Linux Study Notes _ 7_Linux user management _ 1 _ Analysis of user management configuration files

1. User information file/etc/passwd file Analysis

[View the help information of/etc/passwd man 5 passwd]

[View all users in the system wc-l/etc/passwd]

File Format:

Root: x: 0: 0: root:/bin/bash [Part 7]

User name: Password: UID [user's digital ID]: GID [default group ID]: annotation Description: Home Directory: shell

Linux user category:

Super User (root, UID = 0)

Normal user (UID = 500 ~ 60000) // The maximum value can be changed theoretically.

Pseudo user/special user (UID = 1 ~ 499)

Pseudo-user features:

1. Pseudo-users are related to systems and program services

For example, bin, daemon, shutdown, and halt, default pseudo users in Linux

Such as mail, news, games, apache, ftp, mysql, and sshd. pseudo users related to Linux Processes

[Like MySQL is automatically added to the configuration file during installation .]

2. Pseudo-users do not need or cannot log on to the system

3. No home directory is available.

[The pseudo-user mechanism ensures System Security !]

User Group description:

1. Each user belongs to at least one user group.

[In the management system, every user should belong to his/her own group. In this way, each user will "perform his/her own duties" and have his/her own unique permissions, so as not to be "messy "]

2. Each user group can contain multiple users. A single user can belong to multiple groups at the same time.

3. users in the same group have the permissions in this group.

Other Instructions:

Annotation description, such as the full name of the user and the department to which the user belongs

Default directory after the user logs on to the system

Shell used by the command interpreter. The default value is bash.

Instance: manually add users

[After learning about the structure of the/etc/passwd file, you can manually add users without the command useradd]

(1) Add a line of tom: 502: 502: test user:/home/tom:/bin/bash.

(2) Create the home Directory of tom: mkdir/home/tom

(3) change the owner of the Directory: chown tom/home/tom

(4) edit/etc/shadow

Add tom: 16023: 0: 99999: 7 :::

(5) cp/ect/skel/*. */home/tom

[New User information file:/etc/skel. Some configuration files of new users are saved here, as long as all the configuration files are copied to/home/tom, this user is the same as the user from useradd]

(6) passwd tom // generate the tom Password

Ii. Analysis of User Password SAVING file/etc/shadow

[View the help information of the/etc/shadow file: man 5 shadow]

File Format:

Xiaofang: irKpphTBcTrJy. yFrB9I. wcgN50mQOmvl. m.: 16023: 0: 99999: 7: User name: encrypted password: last modification time: minimum interval: maximum interval: warning time: account idle time: expiration time: mark [not used generally]

Other information:

Minimum interval: minimum number of days between two password changes

Maximum time interval: the maximum number of days for the password to be valid, which can force the user to change the password

Iii. Linux Password Mechanism

[View root password information grep root/etc/passwd/etc/shadow]

Write the password back: pwunconv [this tool is not provided for commercial UNIX]

The/etc/shadow file does not exist.

Password conversion: pwconv

Now/etc/shadow is back

That is, the password is automatically converted whenever the system creates a password.

Verify the/etc/passwd file when verifying the user name and the password:/etc/shadow]

Iv. Simple Analysis of the user configuration file/etc/login. defs

CREATE_HOME yes // create a home directory while creating a user

U mask 077 // permission for creating files or directories by default

[All options are described in detail in the statement]

Simple Analysis of user configuration file/etc/default/useradd

INACTIVE =-1 // indicates that the user is not disabled by default during creation, and 0 indicates that the user is disabled by default.

EXPIRE = // expiration time of the account

SHELL =/bin/shell // The default shell of the user. Change it to/sbin/nologin, and the new user cannot log on by default.

SKEL =/etc/skel // the original location of the new user's default configuration file

CREATE_MAIL_SPOOL = yes // whether to create a file for saving user emails when adding a user

Iv. logon information

The information displayed after the/etc/motd user logs on, which can be used for internal staff notifications.

The information displayed when the/etc/issue user is not logged on. The original content is not recommended and can be used to display public information.

[Appendix: Generate encrypted ciphertext: echo "123456" | md5sum]