Management of Linux users and groups

Source: Internet
Author: User
Tags stdin

Linux Users: Username/uid

admin: Root, 0

Normal Users: 1-65535

System User: 1-499 (CentOS6), 1-999 (CentOS7); permission assignment for the daemon to get resources

Login User: CentOS6, 1000+ (CentOS7); interactive login


Linux Group: Groupname/gid

Administrators group: root, 0

Normal Group:

System Group: 1-499 (CentOS6), 1-999 (CentOS7)

General group: CentOS6, 1000+ (CentOS7)


Linux Security Context:

Running programs: Processes (process)

(1) Run as the initiator of the process

(2) The permissions of all resources that the process can access depend on the identity of the initiator of the process


Categories of Linux groups:

User's base group (primary group): Group name with user name and only one user: private group; When you create a file, the file belongs to the base group

Additional Groups for users (additional groups): This user can have additional groups within the attached group when the file is read


Linux User and group related configuration files:

/ETC/PASSWD: User and its attribute information (name, UID, base group ID, etc.)

/etc/group: Group and its attribute information

/etc/shadow: User passwords and their associated properties

/etc/gshadow: group password and its related properties


/ETC/PASSWD:

Name:password:UID:GID:GECOS:directory:shell

User name: Password: uid:gid: User description: Home directory: Default Shell


/etc/group:

Group_name:password:GID:user_list

Group name: Group Password: GID: List of users with the current group as additional groups (comma delimiter)


/etc/shadow

User_login_name:encrypted_password:last_password_change:days_until_change_allowed:days_before_change_required: Days_warning_for_expiration:days_before_account_inactive:date_when_account_expires:reserve

Username: encrypted Password: the date of the most recent password change: Minimum password Age: Maximum password Age: password warning Period: Password Disable period: Account expiration Date: Reserved field


Encryption with one-way encryption: extracting data fingerprints

Md5:message Digest, 128bits

Sha1:secure hash Algorithm, 160bits

Sha224:224bits

Sha256:256bits

Sha384:384bits

Sha512:512bits

Avalanche effect: A small change in initial conditions will cause a huge change in results

Complexity Policy for passwords:

1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters

2. Long enough

3. Use random password

4, regular replacement; Do not use passwords that have been used recently


User and group-related administrative commands:

User created: Useradd

useradd [Options] LOGIN

-U UID: [Uid_min, Uid_max], defined in/etc/login.defs

-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID

-C "COMMENT": User's comment information

-d/path/to/home_dir: Home directory with the specified path

-S Shell: Indicates the user's default shell program, the available list in the/etc/shells file

-G group1[,group2,... [, GROUPN]] : Specifies additional groups for the user, and the group must exist beforehand

-r: Create a System user

CentOS 6:id<500

CentOS 7:id<1000

Default setting: In the/etc/default/useradd file

Useradd-d: Display or modify default values


Group creation: Groupadd

Groupadd [OPTION] ... group_name

-G GID: Specify GID number

-R: Creating a System Group

CentOS 6:id<500

CentOS 7:id<1000


View user-related ID information: ID

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name


To switch users or execute commands as other users: Su

Su [Options ...] [-] [user [args ...]]

How to switch users:

Su UserName: Non-logon switch, that is, the target user's profile will not be read

Su-username: Login switch, will read the target user's configuration file; switch completely

Note:root Su to other users without a password, password is required for non-root user Switching

Take a different identity, execute the command.

Su [-] username-c ' COMMAND '

Options:

-L: "Su-l UserName" equals "Su-username"


User Property Modification: Usermod

usermod [OPTION] Login

-U uid: New UID

-G GID: New Basic Group

-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten, if original, then use the-a option to indicate append

-S shell: new default shell

-C ' COMMENT ': New annotation information

-D Home: New home directory, files in the original home directory are not moved to the new home directory at the same time, to move, use the-M option

-L login_name: new name

-l:lock the specified user

-u:unlock the specified user

-E YYYY-MM-DD: Indicates user account expiration date

-F INACTIVE: Set inactivity Period


Add password to User: passwd

passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights

passwd: Change your password

Common options:

-L: Lock the specified user

-U: Unlock the specified user

-N mindays: Specifying the shortest period of use

-X maxdays: Maximum lifespan

-W Warndays: How many days in advance to start warning

-I inactivedays: Inactivity period

--stdin: Receive user password from standard input

echo "PASSWORD" | passwd--stdin USERNAME


Delete User: Userdel

Userdel [OPTION] ... login

-r: Delete User home directory


Group Property Modification: Groupmod

Groupmod [OPTION] ... group

-N group_name: New name

-G GID: New GID


Group deletion: Groupdel

Groupdel GROUP


Group Password: gpasswd

GPASSWD [OPTION] GROUP

-A User: Add user to the specified group

-D User: Removes additional groups of users with the current group as the group name

-A user1,user2,...: Set up a list of users with administrative rights

NEWGRP command: Temporarily switch base Group

If the user does not belong to this group, the group password is required


Modify User properties: Chage

chage [OPTION] ... LOGIN

-D Last_day

-E,--expiredate expire_date

-I.,--inactive inactive

-M,--mindays min_days

-M,--maxdays max_days

-W,--warndays Warn_days


Other commands: CHFN, CHSH, finger

Command summary: Useradd, Groupadd, Su, ID, usermod, Userdel, Groupmod, Groupdel, passwd, Newgrp, Pwck, gpasswd, Chage, Chsh, Chfn, fi Nger








This article is from the "Ricky Technology Blog" blog, make sure to keep this source http://r1cky.blog.51cto.com/10646564/1773845

Management of Linux users and groups

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.