Linux Fundamentals: 12, basic commands (5)-User management

Configuration file)

/etc/passwd

Document structure:

Separated by ":" Into 7 Fields "Username:x:uid:gid:remark:homedir:shell"

Default permissions:-rw-r--r--

What each field means:

(1) username, user name

Naming conventions: Uppercase and lowercase letters, numbers, minus signs (not appearing in the first place), dots, and underscores, other characters are illegal.

(2) x, password null key

Keep the password safe for/etc/shadow.

(3) uid, user ID

Available id,0-4294967294=2^32-2;

Root's uid=0;1-499 system is reserved; The normal account is starting from 500.

The UID of the ordinary user can be changed to 0, when the system recognizes it as the root user.

(4) GID, primary group ID

Group configuration file/etc/group.

(5) remark, note description

This field does not make any sense, and usually records some of the user's attributes, such as name, phone number, address, etc., with chfn changes;

(6) Homedirectory, user home

(7) shell Environment, shell environment

/bin/bash;/sbin/nologin (prohibits the user from logging in).

======================================================================[[email protected] ~]# head/etc/passwdroot: X:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm :/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0: shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/ nologinoperator:x:11:0:operator:/root:/sbin/nologin=========================================================== ===========

/etc/shadow

Document structure:

Use ":" to divide into 9 fields

Username

Password (ciphertext)

This password is set to date

Number of days the password cannot be changed

Number of days the password needs to be reset

Password Expiration advance reminder days

Number of days to expire after an account expires

Account Expiration Date

Reserved bits

Default permissions:----------(except for the root user, all other ordinary users, including root group members, do not have any permissions)

(1) user name

Is the user account that matches the login name in the/etc/passwd file.

(2) password

Encrypted display cipher text, irreversible, but can be cracked;

!! Indicates that the password is empty

(3) the current password setting date

This date is expressed as the difference between the date that the current password is set and the value of January 1, 1970

==================================================================[[email protected] ~]$ echo $ (($ (date--date=) 2015/03/16 "+%s)/86400+1)) 16510==================================================================

(4) Number of days the password cannot be changed (compared to the third date)

A value of 0 o'clock means no limit and can be changed at any time.

If set to 20, the user cannot change the password within 20 days.

(5) Number of days the password needs to be reset (compared to the third date)

The default value is 99999, which is far beyond the computer's lifespan and can be considered never expired.

(6) Advance reminder days before password expires (compared to fifth date)

Set to 7 to remind users to change their password 7 days before the expiration date, "Your password will expire in n days, please change your password in time".

(7) number of days to expire after an account expires

Number of days after expiration lock account

(8) Account Expiration Date

The method of calculation is the same as the third paragraph;

Should be able to use the charge service.

(9) Reserved Bits

=====================================================================[[email protected] ~]# head/etc/shadowroot:$ 6$oeaolu/b$pppeepwk359i0ap3fz0iavycths1m0xlbpjeflszn0xakk3wfdev7hjakf33skp8pz/a1dvrmg/vkiqyjqoth/ : 16505:0:99999:7:::bin:*:16231:0:99999:7:::d aemon:*:16231:0:99999:7:::adm:*:16231:0:99999:7:::lp:* : 16231:0:99999:7:::sync:*:16231:0:99999:7:::shutdown:*:16231:0:99999:7:::halt:*:16231:0:99999:7:::mail:* : 16231:0:99999:7:::operator:*:16231:0:99999:7:::============================================================== =======

User and user group related commands)

Id

Role: View uid, GID, and owning group information for a user

Man:print Real and effective user and group IDs

Syntax: ID username

========================================================[[email protected] ~]# ID essenceuid=1000 (Essence) gid=1000 (Essence) groups=1000 (Essence) ========================================================

Groupadd

Role: Increase user groups

Man:groupadd-create a new group

Configuration files:/etc/group &/etc/gshadow

Syntax: groupadd [Options] GroupName

Options:

-G Specify GID

=========================================================[[email protected] ~]# groupadd-g 1999 Admin[[email Protected] ~]# Cat/etc/group |grep 1999admin:x:1999:=========================================================

Groupdel

Role: Delete a user group

Syntax: Groupdel groupname

PS: Simple as a subsidiary group can be deleted directly, but if as the user's main group, it will not be deleted, you need to clear the user in advance

=================================================================[[email protected] ~]# usermod-ag Admin essence #! Set Admin to Essence's subordinate group [[email protected] ~]# ID essenceuid=1000 (Essence) gid=1000 (Essence) groups=1000 (Essence), 1999 ( admin) [[email protected] ~]# Groupdel admin[[email protected] ~]# ID essenceuid=1000 (Essence) gid=1000 (Essence) groups= Essence #! Sub-group can be deleted directly [[email protected] ~]# Groupdel Essencegroupdel:cannot Remove the primary group of user ' essence ' #! The main group must first delete the user before you can remove =================================================================

Useradd

Role: Increase user

Syntax: useradd [options] Username

Options:

-u Specifies the UID (the default value for Uid_min (RESP). Uid_max) is (resp. 60000).)

