On Linux systems, user management is the allocation of resources based on user name and password, and the users on Linux are divided into the following categories:
admin: Root UID 0
Normal Users: 1-65535
System User: 1-999 permission assignment for the daemon to get resources
Login User: 1000+ log in interactively
Group
Admin group; root GID 0
General group: 1-65535, the General group is divided into:
System Group: 1-999
General group: 1000+, while the general group is divided into:
Basic groups: Also known as private groups, when you create a user, if you do not specify the group to which they belong, the system automatically creates a group with the same name as the user, the user must belong to one and only one base group, the group name is the same as the user name, and only one user
Additional groups: Also called additional groups, other than the default group, a user can belong to 0 or more additional groups
Security context
Running programs: Processes (process), running as the initiator of the process:
Root:/bin/cat
Hadoop:/bin/cat
The ability of the process to tamper-proof resources depends on the identity of the process's runner
passwd file format
Can use the man 5 passwd to view the corresponding configuration file help information, through the query to know the passwd file format, it is a colon separated by seven segments, respectively:
Account: Login user Name
passwd: Password
UID: The user's identity number
GID: Default group number
Comment: Comment information
Homedir: User Home Directory
Shell: User Default Shell
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/34/wKiom1eclajAKkRgAABZjzSfdCs373.jpg-wh_500x0-wm_3 -wmp_4-s_988270462.jpg "title=" 1.jpg "alt=" Wkiom1eclajakkrgaabzjzsfdcs373.jpg-wh_50 "/>
Group file format
The file format can be queried by man help in the following format:
GroupName: Group name
GPASSWD: Group Password
GID: The identity number of the group
Additional groups:
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/34/wKiom1ecl3LgCk5IAAAok4-cVIU736.jpg-wh_500x0-wm_3 -wmp_4-s_4133033549.jpg "title=" 2.jpg "alt=" Wkiom1ecl3lgck5iaaaok4-cviu736.jpg-wh_50 "/>
Gshadow file format
Group name
Group password
Group Admins list: Group Admins list, change groups passwords and members
List of users with the current group as additional groups, separated by commas between multiple users
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/3B/wKiom1edrRPyqK2QAAAl3d9cp9w619.jpg-wh_500x0-wm_3 -wmp_4-s_2331693032.jpg "title=" 2.jpg "alt=" Wkiom1edrrpyqk2qaaal3d9cp9w619.jpg-wh_50 "/>
Shadow file format
You can also use the man Help to query the format of the shadow file in the following format:
Account: Login Name
Encrypte passwd: Password after encryption
From January 1, 1970 to the time the password was last changed
Password can not be changed time, two times the password modification time interval, 0 means that it is possible to immediately change
The password remains the maximum effective number of days, at which time you must change the password
Password expiration warning time, a few days before the password expires the system will remind the user to change the password (default is one week)
Number of days the password expires account lockout
From January 1, 1970 onwards, the number of days after the account expires
Reserved items
Password encryption mechanism
Encryption: PlainText--redaction
Decryption: cipher-text
Symmetric encryption: Encryption and decryption using the same key
Public Key cryptography: each password appears in pairs, one for the public key and one for the private key
Single encrypted hash encryption: Extract data signature long user data integrity check
The single-item encryption has the following characteristics:
Avalanche effect
Fixed-length output
Algorithms typically include:
MD5 128-bit fixed-length output
Sha1:secure Hash algorithm 160-bit fixed-length output
sha224:224 bit
sha256
sha384
sha512
Change the encryption algorithm authconfig--passalgo=sha256--update
The complexity strategy for passwords
Use at least 3 of the numbers, uppercase and lowercase letters, and special characters
Long enough
Use random passwords
Change regularly and do not use passwords that have been used recently
Password duration
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/34/wKioL1ecnmbzqh-eAABdv9i2iXY295.png-wh_500x0-wm_3 -wmp_4-s_2174565506.png "title=" 3.png "alt=" Wkiol1ecnmbzqh-eaabdv9i2ixy295.png-wh_50 "/>
User and Group Management commands
User Management commands
Useradd: Adding users
useradd [Options] Username
-U: Specify UID
Useradd-u 1050 user1
-G GID (Basic Group) specify user base group, can write group name can also write GID
Useradd-g Hadoop User2
-g:gid (additional group) specify user-attached groups
Useradd-g Dockr User3
-C: "Comment" Comment information
Useradd-c "The user is datebase user" MySQL
-d:home_dir Specify user home directory
useradd-d/tmp/user4 User4
-S: Specifies the shell used by the user
Useradd-s/bin/csh User5
-N: Do not create private group master group, use the Users group
Useradd-n User6
-M: Create a home directory when creating a new user
-M: Do not create a home directory when creating a user
Useradd-m User7
-R: Add a System User
Useradd-r Mail
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/37/wKioL1edT8_D2OqfAAAxTlChng8385.jpg-wh_500x0-wm_3 -wmp_4-s_1818837152.jpg "title=" 2.jpg "alt=" Wkiol1edt8_d2oqfaaaxtlchng8385.jpg-wh_50 "/>
New user-related files
/etc/default/useradd
/etc/skel/* when creating a user, some files that are created under the home directory include the user's environment variable file. BASHRC record command aliases and local environment variables
When creating a user, a default setting is stored in the/etc/default/useradd file.
