Linux User and Group management
Useradd, passwd, Chage, Usermod, Userdel, id, finger, CHFN, Chsh
Groupadd, Groupdel
/ETC/PASSWD file Structure:
[Email protected] ~]# head-n 4/etc/passwd
Root:x:0:0:root:/root:/bin/bash
Account name
Password
Uid
Gid
Account Description
Home Directory
Shell
/ETC/SHADOW File Structure:
[Email protected] ~]# head-n 4/etc/shadow
Root:$6$wtbccce/pxmee5wm$ke2ifsjr.ylp7rcai6oa/t7kfho:16559:0:99999:7:::
Account name
Encrypt password:
Authconfig--test | grep hashing//view password encryption mechanism
Last modified:
Echo $ (($ (Date--date= "2015/05/04" +%s)/86400+1))
Minimum password modification time
Maximum Password modification time
Warning Period
Wide Time-limited room
Account Expiration Date
Keep
/etc/group File Structure:
[Email protected] ~]# head-n 4/etc/group
root:x:0:
Group name
Group password
Gid
Supported account names
Active group (effective group) and initial group (initial group):
Groups: View active groups
NWEGRP: Toggle Active Group (must be a previously supported group)
/etc/gshadow File Structure:
Group name
Group password
Group Admins
The account number in the group
Useradd
-u uid: Specify UID
-G GID: Specifies the GID, which is the user's basic group, but the GID must exist beforehand
-G GID: Specifies the user's extra group, but the GID must exist beforehand
-D Directory: Specify home directory
-C Remark: remark
-s:shell: Specifies the default shell, which should be specified using the shell that appears in the/etc/shells file
-M: Forces the user to create a home directory when creating a user
-M: When creating a user, but not creating a home directory
-D: Change its default shell
-r: Create System User features: ID 1-499 does not create home directory for users default shell is/sbin/nologin
-e: Specify the expiration date in the format YYYY-MM--DD
-F: Specifies whether the password is invalid. 0 immediately,-1 never expires
[Email protected] ~]# useradd-d
group=100
Home=/home
Inactive=-1
Expire=
Shell=/bin/bash
Skel=/etc/skel
Create_mail_spool=yes
/etc/default/useradd
/etc/login.defs
passwd
--stdin Account Name: Enter the data in front of the pipeline as a password
echo "abc123c" | passwd--stdin Study
-L: The lock means to invalidate the password
-U: Relative to-l, unlock meaning
-S: Show password-related parameters
-N: Number of days, how long cannot change password
-x: Number of days, how long the password must be changed
-W: Number of days before the password expires
-I: Date received, password expiration date
Chage
-L: Displays detailed password parameters for this account
-D: Back date, modify shadow third (date of last password change), format YYYY-MM-DD
-E: After date, modify shadow eighth (account expiration date), format YYYY-MM-DD
-I: The number of days after the next, modify the shadow seventh digit (password expiration date)
-M: The number of days after the next, modify the shadow fourth digit (minimum number of days to retain the password)
-M: The number of days after the shadow, modify the fifth digit (how long the password needs to change)
-W: The number of days after the shadow, modify the sixth digit (password expires before the warning date)
Usermod
-C: Modify account Description
-D: Modify home Directory
-E: Modify account expiration date, format YYYY-MM--DD
-F: Days, change password expiration date
-G: Modify the initial group
-G: Modify the secondary group
-A: Combined with-G to join a secondary group
-L: Modify account Name
-S: Modify Shell,/bin/bash,/BIN/CSH
-U: Modify UID
-L: Lock account password so that it cannot log in
-U: Unlock account password
Userdel
-R: Deleted along with user home directory
Id
Finger
Chfn
Chsh
-L: Lists the shells available on the current system
-S: Set to modify your own shell
Groupadd
-G: followed by a specific GID to give directly to a GID
-R: Set up system groups
Groupmod
-G: Modify GID numbers
-N: Modify Group name
Groupdel
GPASSWD:
About the actions of the system administrator:
: If there are no parameters, the form gives the GroupName a password (gshadow)
-A: GroupName control of the controller to the user behind
-M: Add some accounts to this group
-r: Remove the password from the GroupName
-R: Make groupname password invalid
About the actions of the group administrator:
-A: Add a user to the GroupName group
-D: Remove a user from the GroupName group
ACL (Access Control List): Getfacl, Setfacl
[Email protected] ~]# DMESG | Grep-i ACL
[1.747875] systemd[1]: SYSTEMD 219 running in system mode. (+pam +audit +selinux +ima-apparmor +smack +sysvinit +utmp +libcryptsetup +gcrypt +gnutls +ACL +xz-lz4-seccomp +BLKID + Elfutils +kmod +idn)
[3.664462] SGI XFS with ACLs, security attributes, no debug enabled
Setfacl:
-M: Set subsequent ACL parameters for file use and cannot be combined with-X
-x: Remove subsequent ACL parameters, not with-m
-B: Remove all ACL setting parameters
-K: Remove default ACL parameters
-R: Recursive
-D: Set default ACL parameters, only valid for directory
[email protected] tmp]# LL
-rw-r--r--. 1 root root 0 11:02 acl-test
[Email protected] tmp]# setfacl-m u:study:rwx acl-test setfacl-m g:mygroup1:rx acl-test setfacl-m m:r acl_test1 (set M Ask effective permissions) Setfacl-m D:u:myuser1:rx/srv/projecta (set directory default ACL inheritance)
[email protected] tmp]# ll Acl-test
-rw-rwxr--+ 1 root root 0 11:02 acl-test//Permissions Section one more +
[Email protected] tmp]# setfacl-m u::rwx acl-test//u There is no user, on behalf of this file owner
[email protected] tmp]# LL
-rwxrwxr--+ 1 root root 0 11:02 acl-test
-RWX------. 1 root root 827 10:32 Ks-script-fpgbst
Getfacl:
Options and parameters are basically the same as Setfacl
[Email protected] tmp]# Getfacl acl-test
# File:acl-test
# Owner:root
# Group:root
User::rwx
User:study:rwx
group::r--
Mask::rwx
other::r--
This article is from the "Small qi" blog, please be sure to keep this source http://19910312.blog.51cto.com/2285793/1838053
Linux User and Group management