Linux User Directory

Linxu Common directory for user information

This document for manual collation with errors please ask (email:[email protected])

User Information

cat/etc/passwd
Root:x:0:0:root:/root:/bin/bash
Account name: Password: uid:gid (Basic Group): (optional) Description: Home directory absolute path: Default shell used by account

[1] Account name. Renaming using the command usermod-l

[2] Password, this field is enabled. Account password in/etc/shadow file configuration

[3] UID, unique identification of the account. The commands that affect the value of this field include: Useradd-u, Usermod-u

[4] GID, the unique identifier of the initial group, associated with the 3rd field of the/etc/group file. The group is the default active group for the account (active groups can be toggled using the NEWGRP command). The commands that affect the value of this field include: Useradd-g, Usermod-g

[5] Description. The commands that affect the value of this field include: Useradd-c, Usermod-c

[6] Home directory absolute path. The commands that affect the value of this field include: Useradd-d, usermod-d

[7] Shell, the account is enabled by default shell, when the account cannot log on when/sbin/nologin. The shell that the account can use can be queried with the command chsh-l (the query results are the contents of the/etc/shells file). The commands that affect the value of this field include: Useradd-s, Usermod-s

User password file

Cat/etc/shadow
root:$6$uc.zq37xacff0qbe$ykwpcerwtatlau2qszzsbzefhxip76rjkknj/1ckg/o6vb35bu7fuq.c6towtkgmajs7b4bkt1urxfm3dgo7a .: 16526:0:99999:7:::
Account name: Encrypted, Secret ciphertext: Creation Date: How many geniuses are needed after password creation: How many days after password creation expires: How many days before password expiration starts sending a warning message to the user: the expiration date: How many days before the password expires: expiration dates

[1] Account name, the 1th field of the associated/etc/passwd file

[2] Password, encrypted ciphertext, the encryption algorithm is specified by the Encrypt_method in the/etc/login.defs file, here is SHA512. The commands that affect the value of this field include: Usermod-l (front-facing!!) Frozen), Usermod-u (Thaw), passwd-l (frozen), passwd-u (Thaw),

[3] The creation date, which displays a number that represents the number of days that have elapsed since 1970-01-01. The commands that affect the value of this field include: chage-d

[4] The number of days after the password is created to be modified again, 0 means no such limit. The commands that affect the value of this field include: Passwd-n, chage-m

[5] The number of days after the creation of the password expires, 99,999 days is about 99999/365 years, several hundred months means that the password will not expire. The commands that affect the value of this field include: Passwd-x, chage-m

[6] The number of days before the password expires to send a warning message to the user. The commands that affect the value of this field include: Passwd-w, chage-w

[7] The password expires after the number of days, in this time the user can also log in and change the password, over this period of time users will not be able to log in. The commands that affect the value of this field include: Useradd-f, Usermod-f, Passwd-i, chage-i

[8] Expiration date, a number representing the number of days that have elapsed since 1970-01-01. After this day, the user's password expires, no matter whether it expires or not, you can sign in again. The commands that affect the value of this field include: Useradd-e, USERMOD-E, chage-e

User group files

[Email protected] default]# Cat/etc/group
root:x:0:
Group name: Password: GID: List of account names

An explanation for the encrypted password:
First place
$1=MD5 encryption
$2a=blowfish
$5=sha-256
$6=sha-512
Second place
$Uc. zq37xacff0qbe= with the fields generated by the encryption, add some impurities to the password to ensure that the same password produces different characters
Third place
$YkwPcERWTatlAU ciphertext after 2qszzsbzefhxip76rjkknj/1ckg/o6vb35bu7fuq.c6towtkgmajs7b4bkt1urxfm3dgo7a.= encryption
If two exclamation marks, it means the user is locked

[1] Group name. Renaming use command: Groupmod-n

[2] password, enabled, group password configured in the/etc/gshadow file

[3] GID, group Unique identifier, is associated with the 4th field in the/etc/passwd file as the initial group for the corresponding account. The commands that affect the value of this field include: Groupadd-g, Groupmod-g

[4] List of account names, separated by commas. These accounts can be actively switched to members of the group, such as user Mophee (initial group Mophee) can use the NEWGRP command to switch its effective group to MySQL or mail. The commands that affect the value of this field include: Useradd-g, Usermod-[a]g

