Linux User Management

Linux User Management
|-User Management configuration file
|-User Management commands
|-User Group Management commands
|-Batch Add users
|-User Authorization

***********************************************************************
Configuration file
User Information file:/etc/passwd
Password file:/etc/shadow
User group file:/etc/group
User group password file:/etc/gshadow
User Configuration file:
/etc/login.defs
/etc/default/useradd
New user Information file:/etc/skel (each time a new user is created, the system automatically copy files from that directory to the host directory)
Login information:/ETC/MOTD (see after login)/etc/issue (see before login)

I../etc/passwd file format
Root:x:0:0:root:/root:/bin/bash
User name: Password bit: User uid: Default group GID: Description Information: Host directory: Command interpreter shell

User type
Linux users are divided into three types:
Super User (Root,uid=0)
Normal User (UID 500-60000)
Pseudo-User (UID 1-499)

Pseudo user
① Pseudo-user related to system and program services
Bin, daemon, shutdown, halt, and so on, any Linux system has these pseudo-users by default
Mail, news, games, Apache, FTP, MySQL, and sshd are related to the process of the Linux system
② pseudo-users usually do not need or fail to log on to the system
③ can have no host directory

User groups
① each user belongs to at least one user group
② Each user group can include multiple users
③ users of the same user group have permissions shared by this group

Ii../etc/shadow file format
Root:$1$dqukcg6f$ehgxb1iky6s8sj/gnyyim1:16622:0:99999:7:::
User name: Encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time:
Account Idle time: Expiry time: Flag

Passwords are written first into/etc/passwd and then converted to/etc/shadow, the system automatically transforms
# Pwunconv back to write the past #
# Pwconv System Automatic Call

Third, why ordinary users can change the password?
[Email protected] ~]# ls-l/usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 7 2007/usr/bin/passwd
Setuid definition: When an executable program has setuid permissions, the user executes the program with the program owner's
Identity execution.

①setuid=4
Set setuid
chmod u+s
4755
Cancel Setuid
chmod u-s
755
②setgid=2
chmod g+s
2755
③ sticky bit =1 chmod o+t 1777
If a directory with a permission of 777 is set up with sticky bits, each user can be in the directory
Create a file, but you can only delete files that you are the owner of
Example:
1. Grant setuid permissions to the Touch command
2. Find the SETUID program:
Find/-perm-4000-o-perm-2000

Iv. adding users
Useradd SET Options User name-D view default parameters
U:uid
G: Default owning user group GID
G: Specify multiple groups to which the user belongs
D: Host Directory
S: Command interpreter Shell
C: Description Information
E: Specify user Expiration Time
[Email protected] ~]# useradd-u 666-g root-g sys,apache-d/home/zhangsan-s/bin/bash-c "thsi is Project Zhangsan" -E 2017-7-17 Zhangsan
[[email protected] ~]# grep zhang/etc/passwd
ZHANGSAN:X:666:0:THSI is Project Zhangsan:/home/zhangsan:/bin/bash
passwd User Name setting password
[Email protected] ~]# passwd Zhangsan
Changing password for user Zhangsan.

User Management commands
PWCK detecting/etc/passwd files (locking files)
VIPW Edit/etc/passwd file
ID View User ID and group information
Finger viewing user Details
Su Switch User (SU-environment variable switch)
Passwd-s (view user password status)
Who, W view current logged on user information

User Lock Recovery
#usermod-l username
#passwd-l username
#usermod-u username
#passwd-u username

Delete User
Userdel-r User Name
-r: Delete User Directory
Manual removal:
Use the Find command to find files belonging to a user or group of users find Options-user,-uid,-group,-gid
[Email protected] ~]# Find/home-user Jack

Chage Set Password (Unix is useless)
-L View User password settings
...
Start or deactivate the shadow feature
Authconfig,/etc/sysconfig/authconfig


V. Add a group of users
Groupadd groupadd-g 888 WebAdmin
Add user group WebAdmin Group with GID 888
Delete user group: Groupdel Group name
Modify User group Information Groupmod
Groupmod-n Apache WebAdmin
Modify the WebAdmin group named Apache

User Group Management commands
GPASSWD set the group password and manage members within the group
-A add user to user group
-D remove users from the user group
-A set User group administrator
-R Delete user group password
-r prevents users from switching to this group
Usermod usermod-g Group name User name
GPASSWD-A User Name Group name

Groups to see which user groups the user belongs to
NEWGRP Switching user groups
GRPCK user group configuration file detection
Chgrp Modifying a group to which a file belongs
VIGR Edit/etc/group file (lock file)


Six, user group permissions Example
[Email protected] ~]# Mkdir/software
[Email protected] ~]# ls-ld/software/
Drwxr-xr-x 2 root root 4096 Jul 17:03/software/
[Email protected] ~]# Useradd Jack
[Email protected] ~]# passwd Jack
[Email protected] ~]# Groupadd Softadm
[[email protected] ~]# grep softadm/etc/group
softadm:x:8889:
[Email protected] ~]# usermod-g softadm Jack
[Email protected] ~]# gpasswd-a Mary Softadm
Adding user Mary to group Softadm
[[email protected] ~]# grep softadm/etc/group
Softadm:x:8889:jack,mary
[Email protected] ~]# chgrp softadm/software/
[Email protected] ~]# ls-ld/software/
Drwxr-xr-x 2 root softadm 4096 Jul 17:03/software/
[Email protected] ~]# chmod g+w/software/
[Email protected] ~]# ls-ld/software/
Drwxrwxr-x 2 root softadm 4096 Jul 17:03/software/

Seven, batch add users
NewUsers Command Import user information file
Pwunconv command cancels shadow password function
CHPASSWD Command Import password file (format user name: password)
Pwconv command to write password to shadow file

Restrict user su to root, group Sugroup:
[Email protected] ~]# Groupadd Sugroup
[Email protected] ~]# chmod 4550/bin/su
[Email protected] ~]# LS-LD/BIN/SU
-r-sr-x---1 root root 23960 Mar 1 2010/bin/su
[Email protected] ~]# chgrp sugroup/bin/su
[Email protected] ~]# LS-LD/BIN/SU
-r-xr-x---1 root sugroup 23960 Mar 1 2010/bin/su
[Email protected] ~]# usermod-g sugroup miniamin01
Once set, only users in the Sugroup group can use Su to switch to root

Use sudo instead of SU:
When you execute the sudo command, it becomes root temporarily
Does not reveal the root password
Provide limited command usage rights to users only
Configuration file:/etc/sudoers, Edit Profile command Visudo,
Ordinary users use the command sudo.
Format: User name (group name) host address = command (absolute path)

Managing Apache
1. Editing the Apache configuration file
2. Using Apache startup scripts
3. Updating Web pages

1. A set the user as the profile owner Chown
b Change the owning group, add the user to the group, grant the Group W permission
C Visudo User Address =/bin/vi/etc/httpd/conf/httpd.conf
2, Visudo user address =/etc/rc.d/init.d/httpd start,
Reload (configuration modification) Fullstatus Configtest (detection cannot be error)
3./var/www/html change owner or owning group (multiple user management)

Linux User Management