Linux system learning user and user group

Source: Internet
Author: User

In Linux, each user has a unique user name and a user identifier (UID, numeric) associated with it. A user can belong to more than one user group, each with a unique name and a user group identifier (GID, numeric type).

The main uses of UID and GID are: one, to determine ownership of various system resources, and to control the permissions that are given to the process to access resources.

Speaking of users and user groups, it is necessary to talk about the relevant system files:/ETC/PASSWD,/etc/shadow, and/etc/group. These files are stored as plain text on the Linux system. We can use the editor to modify it, or we can use a proprietary command to change it. We manage users and groups of users by adding, deleting, and modifying these files.

/etc/passwd

For each user account of the system, the system password file/etc/passwd will be listed in one row for description. The description information contains 7 fields, separated by a colon, in the following format:

Login Name: Password: uid:gid: Comments: Home directory: Shell

As shown in the following:

Description

1. Login Name: The user must enter a unique name (that is, the user name) when logging on to the system.

2. Password: This field contains a password that is encrypted and is typically 13 characters in length. For "x", the password is shadow protected and the encrypted password is actually stored in the shadow password file. If the user does not have a password set, the entry is empty.

3. UID: User ID, numeric type. If the field is 0, it means that the user is a privileged user, typically root. The UID is a 16-bit value, and the range is 0~65535. 1~500 is the system reserved id,500 above is the ordinary user use.

4. GID: User group identification, numeric type.

5. Note: Descriptive information for the user.

6. Home directory: The initial path where the user is logged in. The home environment variable is typically set in this field.

7. Shell: Once the user logs in, the program is referred to. If the field is empty, then the shell defaults to/bin/sh. The shell environment variable is typically set in this field.

/etc/shadow

Any user has read access to the passwd file, and although the password is encrypted, it has a security risk (for example, someone using a password-cracking tool). To circumvent these risks, the shadow password file/etc/shadow appears. Encrypted passwords are maintained separately by the shadow password file and are only read by programs that have privileges (privileged users).

The shadow password file contains logins, encrypted passwords, and several other fields that are first closed to security. It contains 9 fields, separated by a colon, in the following format:

Login: Password: Last password change date: Number of days the password could not be changed: number of days for which the code needs to be re-modified: Warning period before expiry of password change period: Account expiration: Account cancellation Date: Reserved field

         

/etc/group

The Linux user group has the private group, the system group, the standard group cent.

When you create an account, if you do not specify the group to which the account belongs, a group with the same user name is created and the group is a private group that only holds one user.

System groups are automatically established by the system.

A standard group can hold multiple users, and users within the group have the rights that the Group has.

A user can belong to more than one group, and the group to which the user belongs has a base group and an additional group. The first group in the group to which the user belongs becomes the base group, the base group is specified in the/etc/passwd file, the other groups are additional groups, and additional groups are specified in the/etc/group. A user who belongs to more than one group has permissions that are the sum of the permissions of the group in which it resides.

Each row in the/etc/group records the information for a group. It contains 4 fields, separated by a colon, in the following format:

Group name: Group Password: GID: Member of Group

Description

1. Group Name: The name of the group, such as bin, nobody, and so on.

2. Password for the group: encrypted password. In general, group passwords are not used.

3. GID: ID of the group, numeric type.

4. members of the group: the members contained within the group, separated by commas.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.