moved to the new home; the-m option allows it to be moved to a new home directory at the same time;

-L LOGIN:

-l:lock User

-u:unlock User

2.2.5 ID View user-related ID information

ID: View user-related ID information;

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name

3. Group Management

3.1 Identification of groups

In order to manage the benefits of the members in a hierarchical level, the club will manage the membership level, usually divided into ordinary members, gold members, diamond members and so on, the same level of members have equal rights, in the Linux system also has such a container, called Group, System in order to be able to identify the identity of the group as a number management called (GID), users in the same group will inherit the permissions of the group.

Classification of 3.2 groups

When creating a user, the Linux system creates a group with the same user name by default, called the user's base group, and the user can be attached to other groups in addition to the basic group, which can inherit permissions from multiple groups.

The Linux group can be divided into different groups according to the use, the Administrator group and the general user group

3.3 Related commands for group management

Linux User and Group management basics