Linux User and Group management

Excerpt from: http://www.apelearn.com/bbs/forum.php?mod=viewthread&tid=7595&extra=page%3D1%26filter%3Dtypeid% 26typeid%3d36

1./etc/passwd
Separated into 7 fields by:
(1) User name rules: uppercase and lowercase letters, numbers, minus signs (not appearing in the first place), dots, and underscores, other characters are illegal
(2) x put the password and put it on the/etc/shadow for security reasons.
(3) UID (0-4294967294=2^32-2) root uid=0 1-499 system reserved Normal account is starting from 500
(4) GID correspondence/etc/group
(5) Note that the field does not make any sense, and usually records some of the user's attributes, such as name, phone, address, etc. change with CHFN
(6) User home directory
(7) Shell/bin/bash,/bin/false,/sbin/nologin

2./etc/shadow
Use: Separate 9 fields
(1) User name
(2) password, encrypted with SHA-512, irreversible
(3) The date the password was last changed, for example, the last time the password was changed is January 1, 2012, then this value is ' 365 x (2012-1970) + 10 + 1 = 15341 '.
(4) How many geniuses can change the password, 0 unlimited
(5) The number of days after the password expires, the default is 99999, can be understood to never need to change
(6) Warning period before expiry of password
(7) Account expiration period, how many days after expiration lock account
(8) Life cycle of account
(9) as a reserved use, no meaning

3. Add/Remove Users and Groups
Useradd
-C Comment Specifies an annotative description.
The-D directory specifies the home directory, and if this directory does not exist, the-m option can be used to create the master directory.
The-G user group specifies the user group to which the user belongs.
-G user Group, user group specifies the additional group to which the user belongs.
-S Shell file specifies the user's login shell.
-u user number specifies the user's user number, and if you have the-o option, you can reuse the other user's identification number.
USERNAME Specifies the login name of the new account.

Userdel:
Using Userdel with no options will only delete the user. The user's home directory will still be in the/House directory.
The-r option, which can delete a user when the home directory is completely deleted, also deletes the user's message pool if it exists.
-F option to force the deletion of the user, which is still in effect when the user has logged into the Linux system.

Groupadd:
-G: Specifies the ID of the new workgroup;
-r: Create system Workgroup, System Workgroup Group ID is less than 500;
-K: Overwrite configuration file "/ect/login.defs";
-O: Allows you to add a workgroup with a group ID number that is not unique.
Group Name: Specify the group name of the new workgroup

Groupdel:
If there are users within the group, you cannot delete

Usermod:
-A appends the user to some groups and only uses the-G option
-C Modify the/etc/passwd file fifth paragraph comment
-D Modifying a user's home directory is usually used with the-m option
-e Specifies the date that the user account is disabled, format YY-MM-DD
-F User Password expires how many days after the use of the account is disabled, 0 means the password has expired to disable the account, 1 means to disable this feature, the default value is-1
-G Modify the user's GID, reorganization must exist
-G appends the user to some groups and is used only with the-a option
-L Modify the user's login name
-L Lock User's password
-M modifying a user's home directory is usually used with the-D option
-S Modify the user's shell
-U modifies the UID of the user, which must be unique
-U unlocks the user's password

4. Create and modify user passwords
passwd
Rules for creating passwords: longer than 10, with uppercase and lowercase letters and special characters, irregular, not with your own name, company name, your phone, your birthday, etc.
MKPASSWD Generate password tool, install expect package

5. User Identity Switch
Su-Used to initialize environment variables $PATH $HOME, etc.
sudo su to root requires input of root password is not secure
Visudo Edit/etc/sudoers config file no command required to install Yum install-y sudo
Format: User host= (As_user) commands
For example: aming all= (Root)/bin/ls//It means, let aming this ordinary user, have root authority, for LS this command.

Application: Only allow the use of ordinary account login, and ordinary account login, you can not enter the password to sudo switch to the root account (root does not allow remote login)
User_alias user_su = Test, test1, aming//user alias, can write multiple users
Cmnd_alias SU =/bin/su//aliases for commands, multiple commands can be written
User_su all= (All) NOPASSWD:SU//The nopasswd means that the normal user does not need to enter their own password when using sudo.

Linux User and Group management