Linux User and Group management

Linux User and Group management

In Linux systems, user management is based on the user name and password to allocate resources, Linux users are divided into the following categories:

Administrator: root,0

Normal Users: 1-65535

Ordinary users are divided into: system users and ordinary users two kinds;

The UID number of the system user is 1-499 (CENTOS6 system) 1-999 (CENTOS7 system) to access the resources of the daemon to assign permissions;

The UID number of the ordinary user is CENTOS6 (System) 1000+ (CENTOS7 system) to log in interactively

Linux Group: Groupname/gid

Administrators group: root,0

Normal Group: 1-65535

The general group is divided into system group and normal group.

System Group: 1-499 (CENTOS6 system) 1-999 (CENTOS7 system)

General Group: CENTOS6 (System) 1000+ (CENTOS7 system)

There can be several different groups for a user, called the user's base group (primary group) and additional group, and the base group name is the same as the user name and contains only one user, also known as a private group. Groups other than the base group belong to the user's additional group.

In a Linux system, the profiles associated with users and groups are for a few four

/etc/passwd: User and its attribute information

/etc/group: Group and its attribute information

/etc/shadow: User passwords and their associated properties

/etc/gshadow: group password and its related properties

Here are the above four configuration files we choose the Passwd,group,shadow to briefly explain

1)/etc/passwd

to view the help information of the corresponding configuration file by Whatis passwd;

or view the Help information of the configuration file via #man 5 passwd;

The usual format is:

Name:password:UID:GID:GECOS:directory:shell

User name: Password: uid:gid: User's detailed description: User's home directory: User's default shell type

2)/etc/group

Group_name:password:GID:user_list

Group name: Group password: Group ID: List of users with the current group as additional groups (separated by commas if there are multiple)

3)/etc/shadow: User password

User name: Encrypted password: The last time the password was modified: Minimum Age: Maximum Age: Warning Period: Expiration Date: Reserved field

4)/etc/group: Information base for rent

Group_name:password:GID:user_list

User_list: The user member of the group; the user list of users with this group as an additional group;

Speaking of the password, we need to mention the encryption and decryption mechanism of the password:

Encryption: Clear-and redaction

Decryption: ciphertext-to-plaintext

And the algorithms commonly used in computers are: md5,sha1,sha224,sha256,sha384,sha512

There is an avalanche effect in the encryption process, which refers to the small change of the initial conditions, which will cause the huge change of the result.

Here are some suggestions about password settings:

1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters

2. Long enough

3. Using random passwords

4. Regular replacement, do not use the most frequently used passwords

Next, let's take a look at the relevant administrative commands for users and groups

Groupadd command: Adding a group

Groupadd [Options] Group_name

-G GID: Specifies GID: default is the gid+1 of the previous group;

-R: Creating a System Group

Groupmod Command: Modify Group properties

groupmod [Options] GROUP

Useradd command: Create user

useradd [Options] Login name

-U,--uid uid: Specify UID:

-G,--gid Group: Specifies the base group ID, which must exist beforehand;

-G,--groups group1[,group2,... [, GROUPN]]: Indicates the additional group to which the user belongs, separated by commas between multiple groups;

-c,--comment Comment: Specify annotation information;

-D,--Home Home_dir: The user's home directory with the specified path: Copy/etc/skel This directory and rename the implementation; The specified home directory path does not replicate the environment profile for the user if it exists beforehand

-S,--Shell shell: Specifies the user's default shell, and all available shell lists are stored in the/etc/shells file:

-R,--System: create user;

Note: Many of the default configuration files when creating a user are/etc/login.defs

Useradd-d: Displays the default configuration of the created user;

useradd-d option: Modifies the value of the default option;

The result of the modification is saved in the/etc/default/useradd file;

Usermod command: Modify user Properties

User [options] Login

-U,--uid uid: Modify user uid:

-G,--gid Group: Modifies the basic group to which the user belongs;

