1. Linux System User management is based on user name and password management, including user name, user password, user group, user group password, four kinds of data are stored in four files, the system in the identification of users and groups are identified by the ID number (user the ID and group ID ranges are the same, but there are different places, respectively):
Root--->0
Ordinary user --->1-65535 which is divided into system users and user can login
number range before Rhel7:1-499 is a system user, more than the user can be logged in
Rhel7 changed to 1-1000 is a system user, more than more than the user can login
2. Four profiles related to the storage of users:
(1)/etc/passwd: Store user name and its attribute information:
the exact format (each piece of information is : as a delimiter):
Jack:x:500:500:jack_cui:/home/jack:/bin/bash
The field meaning of each paragraph:
User name: The user name of the storage system
Password: The original stored here encrypted password, and later for security, the password is stored separately in the password file
user ID: Typically, a user has only one ID, and the system uniquely distinguishes a user
Group ID: Similar to user ID
user's full name or user information: Store user's full name or user information
home directory : user's home directory can be logged in
login Shell: login User's shell
(2) /etc/shadow: Store the user password and its password related fields:
The specific format is as follows:
Jack:$6$ln2t4woafetrle9j$zs0lobj.krylecafqul8jhyomucc/dkfgon0qlgt/n7o56zecb0vlrdnxycxydreddvewgeedcrlefojgqxqp /:17001:0:99999:7:::
The meaning of each paragraph field:
User name: The user name of the storage system
Encrypted password: Store encrypted password, above for add salt of sha512 encryption algorithm, the second and third $ between the salt random number, encryption algorithm has MD5 ,sha1,sha224,sha256,sha384,sha512, corresponding to the version of the encrypted password that follows the first $
last time Password change: The most recent change in password distance 1970.1.1 days
Minimum password Age: The minimum time the password is changed from the setting to the password
Maximum password Age: The maximum time the password is changed from the setting to the password
Password warning Time: Warning Change password before maximum password age
Password Disable period: Has been past the maximum period of use, still no change password, account is disabled, at this time the change password can still use
Account Lockout period: The account is completely locked, the account cannot be used
Reserved field: reserved for it, meaningless
(3)/etc/group:
Specific format:
Jack:x:500:natasha,harry
The meaning of each paragraph field:
Group Name:
group Password: Similar to the user password, the password has been stored separately, generally less useful
Group ID: ID number of the group
users with this group as a subordinate group: multiple words separated by commas
(4) /etc/gshadow:
Specific format:
jack:!!::
The meaning of each paragraph field:
Group Name: The name of the group
Encrypted password: Hashed algorithm encryption password, generally do not use, empty, exclamation marks to disable, two!! For security, if the administrator uses the command to unlock when the solution to one and one, in order to operate in error, play a role of double insurance.
Group Manager: This field can also be empty, if there are multiple user group managers, with the number of split
List of users in the group: if there are multiple members, separated by commas ;
3. user and group related commands
(1) Useradd user add
Grammar:
Useradd option parameters
Options:
-C: remarks, adding notes to the passwd remarks column
-D: Specify user home directory;
-D: Change the preset value;
-E: Specify the expiration date of the account (--expiredate)
-F: Buffer days after password expiration
-G: Specify gid or Primary Group
-G: Specify the satellite group
[Email protected]_8~]# useradd-g root-g bin-s/sbin/nologin-r-U Marry
If you specify the head group root, the subordinate group is bin ,the shell is /sbin/nologin, the system user,the UID is , the user named marry
(2) Groupadd : Used to add a new group:
Syntax:
Groupadd option parameters
Options:
- G : Specifies the ID of the new workgroup;
- R : Create a system workgroup with a system workgroup with a group ID of less than 1000 (RHEL7);
[Email protected]_8 ~]# groupadd-g jack_grp
(3) Usermod : Modification of user Properties
Usage:
Usermod option Parameters
Options:
-C : Remarks, add notes for new memo bar
-D : Modify the specified user home directory;
-E: Modify the expiry date of the specified account (--expiredate)
-F: Change the number of buffer days after password expiration
-G: Modify the specified gid or Primary Group
-G : Modify the specified satellite group
-S: Modify the shell used by the user
-U : Modify User ID
-U : unlock password
-L : Lock user and password
-L : Modify account login ID(first name)
[Email protected]_8 ~]# usermod-c "Marry&jack"-s/sbin/nologin marry[[email protected]_8 ~]# tail-n 1/etc/passwdmar Ry:x:501:501:marry&jack:/home/marry:/sbin/nologin
The above command modifies the marry login shell of the system,and the comment information can be seen by viewing the successful modification
Note the-G option overrides the original satellite group, and if you need not overwrite it, add the-a option.
(4) Userdel Delete user command
usage Userdel option Parameters
Options:
-R Delete the user together with the home directory also deleted
passwd Adding a password to a user
Usage:
passwd option parameters
Options:
- D : Delete password, only system Manager can use;
- F : Enforcement;
- k : Settings can only be updated after expiration of password expires;
- L : lock password;
- u : Unlock the locked account.
- N : Specify the minimum period of use
- x : Maximum use period
- I. : Inactive Use period
--stdin Accept user passwords from standard input
Parameters
User name: The user name for which you want to set the password.
[Email protected]_8 ~]# passwd-dmarryremoving password for user marry.passwd:Success [[email protected]_8 ~]# Su-marr Ythis account is currently notavailable. [[Email protected]_8 ~]# passwd-lmarrylocking password for user marry.passwd:success[[email protected]_8 ~]# su-marryt His account is currently notavailable. [Email Protected]_8 ~]# echo "marrypasswd" |passwd--stdin marrychanging password for user Marry.passwd:all Authenticatio N tokensupdated successfully.
You will not be able to log in to your marry account after you delete or lock your account password , and then add a password to marry using standard input after unlocking the marry account.
(5) GPASSWD change user Group command
usage gpasswd option Parameters
Options:
-A adds a user to the specified group
-D Remove a user from a group
Usage:
[[Email Protected]_8 ~]# gpasswd-d marry jackremoving user marry from group Jack//Remove marry from the Jack Group
(6)Groupdel : Used to delete a group:
Syntax:
Groupdel Parameters
Parameters
The specified group to delete
[[Email Protected]_8 ~]
(7) Groupmod: Modify user group Properties
Usage:
groupmod ( option) (parameter)
Options
-g< Group identifier >: Set the group ID number to use ;
-O: Re-use Group ID number;
-n< New group name >: Set the name of the group you want to use.
Parameters:
Group Name: Specifies the group name of the work to be modified
[email protected]_8 ~]# groupmod-n marry_new marry// Change the marry group to Marry_new
This article from "Jackcui" blog, reproduced please contact the author!
The most detailed user and group management profiles and their command usage