User and group commands and related configuration files

User and group commands and related configuration files

Directory

I. Create user, group, and permission-related commands

1, Useradd account establishment

2. Usermod User Property changes

3, PASSWD

4, Userdel

6, Chfn.

7, Chsh

8, Finger

9, Groupadd

10, Groupdel

11, Groupmod

12, GPASSWD

13. Id

14, groups. 4

Second, user, group-related configuration files

1,/etc/passwd

2,/etc/shadow

3,/etc/group. 5

3.1/etc/group Content Specific Analysis

4./etc/gshadow Commentary

I. Create user, group, and permission-related commands

1, Useradd account establishment

-c< Remarks: Add notes text. Description information

-d< log in Directory;: designated household directory;

-e< validity period;: Specify the expiry date of the account;

-f< buffer days;: Specify how many days after the password expires to close the account;

-g< Group;: Specifies the primary group to which the user belongs;

-g< Group;: Specifies the additional group to which the user belongs;

-M: Automatically set up the user's log in directory;

-M: Do not automatically set up the user's log in directory;

-N: Cancels the creation of a group named after the user name;

-R: Establish the system account number;

-s<shell>: Specifies the shell used by the user when logging in;

-u<uid>: Specifies the user ID.

-N Do not create private group master group, use the Users group master Group

-r: Create System user CentOS 6:id<500,centos 7:id<1000

2. Usermod User Property changes

usermod [OPTION] Login

-U uid: New UID

-G GID: New Basic Group

-G group1[,group2,... [, GROUPN]] : New add-on group, original append

The group will be overwritten, and if it is retained, use the-a option at the same time to indicate append;

-S shell: new default shell;

-C ' COMMENT ': new annotation information;

-D Home: The new home directory is not automatically created, the files in the home directory are not moved at the same time

Move to a new home directory, create a new home directory and move the home data, using the-M option

-L login_name: new name;

-l:lock Specify the user, add in the/etc/shadow password bar!

-u:unlock Specify the user, will/etc/shadow the password bar! Take it off.

-E YYYY-MM-DD: Indicates the user account expiration date;

-F INACTIVE: set inactivity period;

3, PASSWD

passwd [OPTIONS] UserName: Modify the password of the specified user, only the root user rights passwd

Modify your password;

Common options:

-L: Lock the specified user

-U: Unlock the specified user

-E: Force user to change password at next logon

-N mindays: Specifying the shortest period of use

-X maxdays: Maximum lifespan

-W Warndays: How many days in advance to start warning

-I inactivedays: inactivity period;

--stdin: Receive user password from standard input;

echo "PASSWORD" | passwd--stdin USERNAME

4, Userde-r: Delete the user home directory;

5, Chage

-D Last_day

-E,--expiredate expire_date

-I.,--inactive inactive

-M,--mindays min_days

-M,--maxdays max_days

-W,--warndays Warn_days

–l, show password Policy

Example:

chage-d 0 Tom Next login Force reset Password

Chage-m 0–m 42–w 14–i 7 Tom

CHAGE-E 2016-09-10 Tom

6, CHFN Specify user information

7. CHSH Designated Shell

8, Finger

Find and display user information

-L: Lists the user's account name, real name, user-specific directory, the shell used to log in, login time, transfer address,

e-mail status, as well as plan files and program file contents;

-M: Excludes the real name of the person who finds it;

-S: Lists the user's account name, real name, login terminal, idle time, login time and address and telephone number;

-P: Lists the user's account name, real name, user-specific directory, the shell used to log in, login time, transfer address,

The e-mail status, but does not display the user's plan file and schema file contents.

9, Groupadd

To create a new workgroup, the information for the new workgroup is added to the system file.

-G: Specifies the ID of the new workgroup;

-r: Create system Workgroup, System Workgroup Group ID is less than 500;

-K: Overwrite configuration file "/ect/login.defs";

-O: Allows you to add a workgroup with a group ID number that is not unique.

10, Groupdel

Used to delete the specified workgroup, the system files to be modified by this command include/ect/group and/ect/gshadow. If the group is still

Include some users, you must delete the users before you can delete the group.

11, Groupmod

Change the group identification code or name. When you need to change the identifier or name of a group, you can Groupmod

Instructions to complete the work.

g< group identification Code;: Set the group identifier to use;

-O: Repeated use of the group identification Code;

-n< New group Name: Set the name of the group you want to use.

12, GPASSWD

Modify the group password Management user group.

-A: adding users to groups;

-D: Remove users from the group;

-A: Specify the Administrator;

-M: The use of the specified group member and-A is similar;

-r: Remove password;

-R: Restricts the user from logging into the group, only members in the group can join the group with NEWGRP.

13. Id

Displays user and group information for the specified user or current user (when no user is specified).

-G or--group displays the ID of the group to which the user belongs.

-G or--groups displays the ID of the additional group to which the user belongs.

-N or--name displays the name of the user, the owning group, or the additional group.

-R or--real displays the actual ID.

-U or--user displays the user ID.

-help display Help.

-version Displays version information.

