Linux User and Group management

Linux learners know that every file in Linux has quite a lot of attributes and permissions. The most important of these is the concept of the file owner. Today I'll summarize some of the user-related commands.

1. User's concept

Each process (running a program) in the system runs as a specific user. Each file is owned by a specific user. Access to files and directories is restricted by the user. The user associated with the running process can determine which files and directories the process can access.

To view the users associated with the process, include the U option in the PS command. The first column shows the user name:

[[Email protected] ~]# PS aux

USER PID%cpu%MEM VSZ RSS TTY STAT START time COMMAND

root            1   0.0   0.0    19244  1424    ?         Ss   21:00   0:01 /sbin/init

Root 20.00.0 00?S21:000:00[Kthreadd]

student 0.0 0.2 106008 1240 pts/0 S 21:00 0:00/bin /sh

To view the users associated with a file or directory, use the Ls-l command. The third column shows the user name:

[Email protected] ~]# LS-L/tmp

-RW-------. 1 root root 9412 3 22:49 sv1jc.tmp

-RW-------. 1 student student 24288 Jul 21:24 sv25e.tmp

2.Linux users are defined in the database.

By default, the system uses a simple "flat file" (that is, the/etc/passwd file) to store information about the local user. /ETC/PASSWD in the following format (seven colon-delimited fields):

Account:password:UID:GID:GECOS:directory:shell

user attributes:

Account is a UID-to-name mapping that is easy for users to use.

Password was previously the location where passwords were saved in an encrypted format. The password is now stored in a separate file called/etc/shadow.

The UID is the user's ID, which identifies the user's number at the most basic level.

The GID is the primary group ID, which by default is the number associated with all new files, and is used for potential merges.

The Gecos field stores arbitrary text, usually the user's actual name, office phone, or personal phone number.

Directory is the location of the user's personal data and configuration files.

A shell is a program that executes when a user logs on, and if the shell (for example,/bin/bash) provides user command-line prompts.

3. Managing Local Users

3.1 Useradd Create a user

Useradd username can set reasonable default values for all fields in/etc/passwd when run without options

Useradd No valid password is set by default and the user cannot log on

Useradd–help will display the underlying options that can be used to override the default values

-C Comment Specifies an annotative description.
The-D directory specifies the home directory, and if this directory does not exist, the-m option can be used to create the master directory.
The-G user group specifies the user group to which the user belongs.
-G user Group, user group specifies the additional group to which the user belongs.
-S Shell file specifies the user's login shell.
-u user number specifies the user's user number, and if you have the-o option, you can reuse the other user's identification number.

3.2 Userdel Delete a user

Userdel username removes a user from/etc/passwd, but by default the home directory remains unchanged by 3.

Userdel-r username can delete the user and user's home directory.

3.3 ID Display user information

The ID displays the user's information, including its UID number and group membership.

ID username will display the user information for username, including its UID number and group membership.

3.4 passwd Set Password

passwd username can be used to set the user's initial password, or to change the user's password.

3.5 UID Range

UID 0 is root and has special permissions

UID 1-499 is "System user" by convention-General Non-interactive service account

UID is a "regular user" that people use to interactively access a computer

4. Manage Passwords

Passwords have always been stored in the/etc/passwd file. However, the/etc/passwd must be fully readable because the command (for example, LS) requires access to the file in order to map the UID to the user name.

Migrate the password to a more secure/etc/shadow file that supports several different cryptographic encryption algorithms. As long as the encrypted password is stored in a dedicated file, the password age policy and data can be stored.

4.1 Password hash What are the 3 messages stored?

$1$mypmmlim$nuauyangzit1maatwmj1k.

1.1-Hash Algorithm (1 = MD5 hash)

2. mypmmlim– the salt used to encrypt the hash

3. nuauyangzit1maatwmj1k. -Encrypted Hash

4.2/etc/shadow Field

Root:$1$mypmmlim$nuauyangzit1maatwmj1k.:15183:0:99999:7:::

1. User Name

2. Password hashing

3. Last Password change date (number of days since January 1, 1970)

4. Minimum password period (by number of days, 0 = no minimum period required)

5. Maximum password age (in days)

6. Password warning period (in days, 0 = no warning specified)

7. Password inactivity period (by number of days)

8. Account expiry date (number of days since January 1, 1970)

4.3 shows the relevant password age parameters, which can be adjusted using chage to enforce the password age policy.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/86/B3/wKiom1fH4R3i5BfVAAA2gq0fSJs950.png "title=" Qq20160901160426.png "alt=" Wkiom1fh4r3i5bfvaaa2gq0fsjs950.png "/>

Example:

# chage-m 0-m 90-w 7-i username

At the next logon, CHAGE-D 0 username will force the password to be updated.

CHAGE-L username will list the current settings for the user name.

Usermod can modify the account, including "lock" with the-l option.

5. Management Group

As with users, groups also have names and numbers (GID). Local groups are defined in/etc/group. LDAP can also be used to provide group information.

5.1 Main groups

There is only one primary group per user.

For local users, the primary group is defined by the GID number of the group listed in the/etc/passwd third field

Typically, new files created by the user are owned by the primary group.

Typically, the primary group for the newly created user is a newly created group with the same name as the user. The user is the only member of this user-specific group (UPG).

5.2 Supplemental Groups

The user can be a member of 0 or more supplemental groups.

Users who are members of a local group supplement are listed in the last field of the group entry in/etc/group. For local groups, user memberships

Determined by a comma-delimited list of users found in the last paragraph of the group entry in/etc/group.

Groupname:password:gid:user1,user2,user3

Supplemental group memberships are used to help ensure that users have access to files and other resources in the system.

5.3 Managing Supplemental Groups

1. Groupadd-g 601 groupname Create a supplemental group named GroupName with GID 601.

2. Usermod-ag groupname username adds the user username to the groupname.

6.chown command to change the owner of a file or directory and the group to which it belongs

The command can authorize a user to make the user the owner of the specified file or to change the group to which the file belongs. The user can be a user or user D, and the user group can be either a group name or a group ID. File names can have a list of files separated by spaces, and wildcard characters can be included in the file name.

Grammar:

Chown (option) (parameter)

Parameters:
-R or--recursive: recursively handles all files and subdirectories under the specified directory;

-C or--changes: The effect is similar to the "-V" parameter, but returns only the part of the change;

-F or--quite or--silent: No error message is displayed;

-H or--no-dereference: Only modify the symbol-connected files without changing any other related files;

-V or--version: Displays the instruction execution process;

This article from the "Technology life, Simple not simple" blog, please be sure to keep this source http://willis.blog.51cto.com/11907152/1845237

Linux user and group management