Linux Learning Notes (iv) Managing user accounts for account management

1. Manage user accounts: Every user logging into the Linux operating system should have their corresponding registered accounts, which record the user's information, such as user name, login password, the location of the user directory, the shell used, set up time, permissions and other information. User account management includes: Adding users, setting passwords, deleting users, modifying user attributes and permissions, and so on. Therefore, account management is one of the important daily tasks of system administrators.

(1). Add User: Where the Superuser's account has been created in the Linux system installation, that is, the root user, but the power of the superuser is too large for ordinary users, otherwise it will pose a threat to the Linux system security; All ordinary users who want to manage resources using the Linux operating system should request a user account from Superuser root or a system administrator with superuser privileges to log on to the Linux system. This is for Superuser root or system administrator to add users.

The way to add users can be under the character terminal, but also in the graphical interface, I will only introduce in the character terminal of the addition of user methods, this way there are many ways, such as the use of Terminal commands, modify configuration files, write shell script program.

The first way to add a user method under the character terminal:

--terminal command Add User: Useradd command, simple usage: Useradd user name. Basic usage: useradd [-D home_dir] [-s shell] User name, which is optionally enclosed in parentheses, where-D home_dir specifies the user working directory, and-s shell specifies what shell to use.

The user account information created by using this command is actually stored on the/etc/passwd text file, and the encrypted user account information is stored on the/etc/shadow file. The default user work home directory is the/home/user name, which means that the Linux system automatically creates a directory named after the user in the/home directory, and copies the initialization configuration file to that directory. The system also defaults to create a group for each user and add to the system, and the group is placed under the/etc/group. Next, let's demonstrate this command:

You can use the man useradd command if you still want to understand other uses, that is, other options parameters.

This adds a XG user, but does not set the password, how to know if it added success? You can see if the add succeeds in the following way:

--We can enter the command separately: Gedit/etc/passwd,gedit/etc/shadow, open the ETC directory under the PASSD file and shadow file to see if the user's account information is saved to the inside:

When entering the GEDIT/ETC/PASSWD command, press ENTER as shown:

From the red box, we can see that the XG user's account information has been saved to the passwd file.

When we enter the Gedit/etc/shadow command, press ENTER as shown:

From the We can see that the system has the XG user's account information encryption saved to the shadow file.

and the default user work home directory is the/home/user name, then we can look at the home directory for XG This directory, enter the two lines of command, you can see:

XG User's working directory already exists.

The system also defaults to create a group for each user and add to the system, and the group is placed under the/etc/group, so we enter the command Gedit/etc/group, open the group file, as shown in:

The second way to add a user method under the character terminal:

--Modify the file Add User: Add the user with the Useradd command, in fact is to write to/etc/passwd,/etc/shadow,/etc/group file the user account information. Therefore, we can modify the file to add the user, this method is to use any text editor directly open the/etc directory passwd and other files to modify, where the passwd file each row has 7 fields, and separated by a colon, each line is a user's account information. To add a user, simply write the appropriate entry in the file. However, this method does not automatically create a user working directory, does not automatically modify the Shadow,group file, and does not automatically create a user working directory, so the Superuser or system administrator must remember to create the appropriate working directory for the new user and to copy some of the necessary user profiles to the user directory. Also follow the rules to modify Shadow hehe group file.

Note: The use of this method must be very familiar with the Linux system, otherwise it is easy to miss some operations, resulting in user account data loss or can not be used normally, so for beginners like me is not dare to use, here, it is recommended that beginners cautious use of this method.

But we can understand the format of this passwd file in the following format:

Login name:passwd:user id:group id:user full name:home directory:login shell

Each of these fields has the following meanings:

Login Name: The user name entered when the user logs on to the system. The naming rules for usernames are: only letters, numbers, underscores, and can only start with a letter, although the underscore can start to create user accounts, but the system is not allowed to log on, the length of the user name is not more than 32 characters, otherwise prompt for invalid user name; the same system user name must be unique.

passwd: For the sake of the user's security, the Linux system encrypts the user's password and other information and saves it in the/etc/shadow file, so the passwd domain of the passwd file does not display the password in clear text, only the character "X" indicates that the user has a login password. That is, the password is placed in the shadow file, and encrypted, in the shadow file is displayed as ciphertext.

