Management of Linux users and groups

Linux Users: Username/uid

admin: Root, 0

Normal Users: 1-65535

System User: 1-499 (CentOS6), 1-999 (CentOS7); permission assignment for the daemon to get resources

Login User: CentOS6, 1000+ (CentOS7); interactive login

Linux Group: Groupname/gid

Administrators group: root, 0

Normal Group:

System Group: 1-499 (CentOS6), 1-999 (CentOS7)

General group: CentOS6, 1000+ (CentOS7)

Linux Security Context:

Running programs: Processes (process)

(1) Run as the initiator of the process

(2) The permissions of all resources that the process can access depend on the identity of the initiator of the process

Categories of Linux groups:

User's base group (primary group): Group name with user name and only one user: private group; When you create a file, the file belongs to the base group

Additional Groups for users (additional groups): This user can have additional groups within the attached group when the file is read

Linux User and group related configuration files:

/ETC/PASSWD: User and its attribute information (name, UID, base group ID, etc.)

/etc/group: Group and its attribute information

/etc/shadow: User passwords and their associated properties

/etc/gshadow: group password and its related properties

/ETC/PASSWD:

Name:password:UID:GID:GECOS:directory:shell

User name: Password: uid:gid: User description: Home directory: Default Shell

/etc/group:

Group_name:password:GID:user_list

Group name: Group Password: GID: List of users with the current group as additional groups (comma delimiter)

/etc/shadow

User_login_name:encrypted_password:last_password_change:days_until_change_allowed:days_before_change_required: Days_warning_for_expiration:days_before_account_inactive:date_when_account_expires:reserve

Username: encrypted Password: the date of the most recent password change: Minimum password Age: Maximum password Age: password warning Period: Password Disable period: Account expiration Date: Reserved field

Encryption with one-way encryption: extracting data fingerprints

Md5:message Digest, 128bits

Sha1:secure hash Algorithm, 160bits

Sha224:224bits

Sha256:256bits

Sha384:384bits

Sha512:512bits

Avalanche effect: A small change in initial conditions will cause a huge change in results

Complexity Policy for passwords:

1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters

2. Long enough

3. Use random password

4, regular replacement; Do not use passwords that have been used recently

User and group-related administrative commands:

User created: Useradd

useradd [Options] LOGIN

-U UID: [Uid_min, Uid_max], defined in/etc/login.defs

-G GID: Indicates that the user belongs to the basic group, can be a group name, or GID

-C "COMMENT": User's comment information

-d/path/to/home_dir: Home directory with the specified path

-S Shell: Indicates the user's default shell program, the available list in the/etc/shells file

-G group1[,group2,... [, GROUPN]] : Specifies additional groups for the user, and the group must exist beforehand

-r: Create a System user

CentOS 6:id<500

CentOS 7:id<1000

Default setting: In the/etc/default/useradd file

Useradd-d: Display or modify default values

Group creation: Groupadd

Groupadd [OPTION] ... group_name

-G GID: Specify GID number

-R: Creating a System Group

CentOS 6:id<500

CentOS 7:id<1000

View user-related ID information: ID

ID [OPTION] ... [USER]

-u:uid

-g:gid

-g:groups

-n:name

To switch users or execute commands as other users: Su

Su [Options ...] [-] [user [args ...]]

How to switch users:

Su UserName: Non-logon switch, that is, the target user's profile will not be read

Su-username: Login switch, will read the target user's configuration file; switch completely

Note:root Su to other users without a password, password is required for non-root user Switching

Take a different identity, execute the command.

Su [-] username-c ' COMMAND '

Options:

-L: "Su-l UserName" equals "Su-username"

User Property Modification: Usermod

usermod [OPTION] Login

-U uid: New UID

-G GID: New Basic Group

-G group1[,group2,... [, GROUPN]] : New add-on group, the original additional group will be overwritten, if original, then use the-a option to indicate append

-S shell: new default shell

-C ' COMMENT ': New annotation information

-D Home: New home directory, files in the original home directory are not moved to the new home directory at the same time, to move, use the-M option

-L login_name: new name

-l:lock the specified user

-u:unlock the specified user

-E YYYY-MM-DD: Indicates user account expiration date

-F INACTIVE: Set inactivity Period

Add password to User: passwd

passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights

passwd: Change your password

Common options:

-L: Lock the specified user

-U: Unlock the specified user

-N mindays: Specifying the shortest period of use

-X maxdays: Maximum lifespan

-W Warndays: How many days in advance to start warning

-I inactivedays: Inactivity period

--stdin: Receive user password from standard input

echo "PASSWORD" | passwd--stdin USERNAME

Delete User: Userdel

Userdel [OPTION] ... login

-r: Delete User home directory

Group Property Modification: Groupmod

Groupmod [OPTION] ... group

-N group_name: New name

-G GID: New GID

Group deletion: Groupdel

Groupdel GROUP

Group Password: gpasswd

GPASSWD [OPTION] GROUP

-A User: Add user to the specified group

-D User: Removes additional groups of users with the current group as the group name

-A user1,user2,...: Set up a list of users with administrative rights

NEWGRP command: Temporarily switch base Group

If the user does not belong to this group, the group password is required

Modify User properties: Chage

chage [OPTION] ... LOGIN

-D Last_day

-E,--expiredate expire_date

-I.,--inactive inactive

-M,--mindays min_days

-M,--maxdays max_days

-W,--warndays Warn_days

Other commands: CHFN, CHSH, finger

Command summary: Useradd, Groupadd, Su, ID, usermod, Userdel, Groupmod, Groupdel, passwd, Newgrp, Pwck, gpasswd, Chage, Chsh, Chfn, fi Nger

This article is from the "Ricky Technology Blog" blog, make sure to keep this source http://r1cky.blog.51cto.com/10646564/1773845

Management of Linux users and groups