One, user files
Files:/etc/passwd
This file records the user's user name, user ID, owning group, home directory, Shell information:
[[email protected] ~]# tail-n3/etc/passwdruanwenwu:x:1003:1003::/home/ruanwenwu:/bin/ bashapache:x: apache:/usr/share/httpd:/sbin/:nologintest:x:1004:1004::/ Home/test:/bin/bash
This file is separated into 7 segments by a colon: User name: password: User id: Group ID: Comment: Home directory: Shell.
Second, the password file
File:/etc/shadow. Basically do not modify, to understand just fine.
[[email protected] ~]# tail-n3/etc/shadowruanwenwu:!!:17228:0:99999:7 ::: Apache:!!:17250:::.:: test:$6$H 7i3jvvg$ 96lyfvtenhk6tt20lx50zoqw6qvzk.ugwfderqubpdyhwzv33gwavx8uyt7aaaxfxee81tq2dshxdqrs3ckt4/:17465:0 :99999:7:::
This file, each line also represents a user, is also separated by semicolons, into 9 paragraphs:
- User name, corresponding to/etc/passwd.
- Encrypt the password, the encryption algorithm is upgraded to SHA512 hash encryption algorithm, if the password bit is "!! "or" * "means no password, cannot log in, and its shell is/sbin/nologin.
- The last time the password was modified to January 1, 1970 as standard Time, each day timestamp plus 1
- Two times the password modification interval, how many geniuses can change the password, the default is 0, that is, no limit
- The expiration date of the password, the number of days after which the password expires, defaults to 99999. If set to 20, that is, 20 days after the expiry, you must change the password, or not login system.
- The warning period before the password expires, if set to 6, which means that the user will be notified 6 days before expiration.
- Account expiration grace period (relative to the 5th field). If set to 2, the password is not changed after 2 days after expiration, the user is locked.
- The life cycle of the account (which is indicated by a timestamp), the account will expire at the specified time.
- Reserved fields, no special meaning
Third, user group management
3.1 Adding a user group
Basic usage:
[email protected] ~ ~]# tail-n3/etc/groupapache:x:test:x : 1004 : grp1:x:1005~~]#! -n3/etc/grouptest:x:1004: grp1:x:1005:grp2:x : 1006:
When adding a group, specify the group ID:
1008~]# 1t-~]#! -n3/etc/groupgrp1:x:1005: grp2:x:1006:grp3:x:1008 :
3.2 Delete a group:
[Email protected] ~~]#! -n3/etc/grouptest:x:1004: grp1:x:1005:grp2:x:1006 :
If there are users in this group that cannot be deleted:
[email protected] ~]# useradd-~]# tail-n3/etc/passwdtest:x:1004:1004::/home/ test:/bin/bashgrp1:x:1005:1005::/home/grp1:/bin/bashtest2:x:1006: 1006::/home/test2:/bin/~'test2'
As you may have noticed, you can see all of the group's information in the file/etc/group.
Iv. User Management
4.1 Adding users
Created with the comparison full parameters:
-d/home/ud/-s/sbin/~]#! -n3/etc/passwdgrp1:x:1005:1005::/home/grp1:/bin/bashtest2:x: 1006:1006::/home/test2:/bin/bashtest3:x:+:1006::/home/ud/:/ Sbin/nologin
This command means that the-g specifies the group name,-u specifies uid,-d to specify the home directory,-s to specify the shell.
What happens if the group name doesn't exist?
4000'4000' does not exist
Specifies an extension group when the user is added.
Before adding, let's look at the ID command first.
[[Email protected] ~]# ID ruanwenwuuid=1003(RUANWENWU) gid=1003 (ruanwenwu) groups= 1003(RUANWENWU)
The ID command gets the user's uid,gid, and groups (expansion group).
So how do you specify an extension group when you add a user?
[[email protected] ~]# useradd test6-~]# id test6uid=1006(TEST6) gid=1007(TEST6) groups=1007(TEST6),1004(test),1005(GRP1),1006(GRP2)
4.2 Deleting a user
[Email protected]~ ~]# ls-ld/home/uddrwx2409628 £/home/ud
found that after the deletion of the user, its home directory is still in, if you want to delete the user, together with the home directory deleted:
[Email protected] ~]# Userdel-~]# ls-ld/home//home/test2:no such file or directory
4.3 Modifying users
USERMOD-G 111/Group name username
usermod-d/home/dfdusermod-s/sbin/nologinusermod-u 111 user1usermod-g grp2 amingusermod-g grp2,user5 user1 Five, user password management
/etc/shadow there!! Note that there is no password, or is locked, only one! is also locked. Let's look at the user's password lockout for the current system:
[Email protected] ~]# tail-n3/etc/shadowtest:$6$H 7i3jvvg$ 96lyfvtenhk6tt20lx50zoqw6qvzk.ugwfderqubpdyhwzv33gwavx8uyt7aaaxfxee81tq2dshxdqrs3ckt4/:17465:0 :99999:7:: GRP1:!!:17467:0:99999:7: :: Test6:!!:17467:0:99999:7:::
The above instructions, test user can log in, GRP1 user, Test6 user cannot log in. Now we lock the test user:
[Email protected] ~]# passwd-l testlocking Password foruser Test.passwd:success[[email protected]~]# !Ttail-n3/etc/shadowtest:!! $6$H 7i3jvvg$96lyfvtenhk6tt20lx50zoqw6qvzk.ugwfderqubpdyhwzv33gwavx8uyt7aaaxfxee81tq2dshxdqrs3ckt4/:17465:0:99999:7:: : Grp1:!!:17467:0:99999:7:: : Test6:!!:17467:0:99999:7:::
Unlock:
[Email protected] ~]# passwd- for user test.passwd:Success
Usermod-l is the lock meaning, the corresponding usermod-u is unlocked.
[Email protected] ~]# Usermod-L Test[[email protected]~]# !Ttail-n3/etc/shadowtest:!$6$H 7i3jvvg$96lyfvtenhk6tt20lx50zoqw6qvzk.ugwfderqubpdyhwzv33gwavx8uyt7aaaxfxee81tq2dshxdqrs3ckt4/:17465:0:99999:7:: : Grp1:!!:17467:0:99999:7:: : Test6:!!:17467:0:99999:7::: [[email protected]~]# Usermod-U Test[[email protected]~]# !Ttail-n3/etc/shadowtest:$6$H 7i3jvvg$96lyfvtenhk6tt20lx50zoqw6qvzk.ugwfderqubpdyhwzv33gwavx8uyt7aaaxfxee81tq2dshxdqrs3ckt4/:17465:0:99999:7:: : Grp1:!!:17467:0:99999:7:: : Test6:!!:17467:0:99999:7:::
Linux Learning (11) User and user group management