Linux User Actions 2

Linux User, user group Rights Management detailed

1. Linux User Management Three important documents detailed:

Linux login requires user name, password. The/etc/passwd file holds the user name. When you log in to Linux, Linux looks for the user name in the/etc/passwd file, does not jump out, reads the user ID, the group ID, the root path of the user name, and the shell used, and finally checks the/etc/shadow in the The UID corresponding to the PWD is correct, then log in to the user's shell.

1.1 /etc/passwd Detailed:

cat/etc/passwd

account name: User name, root is the system default highest administrator user.

Password: Because the password is saved in the/etc/shadow file, this is denoted by "X", which is empty if no password is set. User id: The unique ID of the user within the system, with the following types of user IDs:

0 on behalf of the system administrator, if you want to establish a system administrator, you can first set up a normal account, and then change its user ID to 0.

1-500 system reserved id,500 above is a normal user ID.

Group ID: User group identification ID,/etc/group. Description Information: Description of the account number. User root: The user logs in to the starting directory, and enters this directory first after logging into the system. The root user is/root by default, and the normal user is the/home/user name. User logon Shell: The shell used after the user logs on to the system.

1.2/etc/shadow Detailed:

Early UNIX systems, user accounts, passwords are saved in passwd, even if the password is stored in ciphertext passwd, but the passwd file is readable to all users, there is a security risk. Now Linux uses "shadow" to save the ciphertext of the password, using the passwd file to save the user account information. The "shadow" file is accessible only to administrator users.

Cat/etc/shadow | Tail-4

Account name: The user name, and passwd the same meaning.

Password: Ciphertext of the user's password.

The first character of the password bar is "*" to indicate that the user cannot log in, and if you do not want the user to log in, add a "*" to his front;

The first character is "! ", the user is disabled, the newly created user does not have a password and is disabled, using"!! " Said

The first character is "empty", which means that the user does not have a password and does not require a password when logging in.

last changed password date: The last change date of the password, why is 15181? Because the Linux calculation date is January 1, 1970 as 1 and January 1, 1971 is 366, the date that I modified the password is represented as 15181. The number of days the password cannot be changed: Indicates how long it takes to change the password. "0" means you can change it at any time. The password needs to be re-changed: the password must be updated within this time or the account will be temporarily invalidated. 99999, indicates that the password does not need to be updated. Password change period fast to the front of the warning period: The account password expiration period is fast, the system according to this field settings, issued a warning, remind the user password will expire please update password, the default is 7. Account Expiration Period: If the password is not updated after the warning period, the password expires, and the user does not report to the administrator within the time limit of this field, so that the account is reactivated, the user will temporarily expire. Account Cancellation Date: This field also uses the Date calculation method since 1970 years, indicating that the user will no longer be able to use it after the time specified in this field. Reserved: reserved fields.

1.3 /etc/group Detailed:

 

Starting with the first line of analysis, there are four items, followed by: Group name: User group name. Group password: Generally do not need to set, rarely use group login. However, this password is also stored in/etc/shadow. Group ID: User group ID. Name of the support account: All accounts for this group. If you want the David user to belong to the root group, add ", Davidi" at the end of the first line to note that there are no spaces when added.

Linux User Action 2