Show or change default values
Useradd-d
useradd-d-s/bin/csh username
/etc/login.defs user account limit files include the maximum number of days to expire, password maximum length constraints, and so on.
ID: View user's account attribute information
-U: Displays the UID of the user
-G: Displays the user's GID
-G: Displays the user's GID
-N: Show user's user name generally with the-u option
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/85/37/wKiom1edT0PxHzl7AAAg9lhZ8K8211.jpg-wh_500x0-wm_3 -wmp_4-s_2324490426.jpg "title=" 1.jpg "alt=" Wkiom1edt0pxhzl7aaag9lhz8k8211.jpg-wh_50 "/>
Userdel: Deleting users
Userdel [option] Username
-r: Delete User home directory
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/85/37/wKioL1edU2Sz89ZUAAApEFs3wbM867.jpg-wh_500x0-wm_3 -wmp_4-s_2103307964.jpg "title=" 3.jpg "alt=" Wkiol1edu2sz89zuaaapefs3wbm867.jpg-wh_50 "/>
User Property Modification
Usermod
usermod [Options] Username
-U uid: Modify UID of user
Usermod-u username
-G UID: Modify the user's base group
Usermod-g Hadoop username
-g-a: Add a new additional group to use with the-a option to overwrite the previous additional group if you do not use the-a option
Usermod-ag amind username
-C: Change the comment information
Usermod-c "My user" username
-d-m: Change user home directory and move user files
Usermod-c/tmp/123 username
-S: Change the user's shell
Usermod-s/bin/bash username
-L: Change user name
Usermod-l oldname newname
-L: Lock account
Usermod-l username
-U: Unlock Account
Usermod-u username
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/37/wKiom1edVaqT2-5CAABFNaU4gew982.jpg-wh_500x0-wm_3 -wmp_4-s_1027761027.jpg "title=" 5.jpg "alt=" Wkiom1edvaqt2-5caabfnau4gew982.jpg-wh_50 "/>
SU Switch User
Su [OPTION] ... [-] [USER [ARG] ...]
