Linux users and their management
First, the concept
Linux users are carriers that can access limited Linux system resources by creating and authenticating with system permissions.
Second, classification
1, the administrator (Superuser-root): This user has access to all the resources of the Linux system, is the super existence of the whole Linux system, its UID is 0;
2, the system User: Generally will not login, its uid is: CentOS 6:1-499; centos7:1-999
3, ordinary users: that is the general user, whose rights are controlled. Its UID is: centos6:500+;centos7:1000+
Third, the Linux group
Linux Group is a collection of different types of Linux users, can be divided into two categories: A, the Administrator group, its GID is 0, B, the General group, its GID is 1-499|1-999;500+|1000+, can also be at the user's point of view: A, the user's basic group, B, the user's additional groups.
Iv. related profiles for Linux users and groups
/ETC/PASSWD: For information such as user name, password, home directory, and group ID
/etc/shadow: For information such as user name and encryption password
/etc/group: Used to store group name, group ID and other information
/etc/gshadow: For information such as group name and encryption password
/ETC/PASSWD:
Name:password:UID:GID:GECOS:directory:shell
User name: X: User id: Group ID: User's basic information: Home directory: Default Shell
[Email protected]/]# CAT/ETC/PASSWD | grep ' ^usera ' Usera:x:500:500::/home/usera:/bin/bash
/etc/shadow:
Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account Expiration date:reserved field
Account:password: The date of the most recent password change: The shortest number of days: The maximum number of days for this password: the warning period before password change: Password expiration Grace time: Account expiration Date: Reserved
[Email protected]/]# Cat/etc/shadow | grep ' ^usera ' usera:$6$k1xhdknf$ U1bqqqdlpmuxw07ewhwv7lgc2meyknktifjttpqij4e6pzrphuigkmciboumahwwokyrhslinko1tuylbmuze0:16674:0:99999:7:::
/etc/group
Group_name:passwd:GID:user_list
Group Name: password: Group ID: User Class table
[Email protected]/]# Cat/etc/group | grep ' ^usera ' usera:x:500:
/etc/gshadow
Group Name:encrypted Password:administrator:members
Group name: encrypted password: Administrator: Group member
[Email protected]/]# Cat/etc/gshadow | grep ' ^usera ' usera:!::
Iv. Complexity Strategies for passwords
1. Use at least three classes in numbers, lowercase letters, capitals, and special characters
2. Long enough
3. Use random password
4. Regular replacement
V. User Management commands
Useradd, Usermod, Userdel, passwd, Chage, Chsh, CHFN
1. Useradd User Add command
useradd [Options] USERNAME
useradd-d [Options]
-r: Create a System user
-U: Create uid for user
-G: Specifies the base group to which the user belongs, which must exist beforehand
-C: User review information
-D: Specifies the user's home directory, this location cannot exist beforehand, otherwise, its user-related profile will be copied;
-S: Specify the user's default shell
-G: Specify additional groups for users
-M: Forcing the user's home directory to be created
-M: Do not create home directory for users;
Exercise: Create user Oracle, belong to additional group database and Sql,id number 3000, home directory is/home/database;
[[email protected] ~]# groupadd database[[email protected] ~]# groupadd sql[[email protected] ~]# useradd-u 3000-g datab ase,sql-d/home/database Oracle
650) this.width=650; "title=" Qq20150829233348.png "src=" http://s3.51cto.com/wyfs02/M02/72/5F/ Wkiom1xh0jzjnjfgaae5lakpxye454.jpg "alt=" Wkiom1xh0jzjnjfgaae5lakpxye454.jpg "/>
2, Usermod: Modify user Information
usermod [Options] USERNAME
-U: Uid of user
-G: GID of the basic group to which it belongs
-G: GID that belongs to the additional group, using the-a option
-S: Modify the user's shell
-D: Modify the user's home directory, modified by default will not move the original file to the new home,-M can make the original file moved to a new home;
-L: Modify user's user name
-l:lock User Lock users
-u:unlocke User Unlock Users
[Email protected] ~]# cat/etc/passwd |grep ' UserB ' userb:x:501:501::/home/user/userb:/bin/bash[[email protected] ~]# Usermod-u 555-g database-g sql-d/home/userb-l user2 userb[[email protected] ~]# cat/etc/passwd |grep ' user2 ' user2:x : 555:502::/home/userb:/bin/bash[[email protected] ~]# Cat/etc/group | grep ' database ' database:x:502:oracle[[email protected] ~]#
3. Userdel Delete User
Userdel [-R] USERNAME
-r: Delete the file
4, passwd: To add a change password to the user
passwd [Options] [USERNAME]
-l:lock User
-u:unlocke User
-n:mindays, Minimum password usage period
-x:maxdays, password maximum age, default is 99,999 days
-w:warndays
-i:inactivedays
--stdin: Receive user password from standard output
echo ' CentOS ' | passwd--StdIn CentOS
[Email protected] ~]# echo ' testpasswd ' | passwd--stdin userd Change the password for the user userd. PASSWD: All the authentication tokens have been successfully updated.
