Linux users, groups, rights management

Linux Users:

Linux users are mainly divided into: Administrators and ordinary users, ordinary users also include system users and login users. System users do not need to log on to the system, only for the background service run to provide identity, and the daemon gets resources to assign permissions, login users need to log on interactively.

Linux systems rely primarily on UID numbers to identify administrators and ordinary users. On CentOS 6, the administrator uid is 0, the average user's UID is 1-65535, the system user UID is 1-499, the login user uid is 500-65535, on CentOS 7, the administrator uid is 0, the common uid is 1-65535, Where the UID of the system user is 1-999 and the UID of the logged-on user is 1000-65535.

Linux users have a corresponding configuration file,/etc/passwd contains users and their property information,/etc/shadow contains user passwords and their associated properties. Where the/etc/passwd file is divided into 7 fields with ":", the login name:passwd:UID:GID:GECOS:home Directory:shell;/etc/shadow file is divided into 8 fields with ":". Login: Encrypted password: Last changed time: The password can be changed in a few days: the password must be changed in a few days: the password expires a few days before the user: the password expires a few days after the account will be locked: account expiration Time, from January 1, 1970

User password encryption: Symmetric encryption, asymmetric encryption, and one-way encryption.

Symmetric encryption: Encrypt and decrypt using the same password

Asymmetric encryption: Encrypt and decrypt using a pair of passwords.

One-way encryption: hash algorithm, the original text, the ciphertext will be different, the same as the legal long output, to obtain a ciphertext irreversible introduction of the original data; avalanche effect, small changes in initial conditions, resulting in huge changes in results, common cryptographic algorithms, MD5, SHA1, sha224, SHA256, sha384, sha512; Change the encryption algorithm, Authconfig--passalgo=sha256--update.

Password Security Policy:

1. Use at least three of the numbers, uppercase letters, lowercase and special characters

2, long enough, password length not less than 8 bit

3. Use random password

4, change the password regularly, do not use the most recently used password

Linux User management:

User Management commands: Useradd create users, usermod change user properties, Userdel delete users

Useradd-u: Specify user uid to create user

Useradd-o: With-u option, does not check UID uniqueness

Useradd-g: Indicates the primary group to which the user belongs, and can be the group name or GID

USERADD-G: To specify additional groups for the user, the group must exist beforehand

useradd-s: Indicates the user's default shell program   

Useradd-d: Home directory with the specified path

Useradd-n: Do not create private group master Group, use Suers Group

Useradd-r: Creating a System User

USERADD-D: Show default settings, default settings in/etc/default/useradd file

useradd-d-Options: Modify default Settings

Usermod-u: Modifying the UID of a user

Usermod-s: Modifying the user's shell

USERMOD-G: Modifying a user's primary group

Usermod-g: Modify the user's additional group, the original additional group will be overwritten, if the original, then use the-a option

Usermod-c: New annotation Information

Usermod-l: Modify User Name

Usermod-l: Lock User

Usermod-u: Unlocking Users

Usermod-f: Set inactivity Period

USERMOD-E yyyy-mm-dd: Specify user account expiration date

Usermod-d: Modify the user home directory, the new home directory will not be automatically created, the original home directory files will not be moved to the new home directory, to move the original home directory data, using the-M option

Userdel-r: Delete the user, delete the user's home directory, without the-r option, the home directory still exists

To view information about a user id:

Id-u: View User uid

ID-G: Production to see User gid

This article from the "11351016" blog, reproduced please contact the author!

Linux users, groups, rights management