User id: Is the identification of users within the system, that is, users id,linux users into super-users and ordinary users, the general system users by the system process, service daemon and super users, etc., the user ID assigned to them is generally 0~99, the ordinary user ID default from 500 increments, The maximum can be to 60000. Unless you add the-r parameter option when using the Useradd command, which is the Useradd-r user name, create a superuser, otherwise all are normal users.

Group ID: The identity of the group to which the user belongs, and the default value is between 500~60000.

Note: The default values for both user ID and group ID are placed in the Login.defs file in the ETC directory.

User full name: username. The domain is actually a comment on the logged-in user name, and the contents of the domain are added to the front of the e-mail address.

Home directory: This domain is the user's working directory set when the user account is created, the user automatically enters the directory when they log on to the system, and the user-created file is usually saved in that directory by default.

Login Shell: This domain is the shell used by the user when creating user accounts. The so-called Shell, which is the interface between the user and the operating system kernel, is the interpreter of the system command. There are a variety of shells in the Linux system, such as bash, SH, csh, Ksh, and so on. The default shell for the system is bash.

Where the format of the shadow file is the same as the passwd file format, except that the user name domain is not encrypted in addition to the other domains are encrypted saved.

--We can use the command to see the difference between the passwd file and the shadow file in the ETC directory, with the root superuser as an example:

Enter the command gedit/etc/passwd as shown in:

Enter the command Gedit/etc/shadow as shown in:

As you can see from the above picture, each line of the file has 7 fields, separated by: Each line is a complete user account information, such as the root of the user, in the passwd file, its user ID and group ID are 0, because it belongs to the system user, the password is denoted by "X", The working directory of the Superuser is/root, the user's full name is also root, the shell used is bash in the/bin directory, and in the shadow file, the user name is root, the password is ciphertext, and the user account information is encrypted with redaction except for the user name.

Here is a description of the/etc directory of the group file, enter the command Gedit/etc/group, as shown in:

--Summary: The above by modifying the file to add users this way, it is recommended that the novice like me carefully adopted, of which three files, etc directory passwd This file is called the password name, the access rights of ordinary users can access, etc directory of shadow files called Shadow files, Its access rights, only the system users can access, and the file permissions can only read, not write, to write something to use the VI Editor,/etc directory of the group file is called a set of files, access rights, but also ordinary users can access.

(2). Set Password: Above we use the Useradd command to add a XG user, do not set a password for this user, if not set, we can not use this user login on our Linux system, because the system temporarily prohibit you to use the account, so you must set a password for the user.

--Password setting rules: Password setting is good or bad, directly related to user account is vulnerable to intrusion, the user working directory is safe, if it is superuser root, it is also related to the security of the whole system. So we have to set a good password, make the system security, which must pay attention to some content:

Password must be taboo: User name or pet name. Anything that is easy to associate with a user, such as a birthday, phone, address, etc. The words in the dictionary. In reverse of any of the above, the reverse of something associated with the user is easily guessed, such as a telephone.

Password is easy to use: there is enough length, each growth one, the likelihood of being cracked will decrease several orders of magnitude. mixed with numbers, a combination of specific characters. Use some of the numbers and character combinations that you can easily remember, but others can hardly guess. Use a combination of fast numbers, specific characters, and more. Do not record passwords, such as files that record passwords in your system. Change the password frequently.

--Password setting command: The command to set the password is passwd, if you want to use this command to set a password for another user, it can only be done by superuser or a system administrator with superuser privileges, and if it is a normal user, it can only change the user's own password if it is restricted by permissions.

