Process vs Program
Program: Binary Program Files + library files + profiles + Help files
Static
Process: A copy of a program, an instance of program execution
Dynamic (with life cycle)
User Rights
User group: User container and can associate permission identifiers
Permission Type: Owner, group, other user
User: Gets the credential or identity identifier of the resource or service
Process: It is also a group of owners and
Is the agent of the user operating the computer
User Rights = Process permissions + file permissions
Permission type: r,w,x
For the file:
R: Readable, use commands like cat to view file contents
W: writable, can edit or delete this file
X: Executable, exacutable, can be submitted to the kernel at the command prompt as a command to run
For the directory:
R: LS can be executed on this directory to list all internal files
W: You can create files in this directory
X: You can switch to this directory using the CD, or you can use Ls-l to view the detailed properties of the internal files
RWX Permissions Combination:
---: No permissions
r--: Read-only
R-x: Read and Execute
rw-: Reading and writing
RWX: Read and write execution
The binary that corresponds to the permission combination:
0---No permissions
1 001--x Executable
2 010-w-Writable
3 011-wx Write and Execute
4 r--Read Only
5 101 R-x Read and Execute
6 rw-Read and write
7 111 rwx Read and write execution
User: UID user database:/etc/passwd
User group: GID user database:/etc/group
Password file:
Users:/etc/shadow
Group:/etc/gshadow
User category: User ID
Admin: 0
Normal Users: 1-65535
System users: Specialized operating system programs and services, non-login system
System User: 1-499 CentOS6.8
1-1000 CentOS7.2
General users: 500-65535 CentOS6.8
1000-65535 CentOS7.2
User Group Category:
Basic group: User Default Group
Private group: When a user is created, a group with the same name as the user name is automatically created if the group to which it belongs is not specified
Additional groups/Additional groups: groups other than the default group
passwd file Format:
Account: User Name
passwd: Password placeholder
UID: User uid
GID: Basic Group
Comment: Notes
Home dir: Home directory
Shell: User's default logon shell type
Shadow file format:
Account: User Name
Encrypted passwd: encrypted password
Third paragraph: When the password was last modified
Fourth paragraph: Minimum password usage period
Fifth paragraph: Maximum password usage period
Sixth: Number of warning days before password expiration
Seventh: Number of days after password expiration
Eighth paragraph: Password usage period
Encryption algorithm:
Symmetric encryption: Both encryption and decryption use the same password
Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key
One-way encryption/hash encryption: Extracting data signatures, often used to verify the integrity of data
Md5:message Digest 128-bit fixed-length output
Sha1:secure Hash algorithm 160-bit fixed-length output
User Management commands:
Useradd,userdel,usrmod,passwd,chsh,chfn,finger,change,id
Group Management Commands:
groupadd,groupdel,groupmod,gpasswd
Rights Management Commands:
Chown,charp,chmod,umask
useradd [Options] username create a user account
-u: Specify user uid
-O: Ignore uniqueness, must be combined before other options
-G: Specify user GID Basic group must exist beforehand
-G: Specifies that user additional group additional groups must exist beforehand
-C: Specifies that the comment information has a space plus single quotation mark
-D: Specify user home directory default/home/username
-S: Specify user default Shell
-m-k: Forced to create home directory for users,-k copy user shell environment files home Directory
-M: Do not create home directories for users, and users do not have shell environment files
-r: Add system user, cannot log in, no home directory
User Shell Environment Profile template: All Files under/etc/skell
To create a system default file for a new user:/etc/login.defs
Pass_max_days: Password maximum age 99999: no expiration
Pass_min_days: Minimum Password usage period
Pass_min_len: Minimum Password length
Pass_warn_age: Warning duration before expiration
Uid_min: New user Minimum UID
Uid_max: New user Max UID
Gid_min: New user Minimum GID
Gid_max: New user Max GID
Create home Yes by default the home directory is created
usergroups_enable Yes delete a user while deleting a private group
usermod [Options] Username Modify user account properties
-U: Modify user uid
-O: Ignore uniqueness, must be combined before other options
-G: Modify user base Group
-G: Modify user Attach Group (overwrite previous additional group)
-g-a: Append new Additional Group
-C: Modify annotation information
-d-m: Modify the user home directory and move the previous user's files to this new directory
-S: Modify the user's default shell
-L: Modify login Name
-E: Modify the user's expiration time (in the format: CCYY-MM-DD)
-F: Modify the warning days before expiration
-L: Lock account (does not let users log on to the system)
-U: Unlock account (normal user empty password does not let unlock)
Userdel [Options] Username Delete a user account
-R Delete the user's home directory at the same time (default does not delete)
ID [options] username viewing user information
-G: View information for all groups to which the user belongs (Basic Group, additional group)
-U: View user uid
-G: View user gid
-N: Display group name, non-ID number, can be combined with the above options
CHSH [Options] [username]
-L: No user name to see which shells are available on the current system
-s/path/shellname Username: Modify the user's default login shell
CHFN [Options] [username] modifying user annotation information
-F: Modify the user's full name
-O: Modify Office room number
-P: Modify Office phone number
-H: Modify Home phone
chage [Options] [username] modifying user password expiration information
-D: The last time the password was modified
-E: Password Expiration time
-I: Inactive time
-L: Show password term details
-M: Minimum period of use
-M: Maximum lifespan
-W: Warning days
passwd [Options] [username] modifying user passwords
-K: Change password usage period to never expire
-L: Lock user account
-U: Unlock user account
--stdin: Use the pipeline to set the user password
-D: Remove user password
-E: Force the user password to expire and have the password changed for the next logon
-F: enforces the specified action
-N: Modify Minimum password usage period
-X: Change Password maximum usage period
-W: Change password expiration warning period
-I: Change the retention time before password is disabled
-S: View user password Password status information
Groupadd [Options] groupname create user groups
-G: Specify GID
-O: Ignore uniqueness, must be combined before other options
-R: Creating a System Group
-r/path/chroot_dir: Specify Chroot_dir Directory
-P: Create a password for the newly created group
-F: Specify a direct exit when GID exists
-K gid_min=#-K gid_max=#: Modify default allocation GID pool
gpasswd [option] GroupName group management operations
-A: Adding users to a group
-D: Remove users from the group
-r: Delete Group password
-R: Restricting member access
-A: Administrators set up as groups
-M: Set members as groups
GPASSWD "GroupName" professional Modify group password
groupmod [option] GroupName modifying group properties
-G: Modify GID
-O: Ignore uniqueness, must be combined before other options
-N: Modify Group name
Groupdel GroupName Delete a group
NewGroup GroupName login into a new additional group exit the additional group
This article is from the "Love Firewall" blog, be sure to keep this source http://183530300.blog.51cto.com/894387/1832266
Linux User account Management commands