The most detailed user and group management profiles and their command usage

1. Linux System User management is based on user name and password management, including user name, user password, user group, user group password, four kinds of data are stored in four files, the system in the identification of users and groups are identified by the ID number (user the ID and group ID ranges are the same, but there are different places, respectively):

Root--->0

Ordinary user --->1-65535 which is divided into system users and user can login

number range before Rhel7:1-499 is a system user, more than the user can be logged in

Rhel7 changed to 1-1000 is a system user, more than more than the user can login

2. Four profiles related to the storage of users:

(1)/etc/passwd: Store user name and its attribute information:

the exact format (each piece of information is : as a delimiter):

Jack:x:500:500:jack_cui:/home/jack:/bin/bash

The field meaning of each paragraph:

User name: The user name of the storage system

Password: The original stored here encrypted password, and later for security, the password is stored separately in the password file

user ID: Typically, a user has only one ID, and the system uniquely distinguishes a user

Group ID: Similar to user ID

user's full name or user information: Store user's full name or user information

home directory : user's home directory can be logged in

login Shell: login User's shell

(2) /etc/shadow: Store the user password and its password related fields:

The specific format is as follows:

Jack:$6$ln2t4woafetrle9j$zs0lobj.krylecafqul8jhyomucc/dkfgon0qlgt/n7o56zecb0vlrdnxycxydreddvewgeedcrlefojgqxqp /:17001:0:99999:7:::

The meaning of each paragraph field:

User name: The user name of the storage system

Encrypted password: Store encrypted password, above for add salt of sha512 encryption algorithm, the second and third $ between the salt random number, encryption algorithm has MD5 ,sha1,sha224,sha256,sha384,sha512, corresponding to the version of the encrypted password that follows the first $

last time Password change: The most recent change in password distance 1970.1.1 days

Minimum password Age: The minimum time the password is changed from the setting to the password

Maximum password Age: The maximum time the password is changed from the setting to the password

Password warning Time: Warning Change password before maximum password age

Password Disable period: Has been past the maximum period of use, still no change password, account is disabled, at this time the change password can still use

Account Lockout period: The account is completely locked, the account cannot be used

Reserved field: reserved for it, meaningless

(3)/etc/group:

Specific format:

Jack:x:500:natasha,harry

The meaning of each paragraph field:

Group Name:

group Password: Similar to the user password, the password has been stored separately, generally less useful

Group ID: ID number of the group

users with this group as a subordinate group: multiple words separated by commas

(4) /etc/gshadow:

Specific format:

jack:!!::

The meaning of each paragraph field:

Group Name: The name of the group

Encrypted password: Hashed algorithm encryption password, generally do not use, empty, exclamation marks to disable, two!! For security, if the administrator uses the command to unlock when the solution to one and one, in order to operate in error, play a role of double insurance.

Group Manager: This field can also be empty, if there are multiple user group managers, with the number of split
List of users in the group: if there are multiple members, separated by commas ;

3. user and group related commands

(1) Useradd user add

Grammar:

Useradd option parameters

Options:

-C: remarks, adding notes to the passwd remarks column

-D: Specify user home directory;

-D: Change the preset value;

-E: Specify the expiration date of the account (--expiredate)

-F: Buffer days after password expiration

-G: Specify gid or Primary Group

-G: Specify the satellite group

[Email protected]_8~]# useradd-g root-g bin-s/sbin/nologin-r-U Marry

If you specify the head group root, the subordinate group is bin ,the shell is /sbin/nologin, the system user,the UID is , the user named marry

(2) Groupadd : Used to add a new group:

Syntax:

Groupadd option parameters

Options:

- G : Specifies the ID of the new workgroup;

- R : Create a system workgroup with a system workgroup with a group ID of less than 1000 (RHEL7);

[Email protected]_8 ~]# groupadd-g jack_grp

(3) Usermod : Modification of user Properties

Usage:

Usermod option Parameters

Options:

-C : Remarks, add notes for new memo bar

-D : Modify the specified user home directory;

-E: Modify the expiry date of the specified account (--expiredate)

-F: Change the number of buffer days after password expiration

-G: Modify the specified gid or Primary Group

-G : Modify the specified satellite group

-S: Modify the shell used by the user

-U : Modify User ID

-U : unlock password

-L : Lock user and password

-L : Modify account login ID(first name)

[Email protected]_8 ~]# usermod-c "Marry&jack"-s/sbin/nologin marry[[email protected]_8 ~]# tail-n 1/etc/passwdmar Ry:x:501:501:marry&jack:/home/marry:/sbin/nologin

The above command modifies the marry login shell of the system,and the comment information can be seen by viewing the successful modification

Note the-G option overrides the original satellite group, and if you need not overwrite it, add the-a option.

(4) Userdel Delete user command

usage Userdel option Parameters

Options:

-R Delete the user together with the home directory also deleted

passwd Adding a password to a user

Usage:

passwd option parameters

Options:

- D : Delete password, only system Manager can use;

- F : Enforcement;

- k : Settings can only be updated after expiration of password expires;

- L : lock password;

- u : Unlock the locked account.

- N : Specify the minimum period of use

- x : Maximum use period

- I. : Inactive Use period

--stdin Accept user passwords from standard input

Parameters

User name: The user name for which you want to set the password.

[Email protected]_8 ~]# passwd-dmarryremoving password for user marry.passwd:Success [[email protected]_8 ~]# Su-marr Ythis account is currently notavailable. [[Email protected]_8 ~]# passwd-lmarrylocking password for user marry.passwd:success[[email protected]_8 ~]# su-marryt His account is currently notavailable. [Email Protected]_8 ~]# echo "marrypasswd" |passwd--stdin marrychanging password for user Marry.passwd:all Authenticatio N tokensupdated successfully.

You will not be able to log in to your marry account after you delete or lock your account password , and then add a password to marry using standard input after unlocking the marry account.

(5) GPASSWD change user Group command

usage gpasswd option Parameters

Options:

-A adds a user to the specified group

-D Remove a user from a group

Usage:

[[Email Protected]_8 ~]# gpasswd-d marry jackremoving user marry from group Jack//Remove marry from the Jack Group

(6)Groupdel : Used to delete a group:

Syntax:

Groupdel Parameters

Parameters

The specified group to delete

[[Email Protected]_8 ~]

(7) Groupmod: Modify user group Properties

Usage:

groupmod ( option) (parameter)

Options

-g< Group identifier >: Set the group ID number to use ;

-O: Re-use Group ID number;

-n< New group name >: Set the name of the group you want to use.

Parameters:

Group Name: Specifies the group name of the work to be modified

[email protected]_8 ~]# groupmod-n marry_new marry// Change the marry group to Marry_new

This article from "Jackcui" blog, reproduced please contact the author!

The most detailed user and group management profiles and their command usage