5, Chage: Change the password expiration information
chage [option] USERNAME
-M: Minimum number of days to change password
-M: Maximum number of days to change passwords
-I: Number of days to lock account after password expires
-D: Specify the date the password was last modified
-e: Valid, 0 means immediate expiration, 1 means never expires
-W: Start warning days before password expires
6. Chsh: Modify the default shell
CHSH [option] USERNAME
-S: Specifies the default shell
-L: Displays the shell information inside the print/etc/shells
7, CHFN: Modify user Information
CHFN [-F full-name] [-O Office], RB [-P office-phone] [-H home-phone]-u] [-v] [username]
-F: Full name
-O: Office room number
-P: Work phone
-H: Home phone
-U: Print usage information
-V: Version information
VI. User Group Management
Groupadd, Groupdel, Groupmod, gpasswd
1. Groupadd: Add Group
Groupadd [-G gid [-o]] [-R] [-F] Group
-G: Group ID
-R: System Group
[[email protected] ~]# groupadd-g 488-r testgroup[[email protected] ~]# Cat/etc/group | grep ' Testgroup ' testgroup:x:488:
2. Groupdel: Delete Group
[Email protected] ~]# Groupdel Testgroup
3, Groupmod: Modify the Group
Groupmod [-G gid [-o]] [-N group_name] Group
-G: Group ID
-N: Group name
[[email protected] ~]# groupadd-g 488-r testgroup[[email protected] ~]# Cat/etc/group | grep ' group> ^c[[email protected] ~]# Cat/etc/group | grep ' group ' testgroup:x:488:[[email protected] ~]# groupmod-g 489-n tgroup testgroup[[email protected] ~]# Cat/etc/grou P | grep ' Tgroup ' tgroup:x:489:[[email protected] ~]#
4, GPASSWD: Set the group password
GPASSWD [option] Group
-A: Add users to this group
-D: Remove users from this group
Vii. Other
WhoAmI, who, W, id
1. WhoAmI: Print User
[Email protected] ~]# Whoamiroot
2. Who: Show who is logged in
[[email protected] ~]# whoroot pts/0 2015-08-29 23:26 (192.168.3.9)
3, W: Shows who is logged in and what is being done
[Email protected] ~]# W 00:16:20 up 1:03, 1 user, load average:0.01, 0.02, 0.00USER TTY from [E Mail protected] IDLE jcpu PCPU whatroot pts/0 192.168.3.9 23:26 0.00s 1.28s 0.31s W
4. ID: Displays user and group ID and environment information
[[email protected] ~]# ID userauid=500 (UserA) gid=500 (UserA) group =500 (UserA) [[email protected] ~]# iduid=0 (root) gid=0 (root ) group =0 (root) environment =unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
This article is from the "money to buy sugar eat" blog, please be sure to keep this source http://pizimsn.blog.51cto.com/7002551/1689659
Simple understanding of Linux user and user management