Linux User, Group management

Linux User, Group management

Linux system is a multi-user multi-task time-sharing operating system. Any user who wants to use system resources must first request an account from the system administrator and then enter the system as the account. Each user account has a unique user name and a separate password. When a user types the correct user name and password at logon, they are able to enter the system and their home directory.

User account management, mainly in the following areas:

1, user classification, basic information, password policy

2, the user group management

3, user, group common management commands

User Category

Superuser: Has the highest administrative rights to the system and is the root user by default.

Normal User: Can only access and modify files in their own directory, with the permission to log on to the system.

Virtual User: Also known as "pseudo" user/system user, this type of user is the biggest feature is unable to log on the system, their existence is mainly to facilitate the system management, to meet the corresponding system process of the document owner requirements. As a general-run Web service, the default is

The nobody user is used, but the nobody user cannot log on to the system.

User uid:0-65535;

admin: 0;

Normal users: 1-60000;

System users:

CENTOS6 series: 1-499;

CENTOS7 series: 1-999;

User-related profile information

/ETC/PASSWD: User name, UID, basic group and other information

/ETC/PASSWD:

Name:password:UID:GID:GECOS:directory:shell

The corresponding parsing

Login name: x:uid:gid:comment: Home directory: User default Shell

such as: Root:x:0:0:root:/root:/bin/bash

/etc/shadow: User password and related attributes;

Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account

Expiration date:reserved Field

The corresponding parsing

Login: Encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time: Flag

such as: gentoo:!! : 16672:0:99999:7:::

Complexity policy for user passwords:

--use of at least three of the four categories of numbers, lowercase letters, capitals, and special characters;

-long enough to suggest more than 8 people;

--use random passwords;

--Regular replacement;

Management of Groups

Group Category: Administrators group: id=0; Normal group: id= (CENTSO6 series 1-499, CENTOS7 series 1-999) additional group: id= (CENTSO6 series, CENTOS7 series 1000+)

Related configuration files for the group:

/etc/group: Group name, GID, user included in the group;

such as: root:x:0:

/etc/gshadow: the password and related attributes of the group;

such as: gentoo:!::

User, group common management commands

User-related commands: Useradd, Usermod, passwd, Userdel

Group-related commands: Groupadd, Groupmod, GPASSWD, Groupdel

Other commands: Chage, CHSH, CHFN--Learn

Useradd: Create User

Syntax: useradd [Options] LOGIN

useradd-d [Options]

Common parameter Options

-r: Create a System user

-U uid: Specifies uid;

-G GID: Specifies the base group to which the user belongs, which must exist beforehand

-C ' COMMENT ': An Annotated description

-d/path/to/somewhere: Specifies the user's home directory path; The location cannot exist beforehand, otherwise its user-related profile will be copied;

-S Shell: Sets the user's default shell;

-G GID,... : Specifies the additional group to which it belongs;

-M: Do not create home directory for users;

Example: Creating a User Oracle, an additional group belonging to database and Sql,id number 3000, home directory/home/database

[Email protected] ~]# useradd-u 3000-g database,sql-d/home/database Oracle

View create information with ID

[[email protected] ~]# ID Oracle

uid=3000 (Oracle) gid=3000 (Oracle) group =3000 (Oracle), (database), 501 (SQL)

Userdel: Deleting users

Syntax: Userdel [-R] USERNAME

Common parameter Options

-R: Delete the user's home directory at the same time;

Example: viewing a user and deleting a user

[[email protected] ~]# ID CentOS

uid=3001 (CentOS) gid=3001 (CentOS) group =3001 (CentOS)

[Email protected] ~]# Userdel CentOS

[[email protected] ~]# ID CentOS

Id:centos: No such user

Usermod: User Property modification

Syntax: Usermod [OPTION] ... LOGIN

Common parameter Options

-U UID

-G GID

-G Gid[,gid,...] : Modify the additional groups that the user belongs to, and use the-a option;

-S SHELL

-C ' COMMENT '

-D Home: When the user's home directory is modified to a new location, the user's original file is not moved to the new home; the-m option allows it to be moved to a new home directory at the same time;

-L LOGIN: Modify account Name

-l:lock user lock password to invalidate password

-u:unlock User Unlock Password

Example: Modifying the CentOS user name to RHL

[Email protected] ~]# usermod-l RHL CentOS

[[email protected] ~]# ID CentOS

Id:centos: No such user

[[email protected] ~]# ID RHL

uid=3001 (RHL) gid=3001 (CentOS) group =3001 (CentOS)

passwd: Set or change password

Syntax: passwd [OPTION] [UserName]

