Linux System Management Technical Manual-Chapter 2 Add new users and linux Technical Manual

Linux System Management Technical Manual-Chapter 2 Add new users and linux Technical Manual

6.1/etc/passwd file

When a user logs on to Linux, the user's file/etc/passwd is identified.

/Etc/passwd includes seven fields:

Login Name (no more than 32 bits, no more than 8 bits after using the NIS system)

Encrypted passwords or password placeholders (most of them are actually stored in the/etc/shadow file, MD5 encryption is used by default (34 digits after encryption), Blowfish is used in SUSE, and passwd is used for setting)

UID (User ID) number (32-bit unsigned number, it is recommended to limit to 32767, root UID is 0, so that multiple accounts UID is 0 will generate a potential security vulnerability, LDAP is a popular UID management tool)

The default GID (group ID) number (defined in the/etc/group file, GID 0: root group, GID 1: bin group, GID 2: daemon group, the default GID takes effect when creating new files and directories)

"GECOS" information: full name, office, extension number, residential phone number (records user personal information, finger, chfn, GECOS information is very suitable for LDAP Management)

Main directory (if DEFAULT_HOME of/etc/login. def is set to no, user logon without the main directory is prohibited)

Log on to shell (the chsh command changes the shell used by the user. The/etc/shells file contains the shell list that the chsh command allows the user to use. add an item to the shell file and use the absolute path)

 

6.2/etc/shadow file

Format: root: $1 $ buJ6v3Ch $ bwLIof5each9Nv. OEzD3T0: 13348: 0: 180: 14: 14974:

Only Super Users can read/etc/shadow files

The original password field in the/etc/passwd file must contain an x

The Administrator must maintain both the/etc/shadow and/etc/passwd files (or use the useradd tool for self-maintenance)

You can use the pwconv tool to ensure that the contents of the shadow and passwd files are consistent.

9 fields in the/etc/shadow file:

Login Name (same as in/etc/passwd)

Encrypted password

Time when the password was last modified (the number of days since January 1, January 1, 1970)

Minimum number of days between two password changes (to prevent the user from changing the password immediately after the password is changed, it is recommended to set 0)

Maximum number of days between two password changes

How many days before warning that the user password will expire

Account Expiration Date (days from January 1, January 1, 1970)

Reserved field, empty currently

 

6.3/etc/group file

Format:

Wheel: x: 10: net, evi, lynda, boggs, tom, millert

Student: *: 200: dotty

The newgrp command changes a user not in a group to belong to this group.

The/etc/group file contains four fields:

Group Name (up to 8 characters)

The encrypted password or contains an x, indicating that a gshadow file exists.

GID (to avoid conflict with GID provided by the vendor, we recommend that you assign a local group from GID 500)

List of members separated by commas)

 

6.4 Add a user

Before creating an account for a new user, it is very important for the user to sign and date the copy of the Local User Agreement and policy statement.

Steps required by the system:

Edit the passwd and shadow file to define the user account:

Add a user to the/etc/group file

Set an initial password

Create a user's home directory and use the chown and chmod commands to change the owner and attributes of the user's home directory

Steps for the user:

Copy the default startup file to your home directory.

Set the user's mail home directory and create a mail alias

Steps for the Administrator:

Check whether the account is set correctly

Add the user's contact information and account status to the database

1) edit the passwd and shadow files

After ora and RHEL use vipw to edit the passwd file, they will ask whether to edit the shadow file. SUSE, Debian, and Ubuntu use vipw-s to implement the above functions.

Add the account linda to/etc/passwd:

Linda: x: 2000: 2000: linda,:/home/linda:/bin/sh

Add the following content to the/etc/shadow file:

Linda: *: 16268: 0: 99999: 7 :::

2) edit the/etc/group file

Linda: 2000: linda

3) set the initial password

Passwd linda

4) create a user's home directory

Mkdir/home/linda

Chown linda: linda/home/linda

Chmod 700/home/linda

5) copy the default Startup File

Cp/etc/skel/[a-zA-Z] * ~ Linda (skel is in/etc/skel under ubuntu12.04. find/-name skel in other systems)

Chown linda: linda ~ Linda/[a-zA-Z] *

Chmod 600 ~ Linda/[a-zA-Z] * (Note: it cannot be written ~ Linda/. *, because this also includes... (/home), it will lead to linda not only the owner of her own file, but also the owner of her parent directory, which is very dangerous)

6) set the user's mail home directory

See section 18.3.2.

7) verify the new Logon

Log out, log in as a new user, and execute the command

Pwd/* Verify the main directory */

Ls-al/* Check the owner and group of the Startup File */

8) record user status and contact information

Maintain the contact information and account status database

 

6.5 delete a user

Steps for manually deleting a user:

Delete a user from all local user databases or phone books

Delete a user from the alias file or add a forwarding address

Delete the user's crontab file and all pending at jobs

Terminate all user processes that are still running

Delete a user from the passwd, shadow, group, and gshadow files

Delete the user's home directory

Delete a user's email storage file

 

6.6 login prohibited

Method 1) add an asterisk or other characters before the encrypted password to prevent it from accessing and logging through the password

Method 2) usermod-L linda and usermod-U linda indicate locking and unlocking passwords respectively (SUSE is invalid)

Method 3) Replace the user's shell. The pseudo shell is not in/etc/shells.

 

6.7 account management tools

The useradd command adds the user to the passwd file (if possible, it will also be added to the shadow file)

The usermod command can change the entries of an existing user in the passwd file.

The userdel command can be used to delete a user from the system or the user's home directory.

Groupadd, groupmod, and groupdel can be used to operate on/etc/group files.

 

Add User

Useradd-c "David Hilbert"-d/home/hilbert-g facultry-G famous-m-s/bin/sh hibert

The effect is as follows:

In/etc/passwd (hilbert: x: 1005: 30: David Hilbert:/home/hilbert:/bin/sh)

In/etc/shadow (hiblert :! : 11508: 0: 99999: 7: 0 ::)

In/etc/group (add the hilbert to the faculty and famous groups)

The home directory/home/hilbert is created.

Copied the content of/etc/skel to the main directory.

Delete a user

Userdel hilbert

Information related to hilbert In passwd, shadow, and group files is deleted.

After the-r option is added, the user's home directory will be deleted.

Linux System Management Technical Manual 2

If you want to learn basic operations, we suggest you look at laruence's Linux private dish.
If you want to learn systematically or professionally, read the "linux System Management Technical Manual" (second edition), the legendary Bible!
Of course, it is important to combine practice and theory!

Which of the following is the best version of the Linux System Management Technical manual?

Laruence writes well. It's easy to see. There are many examples.
The Linux System Management Technical Manual is also good. It is more systematic to be patient.
We recommend that you first read the. linux.vbird.org/