Linux User Management

Linux User Management

Course Outline

? User Management Profile

? User Management commands

? User Group Management commands

? Bulk Add Users

? User authorization

Configuration file

? User Information file:/etc/passwd

? Password file:/etc/shadow

? User group file:/etc/group

? User group password file:/etc/gshadow

? User Configuration file:

? /etc/login.defs

? /etc/default/useradd

? New user information file:/etc/ske1

? Login information:/etc/motd/etc/issue

/ETC/PASSWD file format

Field meaning

User name the user name to use when logging on to the system

Password Password bit

UID User identification number

GID Default Group identification number

Annotative descriptions such as information such as the user's full name

Default directory after the host directory user logs on to the system

Shell used by the command interpreter user, default to bash

User type

Linux users are divided into three types:

? Super User (Root,uid=0)

? Normal User (UID 500-60000)

? Pseudo-User (UID 1-499)

Pseudo user

1, pseudo-user and system and program services related

? Bin, daemon, shutdown, halt, and so on, any Linux system has these pseudo-users by default

? Mail, news, games, Apache, FTP, MySQL, and sshd are related to the process of the Linux system

2, pseudo-users usually do not need or unable to log on to the system

3, can not host directory

User groups

? Each user belongs to at least one user group

? Each user group can include multiple users

? Users of the same user group have permissions shared by the group

/etc/shadow file format

Field meaning

User name the user name to use when logging on to the system

Password encryption password

Last modified time the number of days the user last modified the password

Minimum number of days between password changes at minimum interval of two times

Maximum time interval password remains valid for maximum number of days

Warning time from the system start warning to the number of days the password expires

Account Idle time account idle time

Absolute number of days when the expiration password expires

Flags are generally not used

/etc/group file format

Field meaning

Group name when the user logs in

Group passwords are generally not used

GID Group Identification number

The list of users in the group belongs to all users of the group

Adding users manually

? Add a record to the/etc/passwd,/etc/group, and/etc/shadow files, respectively

? Create a user host Directory

? Set the default profile in the user host directory

? Set User initial password

SetUID

Think: Why do ordinary users change their passwords?

Definition of setuid: When an executable program has setuid

permissions, the user executes the program as the owner of the program.

Example: 1. Grant setuid permissions to the Touch command

# chmod U+s/bin/touch

# ls-l/bin/touch

Then touch file02 with ordinary users

Ls-l FILE02

You will find that the file owner is not the creator but the root user

chmod u-s/bin/touch//Cancel setuid permissions u-s change to 755 4755

chmod g+s "2755" file name//user group Add setuid permissions at the same time users and groups are added 6755

Adhesive bit =1//ls-ld/tmp Other people permissions are T

If a directory with a permission bit 777 is set up with an adhesive bit, each user can create files in the directory, but only the files that they create can be deleted.

Add an adhesive bit method chmod o+t directory name//or 1777

1. When the VI command is granted SETUID permissions

   # which VI//Query VI command path

   # chmod U+s/bin/vi

   Consequence ordinary users can modify the file to force save exit

   3, find setuid program:

   Find/-perm-4000-o-perm-2000

Added: # ls-l/USR/BIN/PASSWD

Add user

? Useradd SET Options User name-D view default parameters

? U:uid

? G: Default owning user group GID

? G: Specify multiple groups to which the user belongs

? D: Host Directory

? S: Command interpreter Shell

? C: Description Information

? E: Specify user Expiration Time

? passwd Sam

? Adding users manually

User Group Management commands

Add User group Groupadd

Groupadd-g 888 WebAdmin

Create user group WebAdmin, whose GID is 888

? Delete user group: Groupdel Group name

? Modify User group Information Groupmod

Groupmod-n Apache WebAdmin//Modify WebAdmin group named Apache

GPASSWD set the group password and manage members within the group

-A add user to user group

-D remove users from the user group

-A set User group administrator

-R Delete user group password

-r prevents users from switching to this group//GPASSWD-R group name

Example: GPASSWD-A user name Group name

GPASSWD Group name//set Group password

Modify user Information

? Usermod

? Usermod-g Softgroup Samlee

Add user Samlee to the Softgroup user group

? Usermod-l samlee-d/home/samlee-g Lampbrother liming

Change the login name of the user liming to Samlee, join the Lampbrother group, and change the user directory to/home/samlee

User Management commands

? PWCK Detecting/etc/passwd files

? VIPW edit/etc/passwd file (lock file)

? ID View User ID and group information

? Finger viewing user Details

? Su Switch User (SU-environment variable switch)//echo $PATH view environment variables

? Passwd-s View User Password status//#passwd-S user name

Passwd-l Jack//Lock Jack User password

? Who, W view current logged on user information

? groups see which user groups the user belongs to//ID command also see

? NEWGRP Switch User Group//NEWGRP group name will raise the input group password

