Summary of user and group-related configuration files

Objective:

In the user management, group management process, the most basic four files are/etc under the Passwd,shadow,group,gshadow. They record information related to users and groups. Is the basic of learning and in-depth understanding of users, groups.

In addition to these basic configuration files, there are configuration files related to initialization. A profile/etc/default/useradd that defines the initial state when a user adds it.

As well as the user home directory content file reference directory/etc/skel. And the configuration file/etc/login.defs with the user, group basic properties default settings. These configuration files are described in more detail next.

/ETC/PASSWD:

Example: Root:x:0:0:root:/root:/bin/bash

1. Account name : Used to log into the system for use by people who are less sensitive to numbers. Need to Yes UID. For example, root uid corresponds to 0 (third bit)

2. Password : Get up early the UNIX system's password is placed in this column. However, because passwd is the feature of all programs can be read, so it is easy to cause the password data stolen, so later on the field of the password to improve the data into/etc/shadow. So here you see an X.

3.UID: This is the identification code that identifies the user. In general, CENTOS6, ID 0 is the system administrator, that is, as long as the UID is 0 is the administrator, the hash user name is root, the corresponding UID is not 0, then it is not a system administrator. 1 to 499 is the system user, 500 to 60000 is a normal user, in CentOS 7, the SYSTEM account ID is 1 to 999, the ID of the ordinary user is 1000 to 60000.

4.GID: This is related to/etc/group. Used to identify a user group.

5. User Information Description column : Used to describe the meaning of the account, such as: Full name, office room number, office phone, home phone, etc.

6. Home directory: indicate the user's home directory, take the above example, Root's home directory is/root. So when the root login and immediately ran to the/roo directory, the default normal user's home directory in/home/yourname

7.shell: Specifies the shell type that we use after we log in to the user, especially/sbin/nologin this shell, which can make the user unable to log in.

/etc/shadow:

Example: Root:$6$wtbccce/pxmee5wm$ke2ifsjr.ylp7rcai6oa/t7kfho...:16559:0:99999:7:::

1. Account name : This name corresponds to the name of the account in/etc/passwd.

2. Password : This column is the user is the real password, and is encrypted password. And it's hard to break it down, although it's difficult but not equal to not, so the permissions of this file are only root can read and write.

3. Date of the most recent password change: This field records the date of the day the password was changed. 16559 indicates the number of days from January 1, 1970 to change the password,

4. The number of days the password cannot be changed (compared to the third column): The identification of the password is modified after a few days before it can be modified, if it is 0, the password can be modified at any time. If set to 10 days, you cannot change the password within 10 days after you set the password.

5. Number of days the password needs to be re-changed : (compared to the third column): This field is used to specify the number of years after which a password has been changed to be changed. You must reset your password within this number of days, or the password for this account will expire.

6. Password need to change the time before the warning days :(and the fifth column) when the password expiry date of the account, the system will be based on the setting of this field, issued a warning speech to the account, reminding him that the N-day password will expire, such as the above example, is 7 days before the password expires, the user will be warned.

7. The account Grace time after the password expires (Password expiration date): (compared to the fifth column) the password valid date is the third column update date plus the fifth column of the re-change date, after that period, the user still does not change the password, the password expires. Although the password expires, the account can be used for other tasks, including logging into the system to get bash. However, if the password expires, then when you log into the system, the system will force you to reset the password to log in and continue to use. This column indicates that after a few days after the password expires, if the user still does not log in the change password, then the password of the account will be invalid, that is, the account can no longer use the password to log in. To differentiate password expiration and password invalidation

8. Account Expiration Date : This date is the same as the third column, which is set to use the total number of days in 1970 years. This column identifies that this account will no longer be available after the date specified in this column. is the so-called invalid account, at this time regardless of whether your password is expired, this account can not be used, this field will be used usually should be in the system of charging services, you can specify a date so that the account can no longer be used.

9. Reservations : The last column is reserved, see if there are any new features to join.

/etc/default/useradd

group=100 <== Pre-set group
Home=/home <== the directory where the preset home directory
Inactive=-1 <== Password expiration date, 7th column within the shadow
expire= <== Account expiration date, 8th column within the shadow
Shell=/bin/bash <== Pre-set shell
Skel=/etc/skel <== User's home directory content reference directory
Create_mail_spool=yes <== whether to actively help users to set up mail box (mailbox)

group=100: The initial group for the new account is a group with GID 100, but not in CentOS. CentOS uses a private group mechanism, when the account is created, the system will create a group with the same account name as the initial rent. This mechanism of this group is relatively confidential, because each user has their own group, while the home directory permissions are set to only themselves and into their own home directory. Therefore, this mechanism does not refer to the GROUP=100 setting value.

home=/home: The base directory of the user's home directory, that is, the user's home directory is usually the same name as the account, this directory will be placed in the sub-set value of the directory.

inactive=-1: If the password expires after the setting value, we mentioned in the Shadwo configuration file, the seventh column setting will affect the password expires, in how long you can use the old password login. This project is to specify the number of days! If 0 means that the password expires immediately, if 1 then the password will never expire. If it is 30, the representative expires for 30 days before it becomes invalid.

expire=: The date of the account expiration, is the eighth column in the shadow, you can directly set the account on which date after the direct invalidation, and the problem is not related to the password.

seell=/bin/bash: The default shell name, the system default shell is written here, if your server does not require the user login system to get the shell, then you can set this to/sbin/nologin, so that New users will not be able to log in by default.

Skel=/etc/skel: User home Directory Reference directory, the user has just created the home directory has a variety of configuration files, are replicated in the past/etc/skel. If you want a directory to be created by the user, add the directory to the/etc/skel so that the directory will be copied to the home directory each time the user is made.

create_mail_spool=yes: Create a user's mailbox.

/etc/skel/

This is the content reference directory for the user home directory mentioned above, and has the following configuration files.

. Bash_logout: Execute this file every time you exit the system (Exit Bash shell)

. Bash_profile: Each user can use the file to enter specific shell information for themselves, when the user logs on, the file is only executed once, by default, he sets some environment variables to execute the user's. bashrc file

. BASHRC: This file contains information about the user's Bash shell, which is read when it is logged in and every time a new shell is opened.

/etc/login.defs

Mail_dir/var/spool/mail <== user presets mail Box placement Directory

Pass_max_days 99999 <==/etc/shadow in the 5th column, how long you need to change the number of password days
Pass_min_days 0 <==/etc/shadow within the 4th column, how long do not reset the number of password days
Pass_min_len 5 <== Password The shortest character length, has been replaced by the Pam module, loss of utility!
Pass_warn_age 7 <==/etc/shadow in the 6th column, the number of days to warn before expiration

Uid_min <== User's minimum uid, meaning that the UID less than 1000 is reserved for the system
Uid_max 60000 <== user can use the maximum UID
Sys_uid_min 201 <== reserved for user to set the system account minimum UID
Sys_uid_max 999 <== reserved for users to set their own system account maximum UID
Gid_min <== User Custom group minimum gid, less than 1000 for system retention
Gid_max 60000 <== The maximum GID for user-defined groups
Sys_gid_min 201 <== reserved for users to set their own system account minimum GID
Sys_gid_max 999 <== reserved for users to set their own system account Max GID

Create_home Yes <== do you want to create a user's home directory when you don't add-M and-M?
UMASK 077 <== User home directory established UMASK, so the permissions will be 700
Usergroups_enab Yes <== Delete initial group when using Userdel delete
Encrypt_method SHA512 <== password encryption mechanism using SHA512 this mechanism!

Summary of user and group-related configuration files