Linux User and Group management

In the management of Linux, account management is an important part, it is an important component of the Authority control. It is also a very basic part of the Administrator's management of the entire Linux.

One, user and group-related configuration files

/ETC/PASSWD: User's account information

/etc/shadow: User password and associated account settings

/etc/group: Group account information

/etc/gshaow: Password information for the group

1,/etc/passwd

In the passwd file, a row represents the information for an account, and how many lines represent how many users there are. Below, see the top 3 users to see the relevant account configuration information.

[Email protected]/]# head-3/etc/passwdroot:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x : 2:2:daemon:/sbin:/sbin/nologin

In the man 5 passwd , you can see the detailed parsing of the/etc/passwd.

Each user has a format of

Account:password:UID:GID:GECOS:directory:shell

(1) The account name should not appear in uppercase letters.

(2) Password account password, shown here as x, password details will be saved in the/etc/shadow file, detailed can browse below.

(3) The ID of the UID-marked account.

It is important to note that:

0 is the system administrator.

1-500 for system users, you can assign a change number segment to the system process.

500-65535 for custom users, use this number field if you want to create a common account.

(4) GID the group ID to which the account belongs. Group-related information is saved in/etc/group and can be viewed in detail below.

(5) Gecos,general Electric comprehensive Operating System. is actually the user's comment information.

(6) Home directory for directory users. such as root account, home directory in/root. If you create a new user, the user's default home directory is /home/youraccount.

(7) Shell user's default shell, if empty,/bin/sh is used by default.

2,/etc/shadow

As mentioned above, the user's password details will be saved in/etc/shadow. Similarly, each row represents a user's password details. Below, check the first 3 account passwords to see the relevant account information.

[Email protected] ~]# head-3/etc/shadowroot:b3vg6k9pn86o6:16673:0:99999:7:::bin:*:15980:0:99999:7:::d aemon:* : 15980:0:99999:7:::

(1) Name of the account. Corresponds to the user name under/ETC/PASSWD.

(2) password. The password after the encryption. You can see that the root account password is encrypted after a string of complex encodings. Bin this bit is *, on behalf of the user is not allowed to login. If you add * to the first digit of the account password, then the account cannot be logged on to the system.

(3) Date the password was last changed. Records the number of days passed from January 1, 1970 to the time the password was changed.

(4) The number of days the password cannot be changed. Set to 0, you can change it at any time.

(5) The number of days the password needs to be re-changed.

(6) The number of days to warn before reaching the deadline that requires a password change.

(7) The expiration date of the account. The account will be deactivated if the password has not been reset after the expiration period

(8) Date of cancellation of account. This field, as in the case of the third field, is calculated starting January 1, 1970.

(9) The position to be retained.

3,/etc/group

The user group information will be saved in the change file, the group corresponding user list, will also be saved inside. Similarly, each row represents the details of a group. Below, view the first 3 groups to see the relevant account information.

[Email protected] ~]# head-3/etc/grouproot:x:0:bin:x:1:bin,daemondaemon:x:2:bin,daemon

Each group has a format of

Group_name:passwd:GID:user_list

(1) Group name.

(2) Group password. Generally not set. Also represented as X, details are saved in/etc/gshaow.

(3) Group ID.

(4) The account in which the group exists.

Second, account management related orders

1, Useradd

Add an Account

Format: Useradd option account name

Common options:

-U UID: Specifies the ID of the new account.

-G GID: Specifies the base group to which the account belongs.

-G GID: Specifies the additional group to which the account belongs.

-C ' COMMIT ': add comments to the new account.

Such as:

# useradd-u 1100 Test

2, Userdel

Delete the specified account

Format: Userdel option account name

-R together with the home directory to change the account

Such as:

#userdel-R Test

3, Groupadd

Add a group

Format: Groupadd option group name

-G GID: Specifies the group ID of the new group.

-R Creating a system group

Such as:

# groupadd-g 1101 Testgrp

4, Groupdel

Delete the specified group

Format: Groupdel Group name

Such as:

# Groupdel TESTGRP

5, passwd

Set a password for the specified account

Format: passwd USERNAME

--stdin: Set a password for the specified account via standard input

Such as:

# passwd test# echo ' testpwd ' | passwd--stdin Test

6, Usermod

Modify the information set by the account

Format: Usermod option USERNAME

-U UID: Modify Account ID

-G GID: Modify the group ID of the account

-G GID: Modify an additional group of accounts

-C: Modify the account's Notes information

-D: Modify the home directory path of the account

-S: Modify the shell of the account

-L: Modify the name of the account

-l:lock (Locked) account

-u:unlock (Unlock) account

Such as:

# usermod-u 1101 test# usermod-l Testing test

7, Groupmod

Modify group Information

Format: Groupmod option GROUPNAME

-G GID: Modify the specified group ID

-N: Setting a new group name

Such as:

# GROUPMOD-G 502 test# groupmod-n Testing test

8, Chage

Modify a user's properties

Format: chage option USERNAME

-M: Minimum use time

-M : Maximum use time

-I: Inactivity period

Such as:

#chage-M 2 testing

9. Id

View your account information

Format: ID option USERNAME

-U UID: View account ID

-G GID: View Group ID

Such as:

# Id-u Testing

10, Su

Switch users

Format su option USERNAME

Such as:

# Su-root

Comprehensive Exercises:

1 , create users Mandriva, its ID to be 2200 , the Base Group is distro, the group ID is 3300, and the additional group is Peguin ;

[[email protected]/]# groupadd-g 3300 distro[[email protected]/]# groupadd peguin[[email protected]/]# useradd-u 2200 -G distro-g Peguin Mandriva

2 , create users Gentoo , whose full name is " Gentoo ", the default Shell to be /bin/tcsh ;

[Email protected]/]# useradd-c ' Gentoo '-s/bin/tcsh Gentoo

3 , modify Mandriva of the UID to be 4400, Basic Group is Linux , Additional groups are distro and Gentoo;

[Email protected]/]# usermod-u 4400-g linux-a-G Distro,gentoo Mandriva

4 , give Gentoo add a password and set its minimum password age to 2 days, the longest is - Day, warning for 3 days, the inactivity period is 7 days;

[Email protected]/]# echo "Gentoopwd" | passwd--stdin gentoo[[email protected]/]# chage-m 2-m 60-i 7 Gentoo

The information recorded in the Gentoo account in the/etc/shadow file becomes as follows:

GENTOO:$6$IDEEFSVQ$8RY23FJ. Hke60swcdyhypfw9pg6rxiry1n9xnjw.4ruyac3pv6a2juezblgucrjr13r2jc0hd6q39umzp.gu/:16680:2:60:7:7::

This article is from the "elf-Goblin, brain" blog, please be sure to keep this source http://xuewen.blog.51cto.com/1203741/1696204

Linux User and Group management