-G,--groups group1[,group2,... [, GROUPN]] : Modify the additional group to which the user belongs, and the original additional group will be overwritten;

-A,--append: used in conjunction with-G to append new additional groups to the user;

-c,--cmomment COMMENT: Modify the annotation information;

-D,--home Home_dir: Modify the user's home directory: The user's original files will not be transferred to the new location;

-M,--move-home: can only be used with the-D option to move the original home directory to a new home directory;

-l,--login new_login: Modify user name;

-s,--shell Shell: Modifies the user's default shell;

-l,--lcok: Lock User password: Add a "!" before the user's original password string;

-u,--unlock: Unlocking the user's password;

Userdel, command: Delete user

Userdel [Options] Login

-R: Delete the user's home directory;

passwd command:

passwd [-K] [-l] [-u [-f]] [-d] [-e] [-N mindays] [-X Maxdays] [-W warndays] [-I inactivedays] [-S] [--stdin] [username]

(1) passwd: Modify the user's own password;

(2) passwd USERNAME: Modify the password of the specified user, but only root has this permission;

-l,-u: Locking and unlocking the user;

-D: Clear the user password string;

-e Date: Expiration period, date;

-I days: inactivity period;

-N days: The minimum period of use of the password;

-X days: The maximum age of the password;

-W days: Warning period;

--stdin:

echo "PASSWORD" | passwd--stdin USERNAME

GPASSWD command:

Group Password file:/etc/gshadow

GPASSWD [Options] Group

-a USERNAME: adding users to a group

-D USERNAME: Removing commands from a group

NEWGRP command: Temporarily switch the specified group to the base group;

NEWGRP [-] [group]

-: Will impersonate the user to re-login in order to re-initialize their work environment;

Chage command: Change user password expiration information;

chage [Options] Login name

ID Command: Displays the real and valid ID of the user login;

ID [OPTION] ... [USER]

~u: Only valid UID is shown;

-G: Displays only the user's base group ID;

-G: Displays only the IDs of all groups to which the user belongs;

-N: Displays the name instead of the ID;

The SU command; Switch user

Logon switching: Re-initialized by reading the target user's configuration file

Su-username

Su-l USERNAME

Non-switching logon: Initialization of the target user's profile is not read

Su USERNAME

Note: The administrator can switch to any other user without password;

-C ' command ': Run this command only as a specified user;

Practice:

1. Create user Gentoo, additional group is bin and root, default shell is/bin/csh, annotation information is "Gentoo distribution"

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/3A/wKioL1ednx2CH3d3AAALzbdsOpw558.png-wh_500x0-wm_3 -wmp_4-s_3490166714.png "style=" Float:none; "title=" creates additional groups. png "alt=" wkiol1ednx2ch3d3aaalzbdsopw558.png-wh_50 "/ >

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/3A/wKioL1ednx2SUyC6AAAMZG1dhfs183.png-wh_500x0-wm_3 -wmp_4-s_2432198048.png "style=" Float:none; "title=" Create user. png "alt=" wkiol1ednx2suyc6aaamzg1dhfs183.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/3B/wKiom1ednx6Tb0iRAAANQFbFydM169.png-wh_500x0-wm_3 -wmp_4-s_622725285.png "style=" Float:none; "title=" View user-created information. png "alt=" wkiom1ednx6tb0iraaanqfbfydm169.png-wh_50 "/ >

2. Create the following user, group, and group memberships

Group with the name Admins

User Natasha, using admins as a subordinate group

User Harry, also use admins as a subordinate group

User Sarah, no interactive login system, and not a member of admins, Natasha,harry,sarah password is CentOS

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/85/3B/wKiom1ednzuwh6r7AABWSOVXEUA945.png-wh_500x0-wm_3 -wmp_4-s_1460146395.png "title=" Natasha.png "alt=" Wkiom1ednzuwh6r7aabwsovxeua945.png-wh_50 "/>

This article is from the "11798474" blog, please be sure to keep this source http://11808474.blog.51cto.com/11798474/1832362

Linux User and Group management