Linux Users: Username/uid
admin: Root, 0
Normal Users: 1-65535
System User: 1-499 (CentOS6), 1-999 (CentOS7); permission assignment for the daemon to get resources
Login User: CentOS6, 1000+ (CentOS7); interactive login
Linux Group: Groupname/gid
Administrators group: root, 0
Normal Group:
System Group: 1-499 (CentOS6), 1-999 (CentOS7)
General group: CentOS6, 1000+ (CentOS7)
Linux Security Context:
Running programs: Processes (process)
(1) Run as the initiator of the process
(2) The permissions of all resources that the process can access depend on the identity of the initiator of the process
Categories of Linux groups:
User's base group (primary group): Group name with user name and only one user: private group; When you create a file, the file belongs to the base group
Additional Groups for users (additional groups): This user can have additional groups within the attached group when the file is read
Linux User and group related configuration files:
/ETC/PASSWD: User and its attribute information (name, UID, base group ID, etc.)
/etc/group: Group and its attribute information
/etc/shadow: User passwords and their associated properties
/etc/gshadow: group password and its related properties
/ETC/PASSWD:
Name:password:UID:GID:GECOS:directory:shell
User name: Password: uid:gid: User description: Home directory: Default Shell
/etc/group:
Group_name:password:GID:user_list
Group name: Group Password: GID: List of users with the current group as additional groups (comma delimiter)
/etc/shadow
User_login_name:encrypted_password:last_password_change:days_until_change_allowed:days_before_change_required: Days_warning_for_expiration:days_before_account_inactive:date_when_account_expires:reserve
Username: encrypted Password: the date of the most recent password change: Minimum password Age: Maximum password Age: password warning Period: Password Disable period: Account expiration Date: Reserved field
Encryption with one-way encryption: extracting data fingerprints
Md5:message Digest, 128bits
Sha1:secure hash Algorithm, 160bits
Sha224:224bits
Sha256:256bits
Sha384:384bits
Sha512:512bits
Avalanche effect: A small change in initial conditions will cause a huge change in results
Complexity Policy for passwords:
1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters
2. Long enough
3. Use random password
4, regular replacement; Do not use passwords that have been used recently
User and group-related administrative commands:
User created: Useradd
useradd [Options] LOGIN
-U UID: [Uid_min, Uid_max], defined in/etc/login.defs
-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID
-C "COMMENT": User's comment information
-d/path/to/home_dir: Home directory with the specified path
-S Shell: Indicates the user's default shell program, the available list in the/etc/shells file
-G group1[,group2,... [, GROUPN]] : Specifies additional groups for the user, and the group must exist beforehand
-r: Create a System user
CentOS 6:id<500
CentOS 7:id<1000
Default setting: In the/etc/default/useradd file
Useradd-d: Display or modify default values
Group creation: Groupadd
Groupadd [OPTION] ... group_name
-G GID: Specify GID number
-R: Creating a System Group
CentOS 6:id<500
CentOS 7:id<1000
View user-related ID information: ID
ID [OPTION] ... [USER]
-u:uid
-g:gid
-g:groups
-n:name
To switch users or execute commands as other users: Su
Su [Options ...] [-] [user [args ...]]
How to switch users:
Su UserName: Non-logon switch, that is, the target user's profile will not be read
Su-username: Login switch, will read the target user's configuration file; switch completely
Note:root Su to other users without a password, password is required for non-root user Switching
Take a different identity, execute the command.
Su [-] username-c ' COMMAND '
Options:
-L: "Su-l UserName" equals "Su-username"
User Property Modification: Usermod
usermod [OPTION] Login
-U uid: New UID
-G GID: New Basic Group
-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten, if original, then use the-a option to indicate append
-S shell: new default shell
-C ' COMMENT ': New annotation information
-D Home: New home directory, files in the original home directory are not moved to the new home directory at the same time, to move, use the-M option
-L login_name: new name
-l:lock the specified user
-u:unlock the specified user
-E YYYY-MM-DD: Indicates user account expiration date
-F INACTIVE: Set inactivity Period
Add password to User: passwd
passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights
passwd: Change your password
Common options:
-L: Lock the specified user
-U: Unlock the specified user
-N mindays: Specifying the shortest period of use
-X maxdays: Maximum lifespan
-W Warndays: How many days in advance to start warning
-I inactivedays: Inactivity period
--stdin: Receive user password from standard input
echo "PASSWORD" | passwd--stdin USERNAME
Delete User: Userdel
Userdel [OPTION] ... login
-r: Delete User home directory
Group Property Modification: Groupmod
Groupmod [OPTION] ... group
-N group_name: New name
-G GID: New GID
Group deletion: Groupdel
Groupdel GROUP
Group Password: gpasswd
GPASSWD [OPTION] GROUP
-A User: Add user to the specified group
-D User: Removes additional groups of users with the current group as the group name
-A user1,user2,...: Set up a list of users with administrative rights
NEWGRP command: Temporarily switch base Group
If the user does not belong to this group, the group password is required
Modify User properties: Chage
chage [OPTION] ... LOGIN
-D Last_day
-E,--expiredate expire_date
-I.,--inactive inactive
-M,--mindays min_days
-M,--maxdays max_days
-W,--warndays Warn_days
Other commands: CHFN, CHSH, finger
Command summary: Useradd, Groupadd, Su, ID, usermod, Userdel, Groupmod, Groupdel, passwd, Newgrp, Pwck, gpasswd, Chage, Chsh, Chfn, fi Nger
This article is from the "Ricky Technology Blog" blog, make sure to keep this source http://r1cky.blog.51cto.com/10646564/1773845
Management of Linux users and groups