Group Password Store file

[Email protected] default]# Cat/etc/gshadow
Root::

Group Name: Password: Group admins: Group members

[1] group name, corresponding to the group name in/etc/group

[2] Password, encrypted ciphertext, using the command gpasswd Group_name can set the group password, using gpasswd-r group_name Delete password

[3] group administrator, using the command gpasswd-a user1, ... Group_name can set up a group administrator. Note: Group admins can set passwords for group members

[4] Group member, the field is the same as the 4th field of/etc/group and synchronized changes, in addition to using USERADD-G, usermod-g command maintenance, you can also use gpasswd-[adm] for maintenance. The commands that affect the value of this field include: Useradd-g, Usermod-[a]g

Encryption method

Symmetric encryption: Encrypt and decrypt using the same password
Public Key cryptography: each password appears in pairs, a private key is a public key
One-way encryption (also known as hash encryption): The main feature code extraction, do data validation
Encryption features
1. Avalanche effect: Small changes in initial conditions can result in great changes in results
2, fixed-length output: The output is always the same length
(MIT) MD5: Information Digest 5, fixed length 128-bit
(American National Standards Committee) SHA1: Secure Hashing algorithm

Create user Default File

[email protected] default]# cat Useradd
# useradd defaults file
GROUP=100 Preset Group ID
Home=/home Home Directory
Inactive=-1 inactivity period (equivalent to grace period)-1 means no limit
expire= User Password expiration time (in the form of year-month-day)
Shell=/bin/bash Default Shell
Skel=/etc/skel Create home directory is the initial content of the reference, that is, when the home directory is created, the contents of the directory will be copied to a home directory
Create_mail_spool=yes whether to create the corresponding mailbox directory, Yes/no,yes will create a directory with the same name as the account name in the/var/spool/mail/directory to store messages for that account

Set User restriction files

[Email protected] default]# cat/etc/login.defs
#
# Please note, the parameters in this configuration file control the
# Behavior of the tools from the Shadow-utils component. None of these
# Tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
#/etc/pam.d/system-auth for more information.
#

# *required*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, Mail_dir takes precedence.
# Qmail_dir is for QMAIL
#
#QMAIL_DIR Maildir
Mail_dir/var/spool/mail Base directory for the Mail directory, typically/var/spool/mail
#MAIL_FILE. MAIL

# Password Aging Controls:
#
# pass_max_days Maximum Number of days a password could be used.
# pass_min_days Minimum Number of days allowed between password changes.
# Pass_min_len Minimum acceptable password length.
# pass_warn_age number of days warning given before a password expires.
#
Pass_max_days 99999 The number of days to expire from the date the password was created, affecting the 5th field of/etc/shadow
Pass_min_days 0 Number of days after password creation does not allow changes, affecting the 4th field of/etc/shadow
Pass_min_len 5 Set the minimum allowed length of the password, enabled and replaced by the PAM module
pass_warn_age   7                                                 number of days before password expiration to start sending warning messages, affecting/etc/ The 6th field of a shadow

#
# Min/max values for automatic uid selection in Useradd
#
uid_min                    500                                            The UID that is less than the numeric value is the system account, which is set to 500 by default. The account UID added when using Useradd and the-r option is not added is greater than this value
uid_max                  60000                                The          system supports the maximum UID value

#
# Min/max values for automatic gid selection in Groupadd
#
Gid_min      & nbsp;            500                                             Similar to the Uid_min function, it affects the GID
gid_max                  60000                                         is similar to the Uid_max function, which affects the GID

#
# If defined, this command was run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# The user to be removed (passed as the first argument).
#
#USERDEL_CMD/usr/sbin/userdel_local

#
# If Useradd should create home directories for users by default
# on RH systems, we do. This option was overridden with THE-M flag on
# useradd command line.
#
Create_home yes defaults to creating a home directory, yes/no

# The permission mask is initialized to this value. If not specified,
# The permission mask is initialized to 022.
umask           077                                                      Home Directory default permissions for the anti-code, that is, when the value is 077, the home directory permission is 700                                            

# This enables Userdel to remove the user groups if no members exist.
#
Usergroups_enab Yes sets whether the group is deleted if there are no other member accounts under its initial group when the account is deleted using the Userdel command. Yes/no

# Use SHA512 to encrypt password.
Encrypt_method SHA512 encryption algorithms, such as SHA512

Linux User Directory