Linux Users and Groups:
1. User: Username/uid
admin: Root, 0
System User: 1-499 (CENTOS6), 1-999 (CENTOS7)
Assigning permissions to a daemon to get resources
Login User: (CENTOS6) +, + (CENTOS7) +
Interactive Login
2. Group: Groupname/gid
Administrators group: root, 0
System groups: 1-499, 1-999
General Group: 1000+,
User's primary group (primary group): The user must belong to one and only one primary group
Private group: The group name is the same as the user name and contains a user
Additional groups for users (secondary groups): One user can belong to 0 or more secondary groups
3.Linux user and group primary profile:
/etc/passwd: user and its attribute information (name, UID, primary group ID, etc.)
/etc/shadow: user passwords and their associated properties
/etc/group: Group and its attribute information
/etc/gshadow: group password and its related properties
File format:
1)/etc/passwd:
Login name:p asswd:UID:GID:GECOS:home Directory:shell:
Login Name: password (x): User ID Number: User group number: User's full name or comment: Home directory: Using the shell by default
zhou:!!:::::: Have an exclamation mark prohibit login
Usermod-l Zhou Lock user no login; add an exclamation mark
No password can not unlock Usermod-u
2)/etc/shadow:
Login with Name
User password: generally with sha512 encryption
From January 1, 1970 to the time the password was last changed
The password can be changed in a few days (0 means it can be changed at any time)
The password must be changed in a few days (99999 means never expire)
The system reminds the user a few days before the password expires (default is one week)
Password expires days payback will be locked
From January 1, 1970 onwards, the number of days after the account expires.
Change the encryption algorithm authconfig--passalgo=sha512--update
Md5:message Digest, 128bits
Sha1:secure hash Algorithm, 160bits
Sha224:224bits
Sha256:256bits
Sha384:384bits
Sha512:512bits
Pwunconv password not converted will be kept in/etc/passwd; unsafe
3)/etc/group
Group name: is the group name
Group password: usually does not need to be set, the password is recorded in/etc/gshadow
GID: Is the ID of the group
List of users with the current group as the primary group or additional groups (comma delimiter)
4)/etc/gshadow
Group name: is the group name
Group Password: *
Group Admins list: List of group admins, change groups passwords and members
List of users with the current group as the primary or additional group: (comma delimiter)
VIPW;VIGR dedicated to editing password files
The file is locked for execution and cannot be modified by other users or terminals at the same time. Avoid modification failures
PWCK;GRPCK Check password file integrity format, etc.
** useradd[options] LOGIN Add user
-U UID: [Uid_min, Uid_max] defined in/etc/login.defs
-O with-u option to create a user with the same UID without checking UID uniqueness
-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID
-C "COMMENT": User's comment information
-D Home_dir: Home directory with the specified path (does not exist)
-S Shell: Indicates the user's default shell program
Available lists in the/etc/shells file
-G group1[,group2,...] : To indicate additional groups for the user, the group must exist beforehand
-N Do not create private group master group, use the Users group gid=100
-r: Create System user CentOS 6:id<500,centos 7:id<1000
New user default setting: in the/etc/default/useradd file
To display or change the default settings:
Useradd-d
Useradd-d-S SHELL
Initial home directory file set:/etc/skel/*
Set user account limit file/etc/login.defs password maximum expiration days, password maximum length constraints, etc.
/etc/shadow configuration priority is higher than/etc/login.defs
NewUsers file (Files written strictly in/etc/passwd format) can be added to users in bulk
CHPASSWD file (Files written strictly in/etc/shadow format) can change user passwords in bulk
Userdel [Optiong] User Delete users
- R delete users and their home directories
Finger displaying user information
Login Name Tty Idle Login Time Office Office Phone Host
Root root pts/0 Jul 30 13:17 (10.1.250.32)
CHFN can be used to change the information displayed when executing finger directives
If no parameters are specified, the CHFN instruction will enter the question-and-answer interface
* * Usermod [OPTION] Login to change user Configuration
-u uid: New UID
-G GID: New Basic Group
-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten;
If the original is retained, use the-a option at the same time to indicate append;
-S shell: new default shell;
-C ' COMMENT ': new annotation information;
-D home: The new home directory is not automatically created, and the files in the original home directory are not moved to the new home directory at the same time;
To create a new home directory and move the original home data, use the-M option
-L login_name: new name;
-l:lock Specify the user, add in the/etc/shadow password bar!
-u:unlock Specify the user, will/etc/shadow the password bar! Take it off.
-E yyyy-mm-dd: Indicates the user account expiration date;
-F INACTIVE: set inactivity period;
This article is from the "mediocre" blog, please be sure to keep this source http://zzjasper.blog.51cto.com/9781564/1832161
Linux User and group updates: