Linux User Management

Source: Internet
Author: User
Tags touch command

Linux User Management
|-User Management configuration file
|-User Management commands
|-User Group Management commands
|-Batch Add users
|-User Authorization

***********************************************************************
Configuration file
User Information file:/etc/passwd
Password file:/etc/shadow
User group file:/etc/group
User group password file:/etc/gshadow
User Configuration file:
/etc/login.defs
/etc/default/useradd
New user Information file:/etc/skel (each time a new user is created, the system automatically copy files from that directory to the host directory)
Login information:/ETC/MOTD (see after login)/etc/issue (see before login)

I../etc/passwd file format
Root:x:0:0:root:/root:/bin/bash
User name: Password bit: User uid: Default group GID: Description Information: Host directory: Command interpreter shell

User type
Linux users are divided into three types:
Super User (Root,uid=0)
Normal User (UID 500-60000)
Pseudo-User (UID 1-499)

Pseudo user
① Pseudo-user related to system and program services
Bin, daemon, shutdown, halt, and so on, any Linux system has these pseudo-users by default
Mail, news, games, Apache, FTP, MySQL, and sshd are related to the process of the Linux system
② pseudo-users usually do not need or fail to log on to the system
③ can have no host directory

User groups
① each user belongs to at least one user group
② Each user group can include multiple users
③ users of the same user group have permissions shared by this group

Ii../etc/shadow file format
Root:$1$dqukcg6f$ehgxb1iky6s8sj/gnyyim1:16622:0:99999:7:::
User name: Encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time:
Account Idle time: Expiry time: Flag

Passwords are written first into/etc/passwd and then converted to/etc/shadow, the system automatically transforms
# Pwunconv back to write the past #
# Pwconv System Automatic Call

Third, why ordinary users can change the password?
[Email protected] ~]# ls-l/usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 7 2007/usr/bin/passwd
Setuid definition: When an executable program has setuid permissions, the user executes the program with the program owner's
Identity execution.

①setuid=4
Set setuid
chmod u+s
4755
Cancel Setuid
chmod u-s
755
②setgid=2
chmod g+s
2755
③ sticky bit =1 chmod o+t 1777
If a directory with a permission of 777 is set up with sticky bits, each user can be in the directory
Create a file, but you can only delete files that you are the owner of
Example:
1. Grant setuid permissions to the Touch command
2. Find the SETUID program:
Find/-perm-4000-o-perm-2000

Iv. adding users
Useradd SET Options User name-D view default parameters
U:uid
G: Default owning user group GID
G: Specify multiple groups to which the user belongs
D: Host Directory
S: Command interpreter Shell
C: Description Information
E: Specify user Expiration Time
[Email protected] ~]# useradd-u 666-g root-g sys,apache-d/home/zhangsan-s/bin/bash-c "thsi is Project Zhangsan" -E 2017-7-17 Zhangsan
[[email protected] ~]# grep zhang/etc/passwd
ZHANGSAN:X:666:0:THSI is Project Zhangsan:/home/zhangsan:/bin/bash
passwd User Name setting password
[Email protected] ~]# passwd Zhangsan
Changing password for user Zhangsan.

User Management commands
PWCK detecting/etc/passwd files (locking files)
VIPW Edit/etc/passwd file
ID View User ID and group information
Finger viewing user Details
Su Switch User (SU-environment variable switch)
Passwd-s (view user password status)
Who, W view current logged on user information

User Lock Recovery
#usermod-l username
#passwd-l username
#usermod-u username
#passwd-u username

Delete User
Userdel-r User Name
-r: Delete User Directory
Manual removal:
Use the Find command to find files belonging to a user or group of users find Options-user,-uid,-group,-gid
[Email protected] ~]# Find/home-user Jack

Chage Set Password (Unix is useless)
-L View User password settings
...
Start or deactivate the shadow feature
Authconfig,/etc/sysconfig/authconfig


V. Add a group of users
Groupadd groupadd-g 888 WebAdmin
Add user group WebAdmin Group with GID 888
Delete user group: Groupdel Group name
Modify User group Information Groupmod
Groupmod-n Apache WebAdmin
Modify the WebAdmin group named Apache

User Group Management commands
GPASSWD set the group password and manage members within the group
-A add user to user group
-D remove users from the user group
-A set User group administrator
-R Delete user group password
-r prevents users from switching to this group
Usermod usermod-g Group name User name
GPASSWD-A User Name Group name

Groups to see which user groups the user belongs to
NEWGRP Switching user groups
GRPCK user group configuration file detection
Chgrp Modifying a group to which a file belongs
VIGR Edit/etc/group file (lock file)


Six, user group permissions Example
[Email protected] ~]# Mkdir/software
[Email protected] ~]# ls-ld/software/
Drwxr-xr-x 2 root root 4096 Jul 17:03/software/
[Email protected] ~]# Useradd Jack
[Email protected] ~]# passwd Jack
[Email protected] ~]# Groupadd Softadm
[[email protected] ~]# grep softadm/etc/group
softadm:x:8889:
[Email protected] ~]# usermod-g softadm Jack
[Email protected] ~]# gpasswd-a Mary Softadm
Adding user Mary to group Softadm
[[email protected] ~]# grep softadm/etc/group
Softadm:x:8889:jack,mary
[Email protected] ~]# chgrp softadm/software/
[Email protected] ~]# ls-ld/software/
Drwxr-xr-x 2 root softadm 4096 Jul 17:03/software/
[Email protected] ~]# chmod g+w/software/
[Email protected] ~]# ls-ld/software/
Drwxrwxr-x 2 root softadm 4096 Jul 17:03/software/

Seven, batch add users
NewUsers Command Import user information file
Pwunconv command cancels shadow password function
CHPASSWD Command Import password file (format user name: password)
Pwconv command to write password to shadow file

Restrict user su to root, group Sugroup:
[Email protected] ~]# Groupadd Sugroup
[Email protected] ~]# chmod 4550/bin/su
[Email protected] ~]# LS-LD/BIN/SU
-r-sr-x---1 root root 23960 Mar 1 2010/bin/su
[Email protected] ~]# chgrp sugroup/bin/su
[Email protected] ~]# LS-LD/BIN/SU
-r-xr-x---1 root sugroup 23960 Mar 1 2010/bin/su
[Email protected] ~]# usermod-g sugroup miniamin01
Once set, only users in the Sugroup group can use Su to switch to root

Use sudo instead of SU:
When you execute the sudo command, it becomes root temporarily
Does not reveal the root password
Provide limited command usage rights to users only
Configuration file:/etc/sudoers, Edit Profile command Visudo,
Ordinary users use the command sudo.
Format: User name (group name) host address = command (absolute path)

Managing Apache
1. Editing the Apache configuration file
2. Using Apache startup scripts
3. Updating Web pages

1. A set the user as the profile owner Chown
b Change the owning group, add the user to the group, grant the Group W permission
C Visudo User Address =/bin/vi/etc/httpd/conf/httpd.conf
2, Visudo user address =/etc/rc.d/init.d/httpd start,
Reload (configuration modification) Fullstatus Configtest (detection cannot be error)
3./var/www/html change owner or owning group (multiple user management)

Linux User Management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.