The 14th Chapter Linux account management and ACL permission setting

Linux accounts and user groupsuser identifiers: Uid and GID

Each file has an owner ID and user group ID, and when we need to view the file attributes, the system will find the corresponding UID and GID corresponding account name and group name according to the contents of/etc/passwd and/etc/group.

User Account

The user's login process is as follows:

1. Search/etc/passwd If there is an account you entered, if there is a username corresponding to the UID and GID (gid within/etc/group) read out

2. Enter/etc/shadow to find the corresponding account and UID, check the password is correct

/ETC/PASSWD file Structure

Each line of the file represents an account. There are seven fields in each row, respectively:

1. Account Name

2. Password password data is placed in/etc/shadow, so this field displays X

3. UID 0 means system administrator, 1-499 is System account, 500~65535 is login account

4. GID

5. User Information Description column to explain the meaning of the account

6. Home folder

7. Shell

/etc/shadow file Structure

1. Account Name

2. Password

3. Number of days since the date the password was recently changed from 1970.1.1

4. Number of days the password cannot be changed

5. Number of days the password needs to be re-changed

6. Password need to change the warning days before the deadline

7. When the password expires, the account has a wide time limit.

8. Account Expiry time

9. Retention

valid with initial user group: Groups,newgrp

/etc/group file Structure

1. User group name

2. User group password Password has been put into/etc/gshadow

3. GID

4. Account names supported by this user group multiple user names separated by commas

Valid user groups and initial user groups

Each user has a GID in the fourth column of/etc/passwd, which represents the initial user group. If user Wuchao supports both group1 and group2 two user groups, the user group for the file will depend on the active user group when the user creates a new file.

The following examples:

Add the user name Wuchao to the user group root

[Email protected] Desktop]$ usermod-a-G root Wuchao

To view the user groups supported by user Wuchao: The first is a valid user group

[[Email protected] Desktop]$ Groupswuchao root[[email protected] Desktop]$

User groups that create files and view files

-L file110 July  :

Toggle Active user group: NEWGRP user Group name

-l file210 July  :

Note: Using NEWGRP is actually entering a new shell, using the exit command to exit the new shell, return to the original shell, and you will find that the original shell user group has not changed. As follows:

/etc/gshadow

A total of four fields.

1. User group name

2. password column if! Start with no user group administrator

3. User group Administrator's account

4. Account of the user group

User group administrator: When users want to join a user group may need root users to operate, if the root user is busy, you can create a user group administrator for each user group, the user group administrator can add other accounts to their own managed user group.

Account Management

The 14th Chapter Linux account management and ACL permission setting