LINUX Study Notes account and group management, linux Study Notes

LINUX Study Notes account and group management, linux Study Notes
LINUX Account and Group Management

UID: UserID: Save the file:/etc/passwd

GID: GroupID save file:/etc/group

 

/Etc/passwd file structure

 

A row represents an account, which contains a system account and cannot be moved.

 

For example:

Root: x: 0: 0: root:/bin/bash

 

A total of seven parts, separated:

1. Account name: account, corresponding to UID

2. Password: changed to XXX encrypted and put it in the/etc/shadow file.

3. UID: This is the user ID code.

4. GID: group ID/etc/group

5. User Information Description: it is an introduction

6. Main Folder: This is the user's main folder

7. Shell: If the Shell after logon is set:

/Sbin/nologin won't be able to get shell

 

 

/Etc/shadow file structure

For example:

Root: $6 $ CrPIw79nrmdxd4wo $ logs/P4urrZWb4tb3Xv3yvkMqCK.: 17345: 0: 99999: 7 :::

 

A total of 9 fields, separated:

1. Account name: corresponding to/etc/passwd

2. Password: The real password data is encrypted and cannot be understood by anyone.

3. The date of the latest password change starts with 1970.1.1 and increases by one day.

4. days when the password cannot be changed

5. Number of days for Password Change

6. Days of warning before the Password Change Period

7. Account grace period after Password Expiration

8. Account Expiration date: the start date is 1970.1.1

Calculation Formula

9. reserved fields

 

$ (Date -- date = "2015/05/04" + % s)/86400 + 1 ))

 

/Etc/group file structure

Corresponds to GID

 

Root: x: 0: lixue

Bin: x: 1: bin, daemon

Daemon: x: 2: bin, daemon

Sys: x: 3: bin, adm

 

A total of four parts are separated:

1. The group name corresponds to the GID

2. You do not need to set the group password.

3. GID group ID

4. Accounts under this group

 

Each account can belong to multiple groups.

 

Initial group/etc/passwd Group

Effective group groups command

[Lixue @ localhost ~] $ Groups

Lixue root

 

The first is the valid group.

Touch a file

-Rw-r --. 1 lixue 0 July 30 17:29 test.txt

Normally, a valid group is used to create a file.

 

Switching between valid groups

Newgrp command

You can switch between groups. The condition is that you already have a supported group.

It is also run with a new shell. If you want to return to the previous shell, the exit command

 

/Etc/gshadow

Use: split into four parts

Root: lixue

Bin: bin, daemon

Daemon: bin, daemon

Sys: bin, adm

 

1. Group Name

2. Password column if! Or null indicates no Group Administrator

3. Group Administrator Account

4. users under the Group

 

Account Management

Add and remove users

Useradd, usermod, userdel, passwd

 

Useradd

-U UID

-G initial group

-G Secondary Group

-M: do not create a user master folder.

-M: The user master folder must be created.

-C description

-D: Specifies a directory as the main folder. The default directory is not required and must be an absolute path.

-R: Create a system account. The UID of this account is limited.

-S is followed by a shell. If it is not specified, the default value is/bin/bash.

-E account expiration date in the format of "YYYY-MM-DD"

-F 0 indicates that it is invalid immediately.-1 indicates that it will never expire.

 

The default master folder permission is 700.

 

The system will handle several projects by default:

1. Create a line of account-related data in/etc/passwd, including creating UID/GID/main folder, etc.

2. Enter password-related parameters in/etc/shadow, but no password exists.

3. Add a group name identical to the account name in/etc/group.

4. Create a directory with the same name as the account under/home as the main user folder with the permission of 700

You also need to use passwd to set a password for the user.

 

System Account-r does not create User Directories

 

Useradd-D call up the reference information of the default information

The location is in/etc/default/useradd.

GROUP = 100

HOME =/home reference directory

INACTIVE =-1 indicates whether the password expires or not. 0 indicates that the password expires immediately.-1 indicates that the password will never expire.

EXPIRE = Account Expiration Date

SHELL =/bin/bash default shell program file name

SKEL =/etc/skel user main folder reference base Directory main directory framework

CREATE_MAIL_SPOOL = yes: Create the user's mailbox

/Var/spool/mail/

 

But it is actually the same as the group name and user name.

 

Two mechanisms

 

Private Group mechanism

Ignore GROUP = 100

Only users can access their own main folders.

700 reason for permission

 

Public group mechanism

 

Use the GROUP = 100 setting value as the new account GROUP. Therefore, each account belongs to users. By default, the main folder can be accessed.

 

UID/GID reference value

/Etc/login. defs

 

Passwd command

-L lock will add the front of the second column of/etc/shadow! The password is invalid.

-U unlock

-S: List password-related parameters, that is, most of the shadow file information.

-The n parameter is the number of days, and the shadow field contains 4th fields. The password cannot be changed for a long time.

The-x parameter is the number of days, and the shadow's 5th fields must change the password within the specified period.

-W parameter is the number of days, shadow's 6th fields, and warning days before the password expires

-The I parameter is the number of days, the 7th fields of shadow, and the password expiration date.

 

Chage command

-L list detailed Password parameters for this account

-D followed by date, modify the Third Field of shadow, date of the last password change, format YYYY-MM-DD

-E followed by date, modify the shadow eighth field, Account expiration date, format YYYY-MM-DD

-I followed by the number of days. Modify the seventh field of shadow and the password expiration date.

-M followed by the number of days. Modify the fourth field of shadow and keep the password for the minimum number of days.

-M is followed by the number of days. Modify the fifth field of shadow and change the password.

-W followed by the number of days, modify the sixth field of shadow, and the warning date before the password expires

 

Usermod

-Change the content in the c account description Column

-D main folder of the account, that is, the sixth column of/etc/passwd Modification

-E followed by date, format YYYY-MM-DD, that is, the eighth field data in/etc/shadow

-F is followed by the number of days, which is the seventh field of shadow.

-G: Modify the fourth field of/etc/passwd in the initial group.

-G: Modify the secondary group/etc/group

-A adds a secondary group instead of a group.

-L modify the account name

-S is followed by the actual shell file, for example:/bin/bash

-U followed by UID

-L lock changes the data in the third column of/etc/shadow.

-U unlock

 

Uerdel deletes user-related data

Account Password:/etc/passwd,/etc/shadow

User group:/etc/group,/etc/gshadow

User personal file data:/home/username,/var/spool/mail/username

 

Userdel-r username

-R is also deleted along with the user's main folder.

User features:

Id

Uid = 501 (lixue) gid = 501 (lixue) group = 501 (lixue), 0 (root)

 

Finger

-S only lists the user's account, full name, Terminal code, and logon time.

-M: list the users who are connected to the following account, instead of using partial comparison.

 

Login: Account

Name: Full Name

Directory: Main folder

Shell: the location of the Shell file used

Never logged in: Account Logon status

No mail: Mailbox data

No Plan :~ User/. plan File

 

Chfn

-F: Change the full name.

-O: change the room number of the office

-P: Change the office phone number.

-H: home phone number

 

Chsh

-L list the available shell on the system, which is actually the content of/etc/shells.

 

Add and remove groups

 

Groupadd

-G connected GID

-R: the creation of system groups is related to GID_MIN in/etc/login. defs.

 

Groupmod

-G: Modify GID

-N: Modify group name

 

Groupdel

 

Gpasswd

 

-A transfers the control right of groupname to subsequent users for management.

-M: add some accounts to this group.

-R: remove the groupname password.

-R invalidates the password column of groupname

-A adds a user to the groupname group.

-D. Remove a user from the groupname group.