RHEL7 User Management (i)

RHEL7 User Management

Objective:

Linux is a multi-user multitasking operating system, any user who wants to use system resources must first request an account from the system administrator and then enter the system as the account. On the one hand, the user's account can help the system administrator to track the users who use the system and control their access to system resources, and on the other hand can help users to manage files and provide security protection for users.

This paper mainly introduces the configuration files and user management of users and groups under Linux system.

I. Users and groups and their configuration files

1. Classification of users and user groups

1.1: User classification

Based on account location: local User (uid:1000+), remote (domain) user

According to the account function is divided into: system user "Superuser root (uid:0), management user (also known as pseudo-user, uid:1~499,)", Ordinary User (uid:500~60000)

1.2: User Group classification

Each user belongs to at least one user group, each user group can include multiple users, and users of the same user group have permissions that are common to the group.

The account location is divided into: Local Group (uid:1000+), remote (domain) group .

According to the account function is divided into: system user Group "Super user group Root (uid:0), Management User Group (uid:1~499)", Normal user group

1. Related profiles for users and groups

2.1: User Information Profile:/etc/passwd, file format and fields are briefly described below:

Username:password:uid:gid:comment:home_dir:login_shell

Field	Simple description
Username	User name used by user login system
Password	Password placeholder
Uid	User identification number
Gid	Default group identification number
Comment	Contains user information such as the user's full name, phone number, and e-mail address
Home_dir	Start directory (full path name) after user login
Login_shell	The shell used by the user. Default to Bash

2.2: Password profile:/etc/shadow, file format and fields are briefly described as follows:

Username:password:lastchanged:mindays:maxdays:warn:inactive:expire:reserver

Field	Simple description
Username	User name
Password	Encrypted password
LastChanged	Date the password was last changed (starting 1970-1-1)
Mindays	Two times the minimum number of days between password changes, only after this limit to change the password (by day, 0 means that can be modified at any time)
Maxdays	The maximum number of days the password remains valid. Exceeding this limit will force alert users to update passwords (per day)
Warn	Send a warning message days in advance (0 = no warning specified) before expiration of the password expiration date
Inactive	Password to the validity period has not access to the system, to ensure that account information valid maximum days, more than this limit will be blocked account, the user last login information saved in the/var/log/lastlog file
Expire	Account expiration time, expiration payback number will automatically expire, users can no longer login system (starting from 1970-1-1)
Reserver	Reserved fields

2.3: User group file /erc/group, file format and fields are briefly described as follows:

Group_name:password:gid:user_list

Field	Simple description
Group_name	The group where the user logged in
Password	Usually "X", no practical meaning
Gid	User Group ID
User_list	List of all users that belong to this group

2.4: User group password file /etc/gshadow, file format and fields are briefly described as follows:

Group_name:password:user_list:user_list

Field	Simple description
Group_name	Group name of the user group
Password	User group password, this segment can be empty or!, if it is empty or there is!, means no password
User_list	Group Manager. This field can also be empty if there are multiple user group managers, with the number split
User_list	List of users in the group. If there are more than one member, use, number division;

2.5: User-configured files:/etc/login.defs,/etc/default/useradd

/etc/login.defs the configuration in this file is not valid for the root user. If the/etc/shadow file has the same option, the settings in the/etc/shadow will prevail;

/etc/default/useradd This file mainly defines the default user home directory, the Environment profile directory, login to execute the first program, and so on.

[Email protected] ~]# Vim/etc/default/useradd

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7E/57/wKioL1b89g-wVYEnAADqwwyqykA001.png "/>

2.6: New User initialization template file:/etc/skel

When you create a user, all files under/etc/skel/(. Bash_logout,. Bash_profile,. BASHRC, and so on) are copied to the user's root directory by default. When the bash_* file under the user root is deleted by mistake, the file can be copied from/etc/skel.

RHEL7 User Management (i)