Linux System Management Technical Manual--6th chapter add a new user

6.1/ETC/PASSWD file

Linux recognizes user's file/etc/passwd when user logs on

/ETC/PASSWD consists of 7 fields:

Login name (no more than 32 bits, no more than 8 bits after using NIS system)

Encrypted password or password placeholders (most are actually placed in the/etc/shadow file, with MD5 encryption by default, Blowfish in SuSE, set by passwd command)

UID (User ID) Number (32-bit unsigned number, recommended limit is 32767, root uid is 0, multiple account UID 0 will create potential security vulnerabilities, LDAP is a popular UID management tool)

Default GID (group ID) number (defined in/etc/group file, GID 0:root Group, GID 1:bin Group, GID 2:daemon Group, default GID function when creating new files and directories)

"GECOS" Information: Full name, office, extension number, home phone (record user's personal information, Finger,chfn,gecos information is very suitable for LDAP management)

Home directory (modifying/etc/login.def's default_home to no will prevent users without a home directory from logging in)

The login shell (CHSH command changes its own Shell,/etc/shells file contains a list of shells that the CHSH command allows the user to use, add entries to the shell file, and must use an absolute path)

6.2/etc/shadow file

Format: root:$1$buj6v3ch$bwliof5each9nv.oezd3t0:13348:0:180:14::14974:

Only super users can read/etc/shadow files

In the case of using a covert password system, the original password field in the/etc/passwd file must contain an X

Administrator must maintain two files/etc/shadow and/etc/passwd (or self-maintenance using useradd tools)

You can use the Pwconv tool to keep shadow files and passwd file content consistent

/etc/shadow files 9 fields:

Login name (same as in/etc/passwd)

Password after encryption

Time the password was last modified (number of days since January 1, 1970)

Two change the minimum number of days between passwords (to prevent users from changing the password immediately change back to the password, the proposed setting 0)

Two times the maximum number of days between password changes

How many days in advance warning the user password will expire

Date of expiration of account (number of days starting January 1, 1970)

Reserved field, currently empty

6.3/etc/group file

Format:

Wheel:x:10:net,evi,lynda,boggs,tom,millert

Student:*:200:dotty

NEWGRP command to make a user who does not belong to a group become part of the group

The/etc/group file consists of 4 fields:

Group name (try to limit it to 8 characters characters)

Encrypted password or contains an x indicating that there is a Gshadow file

GID number (to avoid vendor-supplied GID collisions, we recommend assigning local groups starting with GID 500)

List of members, separated by commas (do not add spaces)

6.4 Adding users

It is important that the user sign and date a copy of the local user Agreement and policy statement before creating an account for the new user.

The steps required for the system:

Edit passwd and shadow files to define user accounts:

Add the user to the/etc/group file

Set an initial password

Create user home directory, change owner and attribute of user home directory with chown and chmod commands

Steps for the User:

Copy the default startup file to the user's home directory

Set up a user's mail home directory and establish a mail alias

Steps to be prepared for the administrator:

Verify that the account is set up correctly

Add user's contact information and account status to the database

1) Edit passwd and shadow files

The Fedora and Rhel systems use VIPW to edit the passwd file and ask if you want to edit the shadow file again, and SUSE, Debian, and Ubuntu use Vipw-s to achieve these features

Add an account Linda to/etc/passwd:

Linda:x:2000:2000:linda,,,:/home/linda:/bin/sh

In the/etc/shadow file, add:

Linda:*:16268:0:99999:7:::

2) Edit the/etc/group file

Linda::2000:linda

3) Set the initial password

passwd Linda

4) Create user home directory

Mkdir/home/linda

Chown Linda:linda/home/linda

chmod 700/home/linda

5) Copy the default boot file

cp/etc/skel/[a-za-z]* ~linda (Skel under ubuntu12.04 is under/etc/skel, other systems please find/-name Skel)

Chown Linda:linda ~linda/[a-za-z]*

chmod ~linda/[a-za-z]* (note, cannot be written as ~linda/.*, as this also includes: (/home), will cause Linda not only the owner of his own files, but also the owner of the parent directory, very dangerous)

6) Set the user's Mail home directory

See section 18.3.2

7) Verify the new login

Log out, log in as a new user, and execute the command

PWD/* Verify the home directory */

Ls-al/* Check the owner and host group of the startup file */

8) record user status and contact information

Maintain contact information and account status database

6.5 Deleting a user

Manual removal of user steps:

Remove a user from all local user databases or phone books

Remove the user from the alias file, or add a forwarding address

Delete the user's crontab file and all pending at jobs

Terminates all user processes that are still running

Remove users from passwd, Shadow, group, and Gshadow files

Delete User home directory

Delete a user's message store file

6.6 Login Forbidden

Method 1) Add an asterisk or other character before the encrypted password so that it cannot access the login by password

Method 2) Usermod-l Linda and Usermod-u Linda, respectively, indicate that the password is locked and unlocked (SuSE is not valid)

Method 3) Replace the user's shell, the pseudo-shell is not in/etc/shells

6.7 Account Management Tools

The Useradd command adds the user to the passwd file (which is also added to the shadow file if you can)

The Usermod command can change an existing user's entry in the passwd file

The Userdel command removes the user from the system and can also delete the user's home directory

Groupadd, Groupmod, Groupdel can operate on/etc/group files

Add user

Useradd-c "David Hilbert"-d/home/hilbert-g facultry-g famous-m-s/bin/sh Hibert

The effect is as follows:

In/etc/passwd (Hilbert:x:1005:30:david hilbert:/home/hilbert:/bin/sh)

In/etc/shadow (hiblert:!:11508:0:99999:7:0::)

In/etc/group (add Hilbert to faculty and famous groups)

Created the home directory/home/hilbert

Copied the contents of the/etc/skel to the home directory

Delete User

Userdel Hilbert

Removed Hilbert-related data from passwd, shadow, and group files

The user's home directory is deleted when the-R option is added