Simple understanding of Linux user and user management

Source: Internet
Author: User
Tags stdin

Linux users and their management

First, the concept

Linux users are carriers that can access limited Linux system resources by creating and authenticating with system permissions.

Second, classification

1, the administrator (Superuser-root): This user has access to all the resources of the Linux system, is the super existence of the whole Linux system, its UID is 0;

2, the system User: Generally will not login, its uid is: CentOS 6:1-499; centos7:1-999

3, ordinary users: that is the general user, whose rights are controlled. Its UID is: centos6:500+;centos7:1000+

Third, the Linux group

Linux Group is a collection of different types of Linux users, can be divided into two categories: A, the Administrator group, its GID is 0, B, the General group, its GID is 1-499|1-999;500+|1000+, can also be at the user's point of view: A, the user's basic group, B, the user's additional groups.

Iv. related profiles for Linux users and groups

/ETC/PASSWD: For information such as user name, password, home directory, and group ID

/etc/shadow: For information such as user name and encryption password

/etc/group: Used to store group name, group ID and other information

/etc/gshadow: For information such as group name and encryption password


/ETC/PASSWD:
Name:password:UID:GID:GECOS:directory:shell

User name: X: User id: Group ID: User's basic information: Home directory: Default Shell

[Email protected]/]# CAT/ETC/PASSWD | grep ' ^usera ' Usera:x:500:500::/home/usera:/bin/bash


/etc/shadow:
Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account Expiration date:reserved field

Account:password: The date of the most recent password change: The shortest number of days: The maximum number of days for this password: the warning period before password change: Password expiration Grace time: Account expiration Date: Reserved

[Email protected]/]# Cat/etc/shadow | grep ' ^usera ' usera:$6$k1xhdknf$ U1bqqqdlpmuxw07ewhwv7lgc2meyknktifjttpqij4e6pzrphuigkmciboumahwwokyrhslinko1tuylbmuze0:16674:0:99999:7:::


/etc/group
Group_name:passwd:GID:user_list

Group Name: password: Group ID: User Class table

[Email protected]/]# Cat/etc/group | grep ' ^usera ' usera:x:500:


/etc/gshadow

Group Name:encrypted Password:administrator:members

Group name: encrypted password: Administrator: Group member

[Email protected]/]# Cat/etc/gshadow | grep ' ^usera ' usera:!::

Iv. Complexity Strategies for passwords

1. Use at least three classes in numbers, lowercase letters, capitals, and special characters

2. Long enough

3. Use random password

4. Regular replacement


V. User Management commands

Useradd, Usermod, Userdel, passwd, Chage, Chsh, CHFN

1. Useradd User Add command

useradd [Options] USERNAME

useradd-d [Options]

-r: Create a System user

-U: Create uid for user

-G: Specifies the base group to which the user belongs, which must exist beforehand

-C: User review information

-D: Specifies the user's home directory, this location cannot exist beforehand, otherwise, its user-related profile will be copied;

-S: Specify the user's default shell

-G: Specify additional groups for users

-M: Forcing the user's home directory to be created

-M: Do not create home directory for users;

Exercise: Create user Oracle, belong to additional group database and Sql,id number 3000, home directory is/home/database;

[[email protected] ~]# groupadd database[[email protected] ~]# groupadd sql[[email protected] ~]# useradd-u 3000-g datab ase,sql-d/home/database Oracle

650) this.width=650; "title=" Qq20150829233348.png "src=" http://s3.51cto.com/wyfs02/M02/72/5F/ Wkiom1xh0jzjnjfgaae5lakpxye454.jpg "alt=" Wkiom1xh0jzjnjfgaae5lakpxye454.jpg "/>


2, Usermod: Modify user Information

usermod [Options] USERNAME

-U: Uid of user

-G: GID of the basic group to which it belongs

-G: GID that belongs to the additional group, using the-a option

-S: Modify the user's shell

-D: Modify the user's home directory, modified by default will not move the original file to the new home,-M can make the original file moved to a new home;

