Linux-user and User Group Management

Linux-user and User Group Management

User and User Group Management

1. User and user group configuration files

/Etc/passwd user information configuration file

/Etc/shadow User Password Configuration File

Configuration file of/etc/group user group information

/Etc/gshadow user group password configuration file

View the help description of the configuration file

1)/etc/passwd

View configuration file help

Man 5 passwd

There is one entry per line, and each line has the format:

Account: password: UID: GID: GECOS: directory: shell

User information for each row:

User Name

Password ID:

X indicates that there is a password. If you remove x, you can log on without a password. You can only log on locally. each user's password file is stored in/etc/shadow. Only the root user has the read and write permissions, when you log on to the system, the system reads the password verification from the shadow file.

User ID:

0 Super Users

1-499 system users (users cannot be deleted or logged on for some system services)

500-65535 common users

Therefore, to authorize a user as a Super User, you only need to modify its id. The system manages each user through the id, but its home directory remains unchanged.

Group id: initial group id

Initial group (when each user creates a starting group, the default group name is the user name)

Additional group (one user can belong to multiple add groups)

The detailed information about the group is in/etc/group.

User description:

User description can be omitted

Home Directory (Home Directory ):

Default directory for User Login

Shell:

/Sbin/nologin (temporarily restrict user logon)

2)/etc/shadow

The configuration file has the permission of 000, and only the root user can read and write the configuration file.

Information of each row:

User Name

Password:

*!! Indicates no password and cannot log on

Temporarily disable a user. encrypt the password before adding !, The encrypted password is incorrectly converted, so you cannot log on.

How many days after the last password modification time is 1970.1.1: Timestamp

Interval between two password changes

Password validity period (99999 valid permanently)

System warning time before Password Expiration

Password Expiration grace time, login prohibited

Account Expiration Timestamp

Reserved Field

3)/etc/group

Information of each row:

Group Name

Group password ID

Group id

Additional users in the group

4)/etc/gshadow

Encrypted password !!

Passwd-u user name to unlock user login/etc/shadow encryption password removed !!

Note: After adding a user, you must add a password for the user. Otherwise, the user cannot log in.

Command name: userdel

Use userdel option Username

Option-r: Delete the user's home directory while deleting the user

Userdel-r test1

Command name: usermod

Use: usermod

Option:

-U: Modify uid

-G: Modify the initial group

-G: Modify additional group

-C modify user description

-S: Modify the User shell

Note:

1) The default creation Information of the created user can be viewed in/etc/default/useradd and/etc/login. defs, but some of them are invalid.

2) by default, the content in the home directory of the user can be modified in/etc/skel. skel is the template created by the user.

3. add, delete, and modify user groups

Add Group

Groupadd group name

-G specifies the gid

Groupmod option group name

-G: Modify the group id.

-N new group name

Delete Group

Groupdel group name

If an initial user exists in the group, the group cannot be deleted. If there is only an additional group in the group, the group can be deleted.

Add or delete a user to a group

Gpasswd option user name group name

-A add

-D Delete

Gpasswd-a test group name

Gpasswd-d test group name

Note: You can directly modify the configuration file without using commands to add, delete, or modify users and user groups.

For example, deleting a user

Delete a record in/etc/passwd

Delete a record in/etc/shadow

Delete a record in/etc/group

Delete a record in/etc/gshadow

Delete/home/user

Delete/etc/spool/mail/user's email directory

Additional command:

Su switching user

Su-User Name

Note:-cannot be omitted or omitted-. The environment variables for switching users have not changed.

Su-user name-c "command" asked the user to execute the command without switching the logon

Id Username

View the id of this user: uid gid

Change the password status of a chage

Chage option User Name

Option:-l displays the password of the user.

You can modify the password status by modifying/etc/shadow.

Frequently-used: chage-d 0 a common user prompts to change the password upon login. The last modification time of the password has changed.