Linux User Management Class command summary

Source: Internet
Author: User

User and Rights Management:

1. What is the user?

User is the basis of implementing rights management, can indicate which users can be used (read, write, execute), resource allocation, is one of the core elements of security rights model.

2, no users, can you? OK



The role of password: User authentication, in multi-user operating system:

How to save Users---Repository: 1 users, 2 passwords

Name resolution: User IDentifier, UID


User containers: Groups, roles (role)

Group name, IDentifier, GID

Parse: Find the corresponding entry in the database according to the search code, and find the corresponding additional data process

can be used to store user data in the following ways:

Database

Text file

SQL database

LDAP database


User data file:/etc/passwd:

Encryption method:

Symmetric encryption: DES, 3DES, AES

Public Key cryptography: DSA, RSA

One-way encryption: Avalanche effect, fixed-length output, irreversible

MD5: Message digest message Digest algorithm, 128bits

SHA1: Secure hashing algorithm, secure hash algorithm 160bits

SHA256:

SHA512:

Password repository:/etc/shadow

TOM:MAGEEDUABCE, $6$ABCE$FKDLAGJDKALGHIO3QU4389QJTRKIEJGR

Jerry:mageeduxyzm $6$xyzm$878956ukijotrjiytoeutyvimyeuiore

Md5sum, Sha1sum

Group: User containers, roles

/etc/group

/etc/gshadow

Security context:

The running process has its owner and owner group:


Outline: Useradd, id, passwd, usermod, Chsh, Chage, CHFN, Userdel, Groupadd, Groupmod, Groupdel, Su


To create a user:

Useradd UserName

/ETC/PASSWD:

User name: x:uid: Basic Group Id:comment Info: HOME: Default shell

Useradd:adduser

-u uid: Specify UID

-G GID: Specifies the GID, which is the basic group of the specified user, but the GID must exist beforehand

-G GID: Specifies the user's additional group, the group must exist beforehand;

-d/path/to/somewhre:

-C "Comment":

-s/path/to/shell: Specifies the default shell, which should be specified using the shell that appears in the/etc/shells file;

-M: Forces the user to create a home directory when creating a user;

-M: Create user, but do not create home directory;

-r: Create a System user

id:1-499

Does not create a home directory for users

Default Shell is/sbin/nologin

-d:default, specifying a new default value for the user created by the Useradd command

Groupadd GrpName

-G GID: Create groups and assign GID to them


User Category:

Admin: 0

Normal Users: 1-65535

System users: 1-499

Login User: Researcher

User groups:

Administrators group

Normal Group

From a user perspective, groups can be of two types:

Basic Group: The Group of GID fields displayed in/etc/passwd, the basic group for the user;

Additional groups, additional groups:/etc/group

Userdel: Delete user, home directory is reserved by default

Format: Userdel UserName

-R: Delete home directory together


Summarize:

/etc/passwd:username:x:uid:gid:comment:home:shell

/etc/group:groupname:x:gid:user List

/etc/skel,/etc/default/useradd

Set User password: passwd

Normal User: passwd

Administrator:

Change your password: passwd

Change other user password: passwd UserName

Password security Policy: complex enough

long enough;

Cross-apply numbers, uppercase letters, small letters and at least three of the special types;

Try to avoid using easy-to-guess passwords;

Regular replacement;


/etc/shadow file Format:

UserName: Encrypted password: Last password modification time: Minimum lifespan: Maximum Age: Warning Interval: Inactive interval: Account expiration: Reserved segment

-L: Lock user

-U: Unlocking

Set group password: gpasswd GroupName

How to modify a user's property definition:

Modify user default Shell:chsh view current system available Shell #cat/etc/shells

Modify User comments: Chfn

Usermod:

-U UID:

-G GID:

-G GID: Default overrides the original additional group , and if it is added, use the-a option as well;

-C String:

-d/path/to/new_home: The user's home directory is not migrated by default , and if you are migrating, use-M

-S SHELL:

-L New_login_name:

-L: Lock user account

-U: Unlocking

How to modify a group property definition:

Groupmod:

-G GID

-N new_group_name:

Modify Account Date attribute: chage

-e--expiredate EXPIRE Date expired

-I--inactive inactive

-M--mindays

-M--maxdays

-W--warndays Warning date

To view user-related information ID:

ID UserName

-U: Display uid, used with-N to display user name

-G: Displays the base group ID, which is used with-N to display the base group name

-G: Show all group IDs, use with-N to display all group names


Summary of group Management related commands:

Groupadd

Groupmod

Groupdel

gpasswd

newgrp Pre-logon user temporarily added to an existing group

Su:switch User

To switch users:

Su Username

-L--login make the shell a login shell

-C--command ' command ' pass a single command to the shell With-c

# su-l User1-c ' ls-l-a '


Practice:

1, create a user Mandriva, whose ID number is 2002, the basic Group is distro (group ID 3003), the additional group is Linux;

# Groupadd Linux

# groupadd-g 3003 distro

# useradd-u 2002-g distro-g Linux Mandriva


2, create a user fedora, whose full name is Fedora Community, the default shell is tcsh;

# useradd-c "Fedora Community"-s/bin/tcsh Fedora


3, the change Mandriva ID number is 4004, the basic group is Linux, the additional group is distro and fedora;

# usermod-u 4004-g linux-g Distro,fedora Mandriva


4, to Fedora Plus password, and set its minimum password period of 2 days, the longest is 50 days;

# passwd Fedora

# chage-m 2-m Fedora


5. Change the default shell of Mandriva to/bin/bash;

#chsh-S/bin/bash mandriva


Linux User Management Class command summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.