SU Username: Non-logon switch, does not read the target user's profile, does not change the current working directory
Su-username: Login switch, will read the target user's profile, switch to home directory, completely switch
Su-l username =su-username
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/85/3B/wKiom1edruzx0nZ-AAAkJPhD6yc024.jpg-wh_500x0-wm_3 -wmp_4-s_1407904931.jpg "title=" 4.jpg "alt=" Wkiom1edruzx0nz-aaakjphd6yc024.jpg-wh_50 "/>
Note: Root switch to non-root users do not need to enter a password, non-admin user switch needs to enter a password
passwd Setting a password
passwd [OPTION ...] <accountName>
passwd user defaults to modify the password of the currently logged on user
-L: Lock account
-U: Unlock Account
-D: Delete account password
-E: Force user to change password at next logon
-N mindays: Specify Minimum password age
-X maxdays: Specify Maximum password age
-I: Inactivity period, password expiration account lockout time
--stdin: Accept user password from standard input
echo "Redhat" |passwd--stdin username
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/85/3B/wKiom1edsjbR5mmQAADf6W6A9jM690.jpg-wh_500x0-wm_3 -wmp_4-s_2715506325.jpg "title=" 5.jpg "alt=" Wkiom1edsjbr5mmqaadf6w6a9jm690.jpg-wh_50 "/>
Chage Modifying user password policies
chage [Options] LOGIN
-D: The last time the password was modified
-E: Set Expiration time
-I: Set inactivity time, account lockout time after password expires
-M: Set Minimum password lifetime
-M: Set Maximum password lifetime
-W: Set warning days before password expires
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/85/3B/wKioL1edtgaAIc0zAADf6W6A9jM636.jpg-wh_500x0-wm_3 -wmp_4-s_2011218059.jpg "title=" 5.jpg "alt=" Wkiol1edtgaaic0zaadf6w6a9jm636.jpg-wh_50 "/>
CHFN Modify user's personal information
CHFN username
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/85/3C/wKiom1edttvgw5GPAAAn-mYdXO4363.jpg-wh_500x0-wm_3 -wmp_4-s_3503281522.jpg "title=" 6.jpg "alt=" Wkiom1edttvgw5gpaaan-mydxo4363.jpg-wh_50 "/>
CHSH Shell for Change
CHSH username
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/3B/wKioL1edt0qglUa2AAAasiT6rMg924.jpg-wh_500x0-wm_3 -wmp_4-s_259295230.jpg "title=" 7.jpg "alt=" Wkiol1edt0qglua2aaaasit6rmg924.jpg-wh_50 "/>
Finger viewing user User Properties
Finger username
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/85/3C/wKiom1edt7vRkGGLAAAkpp0h4gM037.jpg-wh_500x0-wm_3 -wmp_4-s_4210651278.jpg "title=" 8.jpg "alt=" Wkiom1edt7vrkgglaaakpp0h4gm037.jpg-wh_50 "/>
Group Management
Groupadd
Groupadd [Options] GroupName
-G GID: Create a group with the specified GID
-R: Add System group whose GID is less than 1000
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/85/3C/wKioL1educfwL26MAAAr-UEx8Yw042.jpg-wh_500x0-wm_3 -wmp_4-s_4197317042.jpg "title=" 9.jpg "alt=" Wkiol1educfwl26maaar-uex8yw042.jpg-wh_50 "/>
Groupdel Deleting a group
Groupdel [Options] GroupName
Groupdel test2
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/3C/wKiom1edukWxDrg-AAATS17_7mA032.jpg-wh_500x0-wm_3 -wmp_4-s_2260695191.jpg "title=" 10.jpg "alt=" Wkiom1edukwxdrg-aaats17_7ma032.jpg-wh_50 "/>
GPASSWD Group Password
GPASSWD [option] Group
-A User: Add user to the specified group
-D User: Remove user from Group
-A user1,user2, ... Set up a list of users with administrative rights
NEWGRP: Temporary switch Basic Group, if the user does not belong to the phrase, you need a password
NEWGRP GroupName
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/85/3C/wKiom1edvI-SC_hJAAB1MgYAstI559.jpg-wh_500x0-wm_3 -wmp_4-s_1518347416.jpg "title=" 12.jpg "alt=" Wkiom1edvi-sc_hjaab1mgyasti559.jpg-wh_50 "/>
Groupmems changing and viewing group members
Groupmems-a User_name | -D user_name | [-G group_name] | -L | -P
-g,--group groupname change to a specified group
-a,--add Username: User Join Group
-d,--delete Username: Remove a user from a group
-P,--Purge: Clears all members from the group
-l,--list: Show Group Members list
Grops viewing the group to which the user belongs
Groups GroupName
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/85/3C/wKiom1edvsrCf1t7AAAVXckpiHQ924.jpg-wh_500x0-wm_3 -wmp_4-s_642367664.jpg "title=" 12.jpg "alt=" Wkiom1edvsrcf1t7aaavxckpihq924.jpg-wh_50 "/>
1, create user Gentoo, additional group is bin and root, the default shell is/BIN/CSH, the annotated message is "Gentoo distribution"
2. Create the following user, group, and group memberships
Group with the name Admins
User Natasha, using admins as a subordinate group
User Harry, also use admins as a subordinate group
User Sarah, no interactive login system, and not a member of admins, Natasha,harry,sarah password is CentOS
This article is from the "Operation and maintenance Career" blog, please make sure to keep this source http://fszxxxks.blog.51cto.com/10122713/1832443
Linux User and Group management