Linux User and group updates:

Linux Users and Groups:

1. User: Username/uid

admin: Root, 0

System User: 1-499 (CENTOS6), 1-999 (CENTOS7)

Assigning permissions to a daemon to get resources

Login User: (CENTOS6) +, + (CENTOS7) +

Interactive Login

2. Group: Groupname/gid

Administrators group: root, 0

System groups: 1-499, 1-999

General Group: 1000+,

User's primary group (primary group): The user must belong to one and only one primary group

Private group: The group name is the same as the user name and contains a user

Additional groups for users (secondary groups): One user can belong to 0 or more secondary groups

3.Linux user and group primary profile:

/etc/passwd: user and its attribute information (name, UID, primary group ID, etc.)

/etc/shadow: user passwords and their associated properties

/etc/group: Group and its attribute information

/etc/gshadow: group password and its related properties

File format:

1)/etc/passwd:

Login name:p asswd:UID:GID:GECOS:home Directory:shell:

Login Name: password (x): User ID Number: User group number: User's full name or comment: Home directory: Using the shell by default

zhou:!!:::::: Have an exclamation mark prohibit login

Usermod-l Zhou Lock user no login; add an exclamation mark

No password can not unlock Usermod-u

2)/etc/shadow:

Login with Name

User password: generally with sha512 encryption

From January 1, 1970 to the time the password was last changed

The password can be changed in a few days (0 means it can be changed at any time)

The password must be changed in a few days (99999 means never expire)

The system reminds the user a few days before the password expires (default is one week)

Password expires days payback will be locked

From January 1, 1970 onwards, the number of days after the account expires.

Change the encryption algorithm authconfig--passalgo=sha512--update

Md5:message Digest, 128bits

Sha1:secure hash Algorithm, 160bits

Sha224:224bits

Sha256:256bits

Sha384:384bits

Sha512:512bits

Pwunconv password not converted will be kept in/etc/passwd; unsafe

3)/etc/group

Group name: is the group name

Group password: usually does not need to be set, the password is recorded in/etc/gshadow

GID: Is the ID of the group

List of users with the current group as the primary group or additional groups (comma delimiter)

4)/etc/gshadow

Group name: is the group name

Group Password: *

Group Admins list: List of group admins, change groups passwords and members

List of users with the current group as the primary or additional group: (comma delimiter)

VIPW;VIGR dedicated to editing password files

The file is locked for execution and cannot be modified by other users or terminals at the same time. Avoid modification failures

PWCK;GRPCK Check password file integrity format, etc.

** useradd[options] LOGIN Add user

-U UID: [Uid_min, Uid_max] defined in/etc/login.defs

-O with-u option to create a user with the same UID without checking UID uniqueness

-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID

-C "COMMENT": User's comment information

-D Home_dir: Home directory with the specified path (does not exist)

-S Shell: Indicates the user's default shell program

Available lists in the/etc/shells file

-G group1[,group2,...] : To indicate additional groups for the user, the group must exist beforehand

-N Do not create private group master group, use the Users group gid=100

-r: Create System user CentOS 6:id<500,centos 7:id<1000

New user default setting: in the/etc/default/useradd file

To display or change the default settings:

Useradd-d

Useradd-d-S SHELL

Initial home directory file set:/etc/skel/*

Set user account limit file/etc/login.defs password maximum expiration days, password maximum length constraints, etc.

/etc/shadow configuration priority is higher than/etc/login.defs

NewUsers file (Files written strictly in/etc/passwd format) can be added to users in bulk

CHPASSWD file (Files written strictly in/etc/shadow format) can change user passwords in bulk

Userdel [Optiong] User Delete users

- R delete users and their home directories

Finger displaying user information

Login Name Tty Idle Login Time Office Office Phone Host

Root root pts/0 Jul 30 13:17 (10.1.250.32)

CHFN can be used to change the information displayed when executing finger directives

If no parameters are specified, the CHFN instruction will enter the question-and-answer interface

* * Usermod [OPTION] Login to change user Configuration

-u uid: New UID

-G GID: New Basic Group

-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten;

If the original is retained, use the-a option at the same time to indicate append;

-S shell: new default shell;

-C ' COMMENT ': new annotation information;

-D home: The new home directory is not automatically created, and the files in the original home directory are not moved to the new home directory at the same time;

To create a new home directory and move the original home data, use the-M option

-L login_name: new name;

-l:lock Specify the user, add in the/etc/shadow password bar!

-u:unlock Specify the user, will/etc/shadow the password bar! Take it off.

-E yyyy-mm-dd: Indicates the user account expiration date;

-F INACTIVE: set inactivity period;

This article is from the "mediocre" blog, please be sure to keep this source http://zzjasper.blog.51cto.com/9781564/1832161

Linux User and group updates: