Linux User and Group management
In Linux systems, user management is based on the user name and password to allocate resources, Linux users are divided into the following categories:
Administrator: root,0
Normal Users: 1-65535
Ordinary users are divided into: system users and ordinary users two kinds;
The UID number of the system user is 1-499 (CENTOS6 system) 1-999 (CENTOS7 system) to access the resources of the daemon to assign permissions;
The UID number of the ordinary user is CENTOS6 (System) 1000+ (CENTOS7 system) to log in interactively
Linux Group: Groupname/gid
Administrators group: root,0
Normal Group: 1-65535
The general group is divided into system group and normal group.
System Group: 1-499 (CENTOS6 system) 1-999 (CENTOS7 system)
General Group: CENTOS6 (System) 1000+ (CENTOS7 system)
There can be several different groups for a user, called the user's base group (primary group) and additional group, and the base group name is the same as the user name and contains only one user, also known as a private group. Groups other than the base group belong to the user's additional group.
In a Linux system, the profiles associated with users and groups are for a few four
/etc/passwd: User and its attribute information
/etc/group: Group and its attribute information
/etc/shadow: User passwords and their associated properties
/etc/gshadow: group password and its related properties
Here are the above four configuration files we choose the Passwd,group,shadow to briefly explain
1)/etc/passwd
to view the help information of the corresponding configuration file by Whatis passwd;
or view the Help information of the configuration file via #man 5 passwd;
The usual format is:
Name:password:UID:GID:GECOS:directory:shell
User name: Password: uid:gid: User's detailed description: User's home directory: User's default shell type
2)/etc/group
Group_name:password:GID:user_list
Group name: Group password: Group ID: List of users with the current group as additional groups (separated by commas if there are multiple)
3)/etc/shadow: User password
User name: Encrypted password: The last time the password was modified: Minimum Age: Maximum Age: Warning Period: Expiration Date: Reserved field
4)/etc/group: Information base for rent
Group_name:password:GID:user_list
User_list: The user member of the group; the user list of users with this group as an additional group;
Speaking of the password, we need to mention the encryption and decryption mechanism of the password:
Encryption: Clear-and redaction
Decryption: ciphertext-to-plaintext
And the algorithms commonly used in computers are: md5,sha1,sha224,sha256,sha384,sha512
There is an avalanche effect in the encryption process, which refers to the small change of the initial conditions, which will cause the huge change of the result.
Here are some suggestions about password settings:
1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters
2. Long enough
3. Using random passwords
4. Regular replacement, do not use the most frequently used passwords
Next, let's take a look at the relevant administrative commands for users and groups
Groupadd command: Adding a group
Groupadd [Options] Group_name
-G GID: Specifies GID: default is the gid+1 of the previous group;
-R: Creating a System Group
Groupmod Command: Modify Group properties
groupmod [Options] GROUP
Useradd command: Create user
useradd [Options] Login name
-U,--uid uid: Specify UID:
-G,--gid Group: Specifies the base group ID, which must exist beforehand;
-G,--groups group1[,group2,... [, GROUPN]]: Indicates the additional group to which the user belongs, separated by commas between multiple groups;
-c,--comment Comment: Specify annotation information;
-D,--Home Home_dir: The user's home directory with the specified path: Copy/etc/skel This directory and rename the implementation; The specified home directory path does not replicate the environment profile for the user if it exists beforehand
-S,--Shell shell: Specifies the user's default shell, and all available shell lists are stored in the/etc/shells file:
-R,--System: create user;
Note: Many of the default configuration files when creating a user are/etc/login.defs
Useradd-d: Displays the default configuration of the created user;
