Managing user accounts and group accounts and their permission settings in Linux systems

User accounts are divided into: Super users, System users, ordinary users.

Super users:

User name: root; uid:0;

System users:

User name: Set by User, uid:1~499 (CENTOS6 and before), 1~999 (CENTOS7);

Normal User:

User name: Set by User, uid:500+ (CENTOS6 and before), 1000+ (CENTOS7);

User profile: User resolution Library, user authentication library.

User Resolution Library:/ETC/PASSWD

User Authentication Library:/etc/shadow

/etc/passwd field in detail: (Between fields using ":" delimited)

Root:x:0:0:root:/root:/bin/bash

First field: User name

Second field: Use X to make a password placeholder

Third field: User uid

Fourth field: GID for user primary Group

Fifth field: User Primary Group group name

Sixth field: User home directory

Seventh field: User Default bash

The/etc/shadow field is detailed:

Root:$6$6kkn6al6.uxxgiv9$z1rlh/flesiinb.v1tfcn9v/ahdlqmqiwokwpxdk4h101tb6sduv6useiccf2xncr.kpuuqe6x4hbsed24bnp .:: 0:99999:7:::

First field: User name

The second field: Encrypted user password, mainly by the encryption algorithm +salt (SALT) + encryption after the password composed of "$" separated;

Third field: The last time the password was modified, the representation is the number of days from January 1, 1970 to the current system time;

The fourth field: the minimum period of use of the password; 0 indicates that the password can be changed at any time;

Fifth field: The maximum age of the password;

The sixth field: the number of days before the password is used to reach the maximum age of the user; default is 7 days;

Seventh field: You can change the password grace period after the password expires;

Eighth field: The absolute expiration time of the user's password; the representation is the number of days from January 1, 1970 to the specified date and time; usermod-e can be modified;

Nineth field: reserved, not used;

User account Management Related commands:
Useradd--Create a new user or update the default new user information

Format: useradd [options] USERNAME

Common options:

-D,--home-dir Home_dir: Specifies the home directory of the new user;

-G,--gid Group: Specifies the primary group of the new user, group can use the name or GID, or, if this option is not used, the group with the same name is created as the primary group;

-G,--groups groups: Specifies the additional group of new users; Group may use groups or GID;

-R,--system: Create a system user;

Userdel--delete user accounts and related files

Format: Userdel [options] Uesrname

Common options:

-F,--force: Force the deletion of the user, even if the user is in a logged state, etc. (not recommended)

-r,--remove: Files in the home directory will be deleted along with the user's main directory and the user's mailbox.

Usermod--Modify a user account

Format: usermod [options] USERNAME

Common options:

-D,--homehome_dir: Change the user's home directory (if the modified directory exists beforehand)

-C,--commentcomment: Modify user annotation information;

-E expire-date: Modify the absolute date of user password expiration;

-L,--loginnew_login: Modify the user's login name;
-S,--shellshell: Modify the user's login shell;
-U,--uiduid: Modifies the UID of the user;

-G,--gidgroup: Modify the user main group;

-G,--groupsgroup1[,group2,... [, GROUPN]] : Modify the user attach group; use-ag to append additional groups to the user;

-L,--Lock: Lock the user;

-U,--Unlock: Unlocking the user;

passwd--Update the user's authentication token

Format: passwd [options] USERNAME

Common options:

-D,--delete: Delete the user's password; (root user only)

-L,--lock: Locks the password for the named account (root user only)
-U,--unlock unlock the password for the named account (root user only)

--stdin: Read token from standard input (root user only)

Group accounts are divided into: Super user group, System group, General user group.

Super Users group:

Group name: root;gid:0;

System User group:

Group name: set by User, gid:1~499 (CENTOS6 and before), 1~999 (CENTOS7);

Normal User group:

Group name: set by User, gid:500+ (CENTOS6 and before), 1000+ (CENTOS7);

Group account configuration file: Group account Authentication Library, group account Analysis Library.

Group Account Analysis Library:/etc/group

Group account Certification Library:/etc/gshadow

The/etc/group field is detailed:

root:x:0

First field: Group name

Second field: password placeholder;

Third field: GID

Fourth field: The user with this group as an additional group;

The/etc/gshadow field is detailed:

Root::

First field: Group name;

The second field: Group account encryption saved password;

Third field: Group account Administrator (deprecated)

Fourth field: A list of user accounts with this group as additional groups;

Groupadd--Create a new group

Format: groupadd [options] GROUPNAME

Common options:

-G,--gid GID: Specifies the GID of the group;

-R,--system: sets the newly created group as a system group;

Groupdel--Delete a group

Format: Groupdel [options] GROUPNAME

Groupmod--Modify group account information

Format: groupmod [options] GROUPNAME

Common options:
-G,--gid GID: Modify GID

-N,--new-name new_group: Modify group name;

Su--Switch user identity

Format: su [options] USERNAME

Common options:

-,-L,--login: Switch the login user and its shell, home directory, such as a series of options;

-C: Execute a command using a user identity: (#] su root-c "Usseradd God")

Note: The difference between Su USERNAME and Su-username is that the former only switches identities, but the shell environment is still the original user's shell, and the user and the shell environment are switched to the new user. The PATH environment variable error does not occur unless you switch the shell environment.

ID--Displays the actual and valid UID and GID

Format: ID [options] USERNAME

Common options:

-u: Show user valid UID
-G: Show user active GID
-N: Display name

Other Related configuration files:
/etc/default/useradd
Role: Defines the default value file for user properties when creating a user
GROUP=100//When creating a user without specifying a base group for the user, the system assigns the user a group with the same user name as its base group;
Home=/home//When creating a user, if no home directory is specified for the user, a directory with the same user name will be created in the/home directory as the family directory
Inactive=-1//When creating a user, set the grace period after the user password expires, default to-1, meaning to turn off the user password expiration grace function, that is, the grace period is forever;
expire=//When creating a user, set the absolute expiration date of the user password, which is not enabled by default;
Shell=/bin/bash//When creating a user, set the user's default login shell, the default value is/bin/bash
Skel=/etc/skel//templates for default files that are provided to the user's home directory when the user is created
Create_mail_spool=yes//When creating a user, whether to create a mailbox file directly for the user, created by default;


/etc/login.defs (definations)
Function: Define shadow_utils related properties, including user mailbox path, password time parameter, UID and GID range, delete user account command, set private group (contain only one user and act as the user Primary group), permission bitmask, home directory creation switch, encryption algorithm selection;
Matl_dir/var/spool/mail
Specify the path to specify a mailbox file for a user when creating a user
Pass_max_days 99999
Pass_min_days 0
Pass_min_len 5
Pass_warn_age 7
Settings related to the time parameter of the password
Uid_min 1000
Uid_max 60000
# System Accounts
Sys_uid_min 201
Sys_uid_max 999
Gid_min 1000
Gid_max 60000
# System Accounts
Sys_gid_min 201
Sys_gid_max 999
Specify the default ID selection range
Create_home Yes
Whether to create a home directory switch for users when creating a user
UMASK 077
Mask that specifies the default permissions for the user home directory
Usergroups_enab Yes
Whether to turn on the private group switch
Encrypt_method SHA512
Selection of cryptographic algorithms


/etc/skel (directory)
Role: Provides the default shell profile for the newly created user's home directory

Managing user accounts and group accounts and their permission settings in Linux systems