Linux Learning Path 1-user management and Rights management

User Management and Rights management

User

Linux user account records are primarily stored in /etc/passwd, and each additional user adds a new line. Each row has a total of 7 fields, separated by a colon 650) this.width=650; "title=" \ "1.png\" "src="%5c "alt=" wkiol1xd1gwddfs4aaa1mvbv8zu198.jpg \ ""/>

Meaning of each field :

Aa:x:300:503::/home/database:/bin/bash

User name: Password:UID:GID: Comment: Home directory: User default Shell

Let's take a look at the meaning of each field.

User name: Also in the account name, there are letters, numbers, characters, can not start with a number

Password: Here the password will be replaced by X character, in order to secure, the real password stored in the /etc/shadow inside

uid: User ID number, each user has a unique ID number, the system recognizes that the user is ultimately based on the UID to identify, not the user name, the user name is converted to uid This process is called name resolution. The maximum range of Linux uid is 0-65535, the normal use of 1-60000, the administrator UID fixed to 0. On the CENTOS6 ,1-499 is reserved for the system user, the average user uses above, and on the Centos7 1-999 Reserved for system users, the average user uses more than

GID: User base Group ID, like UID , has a unique identifier

NOTES: Custom Notes Information

Home directory: When creating a new user, there will be a user's own directory, not specifically designated location will be under/home, and the same as the user name

Shell: Specifies the shellused by the user, and theCentOS default is the bash shell

User groups:

User's group information is stored in /etc/group, altogether 4 fields, separated by: number

Description of each field:

Dx:x:500:aa

Group name: Group Password:GID: User list

Where the group password and /etc/passwd with the same user password, in order to secure, with X instead, the real password will be stored in the /etc/gshadow , the same is encrypted (SHA512 encryption).

User list: Their additional groups belong to this group

In addition, about /etc/shadow and /etc/gshadow Special instructions in the

Let's take a look at shadow . and Gshadow in the format

650) this.width=650; "title=" \ "2.png\" "src="%5c "alt=" wkiol1xd1oji1n32aab6yobg9pw334.jpg\ ""/>

650) this.width=650; "title=" \ "3.png\" "src="%5c "alt=" wkiom1xd0tchcyv2aabo-uvaeeo989.jpg\ ""/>

The password dictionary that is encrypted after it is taken is parsed:

$6$fmwepao/$RsfsCCkATlci 2hbi6hun6gu7w0i/bf4ngp2nzoo7eqovkdorjzchxclzepnpe.9oqofrfkauho.jr4thfw0xj1

by 3 a $ separate,$id $salt$encrypted

First field ID:

When the ID is 1 , it is encrypted with MD5

When the ID is 5 , it is encrypted with SHA256

When the ID is 6 , it is encrypted with SHA512

Second field Salt:

Because there will be some users using the same password login system, when the shadow file accidentally leaked, the same password encrypted ciphertext is the same, there will be guessed the password is possible, so every time we rewrite the password, will randomly generate such a salt. The plaintext password that we entered when we logged in is compared with the password field in Shadow after the above processing, so that even if the same password will have different cipher text, it can increase security.

Related profiles for users and groups:

/etc/passwd: User name,UID, Basic group and other information

/etc/group: Group name,GID, user included in the group;

/etc/shadow: User password and related attributes;

/etc/gshadow: the password and related attributes of the group;

Related commands for user and group management:

useradd Creating a user

Command format:

useradd [options] LOGIN

useradd-d [Options] set the default value of the system when creating a new user

For example: Afteruseradd–d–s/bin/tcsh , will change the /etc/default/useradd configuration file, the next time you create a new user, The default shell is /bin/tcsh .

- r Create system user

- u uid: specify uid

- G GID: Specifies the base group to which the user belongs, which must exist beforehand

- C Note information

- D Specifies the user's home directory path; This location cannot be pre-existing, otherwise /etc/skel related user profiles will not be copied over

- s set user default shell

- g Specify user Attach Group

- m does not create home directories for users

Example: Creating a user Oracle, an additional group belonging to the database and sql,id number, home directory is /home/database

useradd–g database,sql–u 3000–d/home/database

Usermod: User Property Modification

Usermod [OPTION] ... LOGIN

- u UID

- G GID

- G to modify the additional groups that the user belongs to, and to use the-a option to retain the original settings, append new

- s Shell

- C Note information

- D Modify the user's home directory to a new location, the user's original directory file will not be moved to the new directory, but with the- m option can be

- l Modify login name

- l Lock user

- u unlock user

Example: additional group newuser2 and Newuser3 for staff users

usermod-g-a staffnewuser2,newuser3

Userdel : Delete User

Userdel[-r] USERNAME

- R: Delete the user's home directory at the same time;

Example: Delete a user AAand remove the home directory together

Userdel–raa

passwd : Add a password to the user

Passwd[option] [UserName]

- L: Lock user

- u: Unlocking the user

-nmindays: minimum period of use;

-xmaxdays: Default is 99999 days;

-wwarndays:

-iinactivedays:

--stdin: Receive user password from standard output;

echo ' CentOS ' | passwd--stdin CentOS

Groupadd : Create a group

Groupadd [OPTIONS] GROUPNAME

-ggid: indicates the group ID;

- R: Create a system group;

Example: Create an AA group with a group ID of 999

Groupadd–g 999 AA

Groupmod: Group Property Modification

Groupmod[option] GROUPNAME

-ngroup_name

-ggid

gpasswd : Set password for group

Example: for xx Group settings Group Password

GPASSWD XX

Groupdel : Delete a group

Example: Delete xx Group

Groupdel XX

ID : View user-related IDs information;

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name

Example: Display current user or AA user Information

650) this.width=650; "title=" \ "3.png\" "src="%5c "alt=" wkiom1xd0tchcyv2aabo-uvaeeo989.jpg\ ""/>

650) this.width=650; "title=" \ "4.png\" "src="%5c "alt=" wkiol1xd1ojrpkvxaacu2m1go1w192.jpg\ ""/>

su :Switch User, switch users or execute commands as other users;

Switching mode:

Suusername: non-complete switching; non-login switching

su-username or su-lusername: full switch, login switch

executes the specified command only as the specified user:

Su-username-c ' COMMAND '

Example :su-aa-c ' echo ' AA '

Newgrp : Toggles the base group to the specified group

Example: Switching the current login user AA to a BB Group

Newgrpbb

Cond...

This article is from the "naïve Little Comrade" blog, please be sure to keep this source http://dengxi.blog.51cto.com/4804263/1688646

Linux Learning Path 1-user management and Rights management