-g Specifies the GID or group name (but the specified group name must exist)

-D Specify home directory

-M does not establish a home directory, but still creates the user's mail directory

-S custom shell environment, can control the normal user cannot log in, by setting "/sbin/nologin"

PS: Multiple users can share a single primary group

Ps:uid and GID are assigned when the maximum number of that ID is +1

Ps:uid minimum is (CENTOS7), and CENTOS6 's minimum value is different (uid_min=500)

=================================================================[[email protected] ~]# useradd test1-g 1000-m-S/ sbin/nologin#! Create test1 user, and Essence share a group, no home directory, do not allow login system [[email protected] ~]# Cat/etc/passwd|grep test1test1:x : 1001:1000::/home/test1:/sbin/nologin#! The sixth paragraph still has home directory path, why? [[email protected] ~]# ls/home/test1ls:cannot access/home/test1:no such file or directory#! originally this directory does not exist, it appears that/etc/passwd is not enough to make Criteria for determining whether a home directory exists. [[email protected] ~]# ID test1uid=1001 (test1) gid=1000 (Essence) groups=1000 (Essence) #! and Essence shared a group =============== ==================================================

Userdel

Role: Delete the user, no parameters when the home directory is not deleted by default

Syntax: Userdel [options] Username

Option:-r Delete User's home directory and Mail directory (/var/spool/mail/username)

=================================================================[[email protected] ~]# ls/var/spool/mail/ Test1test1[[email protected] ~]# userdel-r test1userdel:test1 home directory (/HOME/TEST1) not found#! the reason for the error is that we didn't create it at all Test1 's home directory. [Email protected] ~]# ls/var/spool/mail/test1ls:cannot access/var/spool/mail/test1:no such file or directory========= ========================================================

Usermod

Role: Modify user uid, GID, home directory, satellite group and other information

Syntax: usermod [contents of option options] Username

Options:

-A append append mode, which can be used only with-G, to avoid causing users to detach from other satellite groups when the-G specifies a subordinate group.

-U Modify user uid

-S Modify the user shell environment

-D Modify Directory home directory

-L LOCK the user password so that it cannot be logged in with a password

-U Unlock user password

-G specified with the head of the householder group GID

-G Specify user satellite group (1 users can have multiple satellite groups)

Ps:usermod-g "" User to empty the subordinate group

==================================================================[[email protected] ~]# usermod-g root essence[[ Email protected] ~]# ID essenceuid=1000 (Essence) gid=1000 (Essence) groups=1000 (Essence), 0 (root) #! Now essence joins its own main group essence and Root[[email protected] ~]# usermod-g test1 essence[[email protected] ~]# ID essenceuid=1000 ( Essence) gid=1000 (Essence) groups=1000 (Essence), 1001 (test1) #! If there is no-a parameter, the secondary group root is erased and replaced by test1======================= ===========================================

passwd

Role: Modify user password

Syntax: passwd user name

Rules for creating passwords:

Length greater than 10, with uppercase and lowercase alphanumeric and special characters, irregular; do not carry your own name, company name, your phone, your birthday, etc.

Extension content: mkpasswd Generate password tool, install expect package

==================================================================[[email protected] ~]# Yum install Expect[[email Protected] ~]# mkpasswdsisxzp~96==================================================================

Su

Role: Switch Effective user

Man:run a command with substitute user and group ID

Syntax: SU user name (change $home, do not change $path)

Syntax: Su-username (change $home and $path)

Extended Data: http://www.aminglinux.com/bbs/thread-6912-1-1.html

Sudo

Role: Temporarily get root permissions (su to root requires the password to enter root is not secure, so sudo is a good choice)

Modify configuration File command: Visudo

Installation method: Yum install-y sudo

Syntax: sudo normal command input

Configuration file:/etc/sudoers

*****************************************************

......

Root all= (All) all

Essence all= (Root)/bin/ls

......

**********************************************************

The meaning is, let essence this ordinary user, have root permission, for LS this command. (To add absolute path OH)

Security extensions

/etc/ssh/sshd_config

Root login is forbidden, log in with "sudo su-" after logging in with a normal user

This article is from the "30 Demon People" blog, please make sure to keep this source http://301ren.blog.51cto.com/8887653/1621596

Linux Fundamentals: 12, basic commands (5)-User management