useradd-d option: Modifies the value of the default option;
The result of the modification is saved in the/etc/default/useradd file;
Usermod command: Modify user Properties
User [options] Login
-U,--uid uid: Modify user uid:
-G,--gid Group: Modifies the basic group to which the user belongs;
-G,--groups group1[,group2,... [, GROUPN]] : Modify the additional group to which the user belongs, and the original additional group will be overwritten;
-A,--append: used in conjunction with-G to append new additional groups to the user;
-c,--cmomment COMMENT: Modify the annotation information;
-D,--home Home_dir: Modify the user's home directory: The user's original files will not be transferred to the new location;
-M,--move-home: can only be used with the-D option to move the original home directory to a new home directory;
-l,--login new_login: Modify user name;
-s,--shell Shell: Modifies the user's default shell;
-l,--lcok: Lock User password: Add a "!" before the user's original password string;
-u,--unlock: Unlocking the user's password;
Userdel, command: Delete user
Userdel [Options] Login
-R: Delete the user's home directory;
passwd command:
passwd [-K] [-l] [-u [-f]] [-d] [-e] [-N mindays] [-X Maxdays] [-W warndays] [-I inactivedays] [-S] [--stdin] [username]
(1) passwd: Modify the user's own password;
(2) passwd USERNAME: Modify the password of the specified user, but only root has this permission;
-l,-u: Locking and unlocking the user;
-D: Clear the user password string;
-e Date: Expiration period, date;
-I days: inactivity period;
-N days: The minimum period of use of the password;
-X days: The maximum age of the password;
-W days: Warning period;
--stdin:
echo "PASSWORD" | passwd--stdin USERNAME
GPASSWD command:
Group Password file:/etc/gshadow
GPASSWD [Options] Group
-a USERNAME: adding users to a group
-D USERNAME: Removing commands from a group
NEWGRP command: Temporarily switch the specified group to the base group;
NEWGRP [-] [group]
-: Will impersonate the user to re-login in order to re-initialize their work environment;
Chage command: Change user password expiration information;
chage [Options] Login name
ID Command: Displays the real and valid ID of the user login;
ID [OPTION] ... [USER]
~u: Only valid UID is shown;
-G: Displays only the user's base group ID;
-G: Displays only the IDs of all groups to which the user belongs;
-N: Displays the name instead of the ID;
The SU command; Switch user
Logon switching: Re-initialized by reading the target user's configuration file
Su-username
Su-l USERNAME
Non-switching logon: Initialization of the target user's profile is not read
Su USERNAME
Note: The administrator can switch to any other user without password;
-C ' command ': Run this command only as a specified user;
Practice:
1. Create user Gentoo, additional group is bin and root, default shell is/bin/csh, annotation information is "Gentoo distribution"
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/3A/wKioL1ednx2CH3d3AAALzbdsOpw558.png-wh_500x0-wm_3 -wmp_4-s_3490166714.png "style=" Float:none; "title=" creates additional groups. png "alt=" wkiol1ednx2ch3d3aaalzbdsopw558.png-wh_50 "/ >
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/3A/wKioL1ednx2SUyC6AAAMZG1dhfs183.png-wh_500x0-wm_3 -wmp_4-s_2432198048.png "style=" Float:none; "title=" Create user. png "alt=" wkiol1ednx2suyc6aaamzg1dhfs183.png-wh_50 "/>
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/3B/wKiom1ednx6Tb0iRAAANQFbFydM169.png-wh_500x0-wm_3 -wmp_4-s_622725285.png "style=" Float:none; "title=" View user-created information. png "alt=" wkiom1ednx6tb0iraaanqfbfydm169.png-wh_50 "/ >
2. Create the following user, group, and group memberships
Group with the name Admins
User Natasha, using admins as a subordinate group
User Harry, also use admins as a subordinate group
User Sarah, no interactive login system, and not a member of admins, Natasha,harry,sarah password is CentOS
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/85/3B/wKiom1ednzuwh6r7AABWSOVXEUA945.png-wh_500x0-wm_3 -wmp_4-s_1460146395.png "title=" Natasha.png "alt=" Wkiom1ednzuwh6r7aabwsovxeua945.png-wh_50 "/>
This article is from the "11798474" blog, please be sure to keep this source http://11808474.blog.51cto.com/11798474/1832362
Linux User and Group management