? GRPCK User Group profile detection, '

? Chgrp modify file belongs to Group//CHGRP group name file name

? VIGR Edit/etc/group file (lock file)//Same as VIPW function

User group Permissions Example

Authorized user Jack and Mary have write access to directory/software

# Groupadd SOFTADM//Create Group Softadm

# usermod-g Softadm Jack//Jack joins the Softadm group

# gpasswd-a Mary Softadm//mary join the SOFTADM Group

# CHGRP Softadm/software//change software file belongs to group Softadm

# chmod g+w/software//Change file user group +wire permissions

# Ls-ld/software

Drwxrwxr-x 2 root Softadm 06:17/software

# grep Softadm/etc/group

Softadm::100:jack,mary

Disable and restore users?

Disable

# USERMOD-L username//Lock user

# PASSWD-L username//Lock user password

?

Recovery

# usermod-u username//restore log in User

# passwd-u username//Restore login Password

Delete User

Userdel-r User Name

-r: Delete User Directory

Manual removal:

Use the Find command to find files that belong to a user or group of users

Find Options-user,-uid,-group,-gid

1. Move and backup files that need to be retained

2. Delete unwanted files

3. Clear related table entries in user files

4. Clear the User host directory

User Management commands

? Chage Set Password

-L View User password settings

-M Password modification minimum days

-M password modification maximum days

-d Password Last modified date

The number of days to lock an account after the-I password expires

-E Sets the expiration date of the password, if 0, represents the password

expire immediately; If 1, the password will never expire

-W Set the number of days to start warning before the password expires

Start or deactivate the shadow feature

Pwconv/pwunconv

Grpconv/grpunconv

? System-config-users

? Authconfig,/etc/sysconfig/authconfig

Bulk Add Users

NewUsers Command Import user information file//file template press/etc/passwd #newusers < User.info

Pwunconv command cancels shadow password function

CHPASSWD command Import password file//#chpasswd < Pass.info

(Format user name: password)

Pwconv command to write password to shadow file

Example: adding 10 users in a batch

Restrict user su to root:

# Groupadd Sugroup//Add a sugroup group

# chmod 4550/BIN/SU//Modify/BIN/SU Permissions

# CHGRP SUGROUP/BIN/SU//Modify the owning group

# ls-l/bin/su

-r-sr-x---1 root sugroup 18360 Jan 2010/bin/su

Once set, only users in the Sugroup group can use Su to switch to root

# Useradd Helen

# passwd Helen

# usermod-g Sugroup Helen//Add the Helen user to the Sugroup user group

Use sudo instead of SU:

? -When executing the sudo command, temporarily becomes root

? -No root password leakage

? -Provide limited command access to users only

Configuration files:/etc/sudoers,

Edit configuration File Command/usr/sbin/visudo,

Ordinary users use the command/sur/bin/sudo.

Format: User name (group name) host address = command (absolute path)

Additional: Visudo//Edit

CSDN1 Helen=/usr/sbin/useradd,/usr/sbin/userdel

CSDN2 helen=/sbin/shuthown-h-now//command can be refined

User name hostname (or IP address) = Authorization command Absolute path,

# SU-CSDN1//Toggle CSDN1 User

$ sudo/user/sbin/useradd lampbrother//Add Lampbrother User

[sudo] password for CSDN1://Enter CSDN1 password

$ sudo-l//See what commands you can execute with root

Authorizing a user Apache administrative rights

1 Editing Apache configuration files

2 using Apache startup scripts

3 Update page

# ls-l/etc/httpd/conf/httpd.conf

1. A sets the user to be the profile owner Chown

   b Change the owning group, add the user to the group, grant the Group W permission

   C Visudo user Address csdn1 helen=/bin/vi/etc/httpd/conf/httpd.conf

   2 Visudu user Address =/etc/rc.d/init.d/httpd start,/etc/rc.d/init.d/httpd Reload,

   /ETC/RC.D/INIT.D/HTTPD Fullstatus,

   /ETC/RC.D/INIT.D/HTTPD Configtest

   3 grep Document root/etc/httpd/conf/httpd.conf//Find a directory that matches the WWW web page

   /var/www/html change the owner or change the owning group, add the user to the group, grant the group W permissions

John the Ripper application:

# TAR-XZVF John-1.7.6.tar.gz

# CD John-1.7.6/run

# CD SRC

# Make Linux-x86-64

Crack User liming Password

# grep liming/etc/passwd >/TEST/LIMING.PASSWD

# grep Liming/etc/shadow >/test/liming.shadow

#/test/john-1.6.6/run/unshadow/test/liming.passwd/test/liming.shadow >/test/liming.john

#/test/john-1.6.6/run/john/test/liming.john

http://www.openwall.com/john/

Linux User Management