-L: Modify user's user name

-l:lock User Lock users

-u:unlocke User Unlock Users

[Email protected] ~]# cat/etc/passwd |grep ' UserB ' userb:x:501:501::/home/user/userb:/bin/bash[[email protected] ~]# Usermod-u 555-g database-g sql-d/home/userb-l user2 userb[[email protected] ~]# cat/etc/passwd |grep ' user2 ' user2:x : 555:502::/home/userb:/bin/bash[[email protected] ~]# Cat/etc/group | grep ' database ' database:x:502:oracle[[email protected] ~]#

3. Userdel Delete User

Userdel [-R] USERNAME

-r: Delete the file


4, passwd: To add a change password to the user

passwd [Options] [USERNAME]

-l:lock User

-u:unlocke User


-n:mindays, Minimum password usage period

-x:maxdays, password maximum age, default is 99,999 days

-w:warndays

-i:inactivedays


--stdin: Receive user password from standard output

echo ' CentOS ' | passwd--StdIn CentOS

[Email protected] ~]# echo ' testpasswd ' | passwd--stdin userd Change the password for the user userd. PASSWD: All the authentication tokens have been successfully updated.


5, Chage: Change the password expiration information

chage [option] USERNAME

-M: Minimum number of days to change password
-M: Maximum number of days to change passwords
-I: Number of days to lock account after password expires
-D: Specify the date the password was last modified
-e: Valid, 0 means immediate expiration, 1 means never expires
-W: Start warning days before password expires


6. Chsh: Modify the default shell

CHSH [option] USERNAME

-S: Specifies the default shell

-L: Displays the shell information inside the print/etc/shells


7, CHFN: Modify user Information

CHFN [-F full-name] [-O Office], RB [-P office-phone] [-H home-phone]-u] [-v] [username]
-F: Full name

-O: Office room number

-P: Work phone

-H: Home phone

-U: Print usage information

-V: Version information


VI. User Group Management

Groupadd, Groupdel, Groupmod, gpasswd


1. Groupadd: Add Group

Groupadd [-G gid [-o]] [-R] [-F] Group
-G: Group ID

-R: System Group

[[email protected] ~]# groupadd-g 488-r testgroup[[email protected] ~]# Cat/etc/group | grep ' Testgroup ' testgroup:x:488:


2. Groupdel: Delete Group

[Email protected] ~]# Groupdel Testgroup


3, Groupmod: Modify the Group

Groupmod [-G gid [-o]] [-N group_name] Group

-G: Group ID

-N: Group name

[[email protected] ~]# groupadd-g 488-r testgroup[[email protected] ~]# Cat/etc/group | grep ' group> ^c[[email protected] ~]# Cat/etc/group | grep ' group ' testgroup:x:488:[[email protected] ~]# groupmod-g 489-n tgroup testgroup[[email protected] ~]# Cat/etc/grou P | grep ' Tgroup ' tgroup:x:489:[[email protected] ~]#


4, GPASSWD: Set the group password

GPASSWD [option] Group

-A: Add users to this group

-D: Remove users from this group


Vii. Other

WhoAmI, who, W, id

1. WhoAmI: Print User

[Email protected] ~]# Whoamiroot

2. Who: Show who is logged in

[[email protected] ~]# whoroot pts/0 2015-08-29 23:26 (192.168.3.9)

3, W: Shows who is logged in and what is being done

[Email protected] ~]# W 00:16:20 up 1:03, 1 user, load average:0.01, 0.02, 0.00USER TTY from [E Mail protected] IDLE jcpu PCPU whatroot pts/0 192.168.3.9 23:26 0.00s 1.28s 0.31s W

4. ID: Displays user and group ID and environment information

[[email protected] ~]# ID userauid=500 (UserA) gid=500 (UserA) group =500 (UserA) [[email protected] ~]# iduid=0 (root) gid=0 (root ) group =0 (root) environment =unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023


This article is from the "money to buy sugar eat" blog, please be sure to keep this source http://pizimsn.blog.51cto.com/7002551/1689659

Simple understanding of Linux user and user management

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.