Linux User and Group management

Linux User and Group management

Useradd, passwd, Chage, Usermod, Userdel, id, finger, CHFN, Chsh

Groupadd, Groupdel

/ETC/PASSWD file Structure:

[Email protected] ~]# head-n 4/etc/passwd

Root:x:0:0:root:/root:/bin/bash

Account name

Password

Uid

Gid

Account Description

Home Directory

Shell

/ETC/SHADOW File Structure:

[Email protected] ~]# head-n 4/etc/shadow

Root:$6$wtbccce/pxmee5wm$ke2ifsjr.ylp7rcai6oa/t7kfho:16559:0:99999:7:::

Account name

Encrypt password:

Authconfig--test | grep hashing//view password encryption mechanism

Last modified:

Echo $ (($ (Date--date= "2015/05/04" +%s)/86400+1))

Minimum password modification time

Maximum Password modification time

Warning Period

Wide Time-limited room

Account Expiration Date

Keep

/etc/group File Structure:

[Email protected] ~]# head-n 4/etc/group

root:x:0:

Group name

Group password

Gid

Supported account names

Active group (effective group) and initial group (initial group):

Groups: View active groups

NWEGRP: Toggle Active Group (must be a previously supported group)

/etc/gshadow File Structure:

Group name

Group password

Group Admins

The account number in the group

Useradd

-u uid: Specify UID

-G GID: Specifies the GID, which is the user's basic group, but the GID must exist beforehand

-G GID: Specifies the user's extra group, but the GID must exist beforehand

-D Directory: Specify home directory

-C Remark: remark

-s:shell: Specifies the default shell, which should be specified using the shell that appears in the/etc/shells file

-M: Forces the user to create a home directory when creating a user

-M: When creating a user, but not creating a home directory

-D: Change its default shell

-r: Create System User features: ID 1-499 does not create home directory for users default shell is/sbin/nologin

-e: Specify the expiration date in the format YYYY-MM--DD

-F: Specifies whether the password is invalid. 0 immediately,-1 never expires

[Email protected] ~]# useradd-d

group=100

Home=/home

Inactive=-1

Expire=

Shell=/bin/bash

Skel=/etc/skel

Create_mail_spool=yes

/etc/default/useradd

/etc/login.defs

passwd

--stdin Account Name: Enter the data in front of the pipeline as a password

echo "abc123c" | passwd--stdin Study

-L: The lock means to invalidate the password

-U: Relative to-l, unlock meaning

-S: Show password-related parameters

-N: Number of days, how long cannot change password

-x: Number of days, how long the password must be changed

-W: Number of days before the password expires

-I: Date received, password expiration date

Chage

-L: Displays detailed password parameters for this account

-D: Back date, modify shadow third (date of last password change), format YYYY-MM-DD

-E: After date, modify shadow eighth (account expiration date), format YYYY-MM-DD

-I: The number of days after the next, modify the shadow seventh digit (password expiration date)

-M: The number of days after the next, modify the shadow fourth digit (minimum number of days to retain the password)

-M: The number of days after the shadow, modify the fifth digit (how long the password needs to change)

-W: The number of days after the shadow, modify the sixth digit (password expires before the warning date)

Usermod

-C: Modify account Description

-D: Modify home Directory

-E: Modify account expiration date, format YYYY-MM--DD

-F: Days, change password expiration date

-G: Modify the initial group

-G: Modify the secondary group

-A: Combined with-G to join a secondary group

-L: Modify account Name

-S: Modify Shell,/bin/bash,/BIN/CSH

-U: Modify UID

-L: Lock account password so that it cannot log in

-U: Unlock account password

Userdel

-R: Deleted along with user home directory

Id

Finger

Chfn

Chsh

-L: Lists the shells available on the current system

-S: Set to modify your own shell

Groupadd

-G: followed by a specific GID to give directly to a GID

-R: Set up system groups

Groupmod

-G: Modify GID numbers

-N: Modify Group name

Groupdel

GPASSWD:

About the actions of the system administrator:

: If there are no parameters, the form gives the GroupName a password (gshadow)

-A: GroupName control of the controller to the user behind

-M: Add some accounts to this group

-r: Remove the password from the GroupName

-R: Make groupname password invalid

About the actions of the group administrator:

-A: Add a user to the GroupName group

-D: Remove a user from the GroupName group

ACL (Access Control List): Getfacl, Setfacl

[Email protected] ~]# DMESG | Grep-i ACL

[1.747875] systemd[1]: SYSTEMD 219 running in system mode. (+pam +audit +selinux +ima-apparmor +smack +sysvinit +utmp +libcryptsetup +gcrypt +gnutls +ACL +xz-lz4-seccomp +BLKID + Elfutils +kmod +idn)

[3.664462] SGI XFS with ACLs, security attributes, no debug enabled

Setfacl:

-M: Set subsequent ACL parameters for file use and cannot be combined with-X

-x: Remove subsequent ACL parameters, not with-m

-B: Remove all ACL setting parameters

-K: Remove default ACL parameters

-R: Recursive

-D: Set default ACL parameters, only valid for directory

[email protected] tmp]# LL

-rw-r--r--. 1 root root 0 11:02 acl-test

[Email protected] tmp]# setfacl-m u:study:rwx acl-test setfacl-m g:mygroup1:rx acl-test setfacl-m m:r acl_test1 (set M Ask effective permissions) Setfacl-m D:u:myuser1:rx/srv/projecta (set directory default ACL inheritance)

[email protected] tmp]# ll Acl-test

-rw-rwxr--+ 1 root root 0 11:02 acl-test//Permissions Section one more +

[Email protected] tmp]# setfacl-m u::rwx acl-test//u There is no user, on behalf of this file owner

[email protected] tmp]# LL

-rwxrwxr--+ 1 root root 0 11:02 acl-test

-RWX------. 1 root root 827 10:32 Ks-script-fpgbst

Getfacl:

Options and parameters are basically the same as Setfacl

[Email protected] tmp]# Getfacl acl-test

# File:acl-test

# Owner:root

# Group:root

User::rwx

User:study:rwx

group::r--

Mask::rwx

other::r--

This article is from the "Small qi" blog, please be sure to keep this source http://19910312.blog.51cto.com/2285793/1838053

Linux User and Group management