Common parameter Options

-l:lock User Lock

-u:unlock User Unlock

-N mindays: Minimum period of use;

-X maxdays: Default is 99,999 days;

-W Warndays: The number of days to remind users to change the password, only the root permission to operate;

-I inactivedays: The number of days after the password expires, the user is banned, only the root operation;

--stdin: Receive user password from standard output;

Example: Setting up a CentOS user password for CentOS

[Email protected] ~]# echo ' CentOS ' | passwd--stdin CentOS

Groupadd, Groupdel: Creating groups, deleting groups

Syntax: Groupadd, Groupdel [OPTIONS] GROUPNAME

Common parameter Options

-G GID: Indicates the group ID;

-r: Create a system group;

Example: Create a system group webserver, notice what the UID has to do with the normal group UID

[Email protected] ~]# Groupadd-r webserver

[Email protected] ~]# Cat/etc/group

webserver:x:989:

[[email protected] ~]# Groupdel webserver/delete the system group

Groupmod: Group Property Modification

Syntax: Groupmod [OPTION] GROUPNAME

Common parameter Options

-N group_name Group name

-G GID

Example: Change the LINUXSO group named Linuxos

[Email protected] ~]# Groupadd linuxso

[Email protected] ~]# tail-1/etc/group

LINUXSO:X:3001:

[Email protected] ~]# groupmod-n Linuxos linuxso

[Email protected] ~]# tail-1/etc/group

LINUXOS:X:3001:

GPASSWD: Set, modify group password

Syntax: gpasswd[-a user][-d user][-a user,...] [-M user,...] [-R] [-r]groupname

Common parameter options:

-A: Adding users to Groups

-D: Remove a user from a group

-A: Specify administrator

-M: Specifies that the group member and-a use almost

-R: Remove password

-r: Restrict user login group, only members in group can join the group with NEWGRP

Example: Set up a centos group password, such as the system has a CentOS account, the account itself is not a member of the CentOS group, use NEWGRP need to enter a password to allow users to temporarily join the group members, then the CentOS-built file group will also

It's CentOS. So this way you can temporarily let CentOS build files using other groups instead of the same group as the CentOS itself.

So using gpasswd CentOS to set a password is to let people who know the group password temporarily switch to the CentOS group function.

Note: newgrp: Toggles the base group to the specified group

[[email protected] ~]# ID CENTOS

uid=3003 (CentOS) gid=3003 (CentOS) group =3003 (CentOS)

[Email protected] ~]# tail-1/etc/group

CENTOS:X:3001:

[[email protected] ~]# gpasswd CentOS//Set Group password

Changing the password for group CentOS

New Password:

Re-enter new password:

[[email protected] ~]# su-centos Switch User

[[email protected] ~]$ ID

uid=3003 (CentOS) gid=3003 (CentOS) group =3003 (CentOS)

[[email protected] ~]$ newgrp CentOS Switch Group

Password:

[[email protected] ~]$ ID

uid=3003 (CentOS) gid=3001 (CentOS) group =3001 (CentOS), 3003 (CentOS)

Other commands chage, Chsh, finger, simply understand that some commands need to be installed to use

Chage: Modify the expiration date of your account and password

Syntax: chage[-l][-m mindays][-m maxdays][-i inactive][-e expiredate][-w warndays][-d lastdays]username

Common parameter options:

-L: Lists the user's and password expiration dates

-M: Minimum number of days to change password

-M: Maximum number of days to change passwords

-I: Number of days to lock account after password expires

-D: Specify the date the password was last modified

-e: Valid, 0 means immediate expiration, 1 means never expires

-W: Start warning days before password expires

CHSH: Replace the shell used when logging into the system

Syntax: Chsh[-luv][-s][username]

Common parameter options:

-S: Changes the system preset shell environment.

-L: Lists the shell manifests available for the current system.

Finger: Find and display user information

Grammar:

Common parameter Options

-L: Lists the user's account name, real name, user-specific directory, log in to the shell used

-M: Excludes finding the real name of the user.

-S: Lists the user's account name, real name, login terminal, idle time

This article is from the "10,000-hour Law" blog, be sure to keep this source http://daisywei.blog.51cto.com/7837970/1688562

Linux User, Group management