The basic usage is: passwd [username], the basic usage of the user name is omitted, then set the current user's password is already logged in, if you set a newly added user, you must specify the user name, such as the above we added the user xg set password, you can enter the command passwd XG, as shown:

Enter your new password and re-enter it once and the settings are successful.

If you want to know more about the passwd command, you can enter the man passwd command to see the option parameters, what it does, and so on.

(3). Modify User properties: Users sometimes propose to modify the login user name, join other groups or use other shell requirements, as the system administrator to be able to make the necessary changes according to the user's reasonable requirements, so that users can easily and effectively use the system. Modifying a user's properties can take the form of a terminal command, or you can modify the configuration file.

--terminal Command modification: The terminal command to modify user properties is Usermod, which can also be used to add/unlock user account passwords In addition to modifying user attributes.

Note: If a user is already logged into the system, it is not allowed to modify the user's properties with Usermod.

Usermod-d Home_dir [-m]: Specifies the user's new working directory, if using the-m parameter option, the user's current working directory content will be a new working directory, if the new directory does not exist, it is automatically established.

Usermod-l login_name: Modifies user name of user login.

USERMOD-L Username: Lock the user account password to invalidate the password.

Usermod-u Username: Unlock user account password, make password effective.

If you want to know more parameter options, you can use the Man usermod command.

--Modify the file: As the above with the modified file to add the user's principle, so directly modify the/etc/passwd and/etc/shadow files in the user's account information line can also be used to modify the user attributes. If the user login name is modified, the user name corresponding to the shadow file must be modified. If the user's working directory is renamed manually, the user's properties are modified completely. The steps are as follows:

~ Modify the domain for this user attribute in the/etc/passwd and/etc/shadow files.

~ To rename the user's working directory with the MV command.

~ also modify the row for the user group in the/etc/group file.

(4). Delete User: If a user has been permanently evacuated from the system, for the security of the system, the system administrator should promptly delete the user account and related directories and files. If you are only temporarily evacuated, just use passwd-l login_name this command to lock the user account, or in the passwd file password field of the X character preceded by an asterisk * or exclamation point! The delete user also has the terminal command method to delete and modify the file mode delete.

--terminal Command Delete: Use the Userdel command to delete the user account, this command contains two parts of the operation.

First, delete/etc/passwd,/etc/shadow,/etc/group the user account information of these three files.

Second, delete the system configuration file corresponding to the account and the working directory of the account.

The above two steps can be done together or separately, depending on the parameter options for using the command.

Its basic usage: Userdel [-R] login_name, where login_name is the user name for the user to log on to the system.

The command option-r means to recursively delete the user's working directory and all subdirectories and files under that directory. If the option-R is not specified, it simply deletes the user's account information and retains the user's working directory and all subdirectories and files under that working directory, unless the user's working directory is reserved for use by other users, preferably with the option-R to take the above two steps.

Note: If a user is currently logged into the system, it is not allowed to use the Userdel command to delete the user's account.

--Modify file properties: Because the user's account information is recorded in the/etc/passwd and/etc/shadow files, so directly delete the user's account information line can also reach the purpose of deleting the user. If you delete the user's working directory manually, the user is completely deleted. The steps are as follows:

~ Delete the row for that user in the/etc/passwd and/etc/shadow files.

~ Force recursively to delete the user's working directory and all subdirectories and files under the directory with the RM-FR command.

~ also delete the row for the user group in the/etc/group file.

(5). batch Add user and Batch change password: Provides a new command to add User newusers, which can be used to quickly and easily batch add users; When you can read the user name and plaintext password from a text file, Use this information to update a number of existing user groups or to create new users. One of the commands is CHPASSWD, which reads a file consisting of a user name and password from a standard input device and uses that information to update the existing user group.

Note: To understand these two commands, you can use the man newusers and man chpasswd commands to view them.

2. The above content is only for your study reference, write not good, please forgive me, if there are errors, please point out, thank you!

Linux Learning Notes (iv) Managing user accounts for account management