User account-User id: UID and GID

Source: Internet
Author: User

Although we login to the Linux host, the input is our account, but in fact, the Linux host does not directly know your "account name", it only know the ID. The correspondence between ID and account is in/etc/passwd.

At least two IDs are obtained for each logged-on user, one for the user ID (UserID, short uid) and one for the user group ID (the group ID, or GID).

How does a file discriminate between its owner and the user group? is actually using UID and GID. Each file will have the so-called owner ID and user group ID, when we have to display the requirements of the file attributes, the system will be based on/etc/passwd and/etc/group content, find uid/gid corresponding account number and group name again displayed.


1. Check to see if there is a user named YHK in the system


The user's field is the YHK itself.

2. Revise, the 1000UID of the YHK should be 2000




How did it become 1000. Because files only record numbers. Because we do not change, so that 1000 can not find the corresponding account, so display the number.

3. Change the UID back to the moment.


You enter the account password, the system how to deal with.

1. Find out if there is a/etc/passwd you entered the account, if not then jump out, if there is the corresponding UID and GID (in/etc/group) read out, in addition, the account's main folder and shell settings are also read out.

2. Again, check the password list. Linux will enter the/etc/shadow to find the corresponding account and UID, and then check the password you have just entered and the inside of the password is consistent.

3. If all is OK, enter the shell control stage.

With the user account has two very important files, one is the management user uid/gid important parameter/etc/passwd, one is the specialized management password related data/etc/shadow

/ETC/PASSWD file Structure

Each line represents an account, and a few lines represent several accounts in your system. However, the need for special attention is that there are a lot of accounts is the system must be normal operation, we can simply call it for the system account, such as bin, Daemon, ADM, nobody, etc., these accounts please do not arbitrarily delete.


Each row is separated by a ":", a total of seven fields, respectively:

1. Account Name

is the account number, used to correspond to the UID. For example, the UID corresponding to root is 0 (third field)

2. Password

The password for the early Unix system is placed on this field. But because the feature of this file is that all programs can read, it is easy to cause password data to be stolen, so later on the field of the password data into the/etc/shadow, so here you will see an "X".

3. UID

This is the user identifier. Linux usually has several limitations on UID. 0 (System administrator), 1~499 (System account), 500~65535 (can login account)

4. GID

This is related to/etc/group. In fact,/etc/group is almost the same as/etc/passwd, but it is used to specify the correspondence between the group name and the GID.

5. User Information Description column

This field is basically not an important use, just to explain the meaning of the account.

6. Home folder

This is the user's home folder.

7. Shell

When the user logs on to the system, a shell is made to communicate with the kernel of the system for user's operational tasks. So why is the default shell using bash? That's what this field specifies.

/etc/shadow File Structure

We know that many programs run with permissions, and permissions are related to Uid/gid. Therefore, the procedures of course need to read/etc/passwd to understand the permissions of different accounts. Therefore, the/etc/passwd permissions need to be set to-rw-r--r--. The technology that moved the password to/etc/shadow the file was later developed, and many password restriction parameters were added to the/etc/shaow.


A total of 9 fields:

1. Account Name

Because the password also needs to correspond with the account number. Therefore, the first column of this file is the account number, must be the same as the/etc/passwd.

2. Password

The data in this field is the real password, and the encoded password (encryption). The default permissions for this file are "-RW-------" or "-R--------", that is, only root can read and write. You have to keep in mind that you don't accidentally change the permissions on this file.

/etc/group file Structure

This file is the correspondence between the record GID and the group name.


Each row of this file represents a user group. Divided into 4 columns

1. User group name

2. User group password

Typically, settings are not required, and this setting is typically used by the user group Administrator, and there is currently little opportunity to set up a user group administrator.

3. GID

Is the user group ID. The user group name for the GID we used in the fourth field corresponds to this/etc/passwd.

4. Account name supported by this user group

We know that an account can be added to a number of user groups, that an account to join this user group, the account will be filled in this field. For example, if I want Dmtsai to join the root user group, then add "Dmtsai" at the end of the first line, and be careful not to have spaces to make it "Root:x:0:root,dmstai."

Effective user group (effective group) and initial user group (initial groups)

Each user's fourth-column GID in its/etc/passwd is called the "Initial user group." That is, when a user logs on to the system, it immediately has the relevant permissions of the user group.

The group of the new file needs to check the active user group at that time.












Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.