Solaris User Management (1): user and group management

Solaris User Management (1): user and group management user management is the basis of system management. Solaris not only supports the concepts of users and groups supported by traditional UNIX, but also introduces role-based access control (RBAC) from Solaris 8 ), it provides a safer and more flexible way to allocate and manage permissions.
First look at the basic user management under Solaris. (For detailed information, see the man manual)
The basic user management system under Solaris includes three configuration files: passwd, group, and shadow under the/etc directory, and useradd, usermod, userdel, passwd, groupadd, groupmod, groupdel, and other auxiliary commands.
1 configuration file
1.1 passwd
The/etc/passwd file stores the most basic user information, including the user name, password, and user ID. The file consists of a series of records, each of which occupies one row. The format is:
User name: Password: User ID: User Group ID: Note: User main directory: shell used
The user name is the usual login name, and the so-called comment is also called the user's full name. Here we need to mention the password. For the sake of security, the password is no longer stored in the passwd file, but saved to the/etc/shadow file, which is represented by the letter "X.
1.2 shadow
The/etc/shadow file stores the encrypted user password, and (by default) only the root user is readable. This file is also composed of a series of records, each occupying a row, the format is as follows:
User name: Password: last password change time: minimum interval between two password changes days: Password valid days: days before the password expires warning: Maximum number of consecutive days without logon: absolute Password Expiration date: Number of Logon failures
The number of Logon failures is not used yet, and all the relative periods are counted from January 1, January 1, 1970.
1.3 Group
The/etc/group file stores user group information. The file consists of a series of records, each of which occupies one row. The format is as follows:
Group Name: Password: Group ID: User List
Here, each user in the user list is separated by a comma.
It should be noted that the user group identified in the passwd file is the primary group of the user, and each user can appear in multiple groups at the same time and needs to be stored through the group file.
2 Basic commands
2.1 user management commands
Basic user management Commands include useradd, usermod, userdel, and passwd.
The basic usage of the useradd command is as follows:
Useradd [-u uid |-g gid |-D dir |-s shell |-C comment |-M] usrname
UID is the user ID, GID is the owner group ID, DIR is the main directory of the user, comment is the comment (usually the full name of the user), and the-M option is added to create the main directory of the user, usrname indicates the user's login name.
After creating a user, you usually need to use the passwd command to set the initial password for the user:
Passwd usrname
Enter the password twice as prompted.
* Solution to forgetting the root password: restart the computer, select failsafe mode, and then, as prompted, mount the root directory to the/a directory and modify the/A/etc/passwd file, leave the password of the root item empty.
In addition, the passwd-l usrname command can be used to temporarily lock the account so that the administrator can reset the password for it. Generally, we recommend that you do not delete a user easily, but use this command to temporarily lock the user.
After creating a user, you can use the usermod command to modify its basic information. The parameters of this command are similar to those of the useradd command, so we will not repeat them here. The only note is that The usermod command can use the-l parameter to modify the user name.
To delete a user, run the userdel command:
Userdel [-R] usrname
If the-r option is added, the user's home directory will be deleted while deleting the user.
Group Management command 2.2
The basic group management Commands include groupadd, groupmod, and groupdel.
The groupadd format for creating a group is as follows:
Groupadd-g gid kgname
The GID here is the group ID. If the-O option is added, the Group ID can be repeated (it is not clear the purpose *_*).
The command format for modifying group attributes is as follows:
Groupmod [-g gid] [-N newkgname] maid
Finally, you can use the groupdel command to delete a group:
Groupdel kgname
2.3 auxiliary commands
In addition to the above basic commands, you can also use other commands to view user and group information, which commonly include the following.
View all groups to which a user belongs: groups usrname
View the group information: getent group attributes
View the current logon user information: ID
Switch to another group: newgrp kgname
View the most recently logged-on user: Last
Currently logged-on user: Who -----------------------------------/home is an auto mount directory. The Home Directory for user in Solaris shocould be created in/export/home

/Home has been used by automount, so you cannot create a directory here. If you have to use/home, comment out the/home auto_home line in the/etc/auto_master file.


2.4 delete a user # userdel Dave
Then delete Dave's home directory/home/Dave. You can also use the option "R" to complete this step. # Userdel-r Dave
Note: If the user is connected and cannot be deleted, kill the user first. Delete.
# Whoroot console March 18 (: 0) Dave pts/2 March 18 (10.85.10.80) Root pts/4 March 18 (: 0.0)
# Ps-T pts/2 PID tty time cmd 1118 pts/2 PS 1112 pts/2 bash
# Kill-9 1118 # Kill-9 1112
# Whoroot console March 18 (: 0) Root pts/4 March 18 (: 0.0)


From Weizhi note (wiz)