In the management of Linux, account management is an important part, it is an important component of the Authority control. It is also a very basic part of the Administrator's management of the entire Linux.
One, user and group-related configuration files
/ETC/PASSWD: User's account information
/etc/shadow: User password and associated account settings
/etc/group: Group account information
/etc/gshaow: Password information for the group
1,/etc/passwd
In the passwd file, a row represents the information for an account, and how many lines represent how many users there are. Below, see the top 3 users to see the relevant account configuration information.
[Email protected]/]# head-3/etc/passwdroot:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x : 2:2:daemon:/sbin:/sbin/nologin
In the man 5 passwd , you can see the detailed parsing of the/etc/passwd.
Each user has a format of
Account:password:UID:GID:GECOS:directory:shell
(1) The account name should not appear in uppercase letters.
(2) Password account password, shown here as x, password details will be saved in the/etc/shadow file, detailed can browse below.
(3) The ID of the UID-marked account.
It is important to note that:
0 is the system administrator.
1-500 for system users, you can assign a change number segment to the system process.
500-65535 for custom users, use this number field if you want to create a common account.
(4) GID the group ID to which the account belongs. Group-related information is saved in/etc/group and can be viewed in detail below.
(5) Gecos,general Electric comprehensive Operating System. is actually the user's comment information.
(6) Home directory for directory users. such as root account, home directory in/root. If you create a new user, the user's default home directory is /home/youraccount.
(7) Shell user's default shell, if empty,/bin/sh is used by default.
2,/etc/shadow
As mentioned above, the user's password details will be saved in/etc/shadow. Similarly, each row represents a user's password details. Below, check the first 3 account passwords to see the relevant account information.
[Email protected] ~]# head-3/etc/shadowroot:b3vg6k9pn86o6:16673:0:99999:7:::bin:*:15980:0:99999:7:::d aemon:* : 15980:0:99999:7:::
(1) Name of the account. Corresponds to the user name under/ETC/PASSWD.
(2) password. The password after the encryption. You can see that the root account password is encrypted after a string of complex encodings. Bin this bit is *, on behalf of the user is not allowed to login. If you add * to the first digit of the account password, then the account cannot be logged on to the system.
(3) Date the password was last changed. Records the number of days passed from January 1, 1970 to the time the password was changed.
(4) The number of days the password cannot be changed. Set to 0, you can change it at any time.
(5) The number of days the password needs to be re-changed.
(6) The number of days to warn before reaching the deadline that requires a password change.
(7) The expiration date of the account. The account will be deactivated if the password has not been reset after the expiration period
(8) Date of cancellation of account. This field, as in the case of the third field, is calculated starting January 1, 1970.
(9) The position to be retained.
3,/etc/group
The user group information will be saved in the change file, the group corresponding user list, will also be saved inside. Similarly, each row represents the details of a group. Below, view the first 3 groups to see the relevant account information.
[Email protected] ~]# head-3/etc/grouproot:x:0:bin:x:1:bin,daemondaemon:x:2:bin,daemon
Each group has a format of
Group_name:passwd:GID:user_list
(1) Group name.
(2) Group password. Generally not set. Also represented as X, details are saved in/etc/gshaow.
(3) Group ID.
(4) The account in which the group exists.
Second, account management related orders
1, Useradd
Add an Account
Format: Useradd option account name
Common options:
-U UID: Specifies the ID of the new account.
-G GID: Specifies the base group to which the account belongs.
-G GID: Specifies the additional group to which the account belongs.
-C ' COMMIT ': add comments to the new account.
Such as:
# useradd-u 1100 Test
2, Userdel
Delete the specified account
Format: Userdel option account name
-R together with the home directory to change the account
Such as:
#userdel-R Test
3, Groupadd
Add a group
Format: Groupadd option group name
-G GID: Specifies the group ID of the new group.
-R Creating a system group
Such as:
# groupadd-g 1101 Testgrp
4, Groupdel
Delete the specified group
Format: Groupdel Group name
Such as:
# Groupdel TESTGRP
5, passwd
Set a password for the specified account
Format: passwd USERNAME
--stdin: Set a password for the specified account via standard input
Such as:
# passwd test# echo ' testpwd ' | passwd--stdin Test
6, Usermod
Modify the information set by the account
Format: Usermod option USERNAME
-U UID: Modify Account ID
-G GID: Modify the group ID of the account
-G GID: Modify an additional group of accounts
-C: Modify the account's Notes information
-D: Modify the home directory path of the account
-S: Modify the shell of the account
-L: Modify the name of the account
-l:lock (Locked) account
-u:unlock (Unlock) account
Such as:
# usermod-u 1101 test# usermod-l Testing test
7, Groupmod
Modify group Information
Format: Groupmod option GROUPNAME
-G GID: Modify the specified group ID
-N: Setting a new group name
Such as:
# GROUPMOD-G 502 test# groupmod-n Testing test
8, Chage
Modify a user's properties
Format: chage option USERNAME
-M: Minimum use time
-M : Maximum use time
-I: Inactivity period
Such as:
#chage-M 2 testing
9. Id
View your account information
Format: ID option USERNAME
-U UID: View account ID
-G GID: View Group ID
Such as:
# Id-u Testing
10, Su
Switch users
Format su option USERNAME
Such as:
# Su-root
Comprehensive Exercises:
1 , create users Mandriva, its ID to be 2200 , the Base Group is distro, the group ID is 3300, and the additional group is Peguin ;
[[email protected]/]# groupadd-g 3300 distro[[email protected]/]# groupadd peguin[[email protected]/]# useradd-u 2200 -G distro-g Peguin Mandriva
2 , create users Gentoo , whose full name is " Gentoo ", the default Shell to be /bin/tcsh ;
[Email protected]/]# useradd-c ' Gentoo '-s/bin/tcsh Gentoo
3 , modify Mandriva of the UID to be 4400, Basic Group is Linux , Additional groups are distro and Gentoo;
[Email protected]/]# usermod-u 4400-g linux-a-G Distro,gentoo Mandriva
4 , give Gentoo add a password and set its minimum password age to 2 days, the longest is - Day, warning for 3 days, the inactivity period is 7 days;
[Email protected]/]# echo "Gentoopwd" | passwd--stdin gentoo[[email protected]/]# chage-m 2-m 60-i 7 Gentoo
The information recorded in the Gentoo account in the/etc/shadow file becomes as follows:
GENTOO:$6$IDEEFSVQ$8RY23FJ. Hke60swcdyhypfw9pg6rxiry1n9xnjw.4ruyac3pv6a2juezblgucrjr13r2jc0hd6q39umzp.gu/:16680:2:60:7:7::
This article is from the "elf-Goblin, brain" blog, please be sure to keep this source http://xuewen.blog.51cto.com/1203741/1696204
Linux User and Group management