14. Group displays the groups where the user is located

Second, user, group-related configuration files

1,/etc/passwd

In/etc/passwd, each line represents a user's information, and a row has 7 segments, and each segment is split with a: number, such as the following

Two lines of/etc/passwd in my system;

Beinan:x:500:500:beinan Sun:/home/beinan:/bin/bash

Linuxsir:x:505:502:linuxsir Open,linuxsir Office,13898667715:/home/linuxsir:/bin/bash

Beinan:x:500:500:beinan Sun:/home/beinan:/bin/bash

Linuxsir:x:501:502::/home/linuxsir:/bin/bash

First field: User name (also known as login); In the above example, we see that the user names of these two users are Beinan and Linuxsir respectively;

second field: password; In the example we see an X, in fact the password has been mapped to the/etc/shadow file;

Third field: UID; see the description of the UID in this article;

Fourth field: GID; Refer to the GID's commentary in this article;

The fifth field: User name full, this is optional, can not be set, in Beinan this user, the user's full name is Beinan Sun; linuxsir

This user is not set full name;

The sixth field: the user's home directory location, Beinan This user is/home/beinan, and Linuxsir this user is/home/linuxsir;

The seventh field: the type of shell used by the user, Beinan and linuxsir are all used bash, so set to/bin/bash;

2,/etc/shadow

Content analysis of/etc/shadow;

The contents of the/etc/shadow file include 9 segments, separated by: number between each of the fields, as illustrated in the following example;

Root:$6$gfokrpqvkr6xyilo$jj96snqda8r0mcodbrrrntfzvphriwfiepmsny3kkf8okmpknah0pdqvvtn5clkhn9ndbrlc0widkphjg7adp .: 16968:0:99999:7:::

LINUXSIR:$1$IPDVUHXP$8R6J/VTPXVLYXXHLWPRNT/:13072:0:99999:7::13108:

First field: User name (also known as login), in/etc/shadow, the user name and/etc/passwd are the same, so that passwd and shadow

The user records associated with this field are non-null;

Second field: password (encrypted) $6 represents the encryption type $gFokRPqvkR 6xyilo$ represents "salt"

Add "salt" in time two users with the same password encryption after the ciphertext is not the same system default "salt" for the system time.

Third field: The time when the password was last modified; this is the time interval (in days) from January 01, 1970 to the most recent password change, and you can use passwd to

Modify the user's password, and then view the changes in this field in the/etc/shadow;

The fourth field: two times the minimum number of days to modify the password interval, or, if set to 0, disables this feature, that is, the number of days the user must pass to modify their password;

is not too large; The default value is obtained through the/etc/login.defs file definition, which is defined in the pass_min_days;

The fifth field: two times the number of days to modify the password interval; this can enhance the administrator to manage the user's password timeliness, should be said to enhance the security of the system;

The value is obtained from the/etc/login.defs file definition when the user is added, and is defined in the pass_max_days;

The sixth field: how many days in advance to warn the user password will expire, when the user logged on to the system, the system logon program to remind the user password will be invalid, if it is the system default value, is added

The user is obtained from the/etc/login.defs file definition in the Pass_warn_age, and is defined in the

The seventh field: the number of days after the password expires, this user is disabled, this field indicates the user password is discarded how many days later, the system will disable the user, that is, the system will not be allowed to use

User login, will not prompt users to expire, is completely disabled;

Eighth field: User expiration date, this field specifies the number of days that the user expires (from January 1 in 1970), and if the value of this field is empty, the account is permanently available;

Nineth field: Reserved field, currently empty, for future Linux development, if more detailed, please use man shadow to see the help, you will get more detailed information;

3,/etc/group

The/etc/group file is the user group's profile, which includes users and user groups, and can show which user group or groups of users the user belongs to.

Because one user can belong to one or more different groups of users, users of the same user group have similar characteristics. For example, if we add a user to the root user group,

This user can browse the root user's home directory files, if the root user to open the read and write execution permissions of a file, all users of the root user group can modify the file,

If it is an executable file (such as a script), the user of the root user group can also be executed, and the user group's characteristics are very convenient for system administrators in System management.

But security is also worth attention, such as a user under the system management has the most important content, it is best to let the user have a separate user group, or to the user under the permissions of the file

Set to full private, and the root user group is generally not easy to add ordinary users.

3.1/etc/group Content Specific Analysis

The content of the/etc/group includes the user group, user group password, GID and the user that the user group contains,

One record per user group, in the following format:

Group_name:passwd:GID:user_list each record in the/etc/group is divided into four fields:

First field: User group name;

Second field: User group password;

Third field: GID

The fourth field: User list, between each user with, number division; This field can be empty; if the word blank indicates that the user group is GID

User name; Let's give an example:

Root:x:0:root,linuxsir Note: User group root,x is a password segment, indicating that no password is set, GID

Is the 0,root user group, including root, Linuxsir, and GID 0 of other users (can be viewed through/etc/passwd);

4./etc/gshadow Commentary

/etc/gshadow is a/etc/group encrypted information file, such as user group management password is stored in this file. /etc/gshadow

And/etc/group are complementary to the two files; for large servers, for many users and groups, customize some of the relational structure more complex permissions model, set with

The user group password is very necessary. For example, we do not want to allow some non-user group members to permanently own the permissions and features of the user group, which can be verified by password

To allow some users to temporarily have some user group features, the user group password is used, the/etc/gshadow format is as follows, each user group exclusive row;

Groupname:password:admin,admin,...: Member,member,...

First field: User group

Second field: User group password, this segment can be empty or!, if it is empty or has!, indicates no password;

Third field: User group manager This field can also be empty, if there are multiple user group managers, with, number segmentation;

Fourth field: Group members, if there are multiple members, with, number split;

Example:

Beinan:!::linuxsir

Linuxsir:ous/q7nh75rhq::linuxsir

First field: In this example, there are two user groups Beinan with Linuxsir

The second field: User group password, beinan user group no password; Linuxsir user group has already, has been encrypted;

The third field: User group manager, both are empty;

Fourth field: The members of the Beinan user group are Linuxsir, and then compare/etc/group and/etc/passwd to see if there are any other

Users, generally by default added users, and sometimes also create user groups and user names with the same name;

This article is from the "Fall" blog, please be sure to keep this source http://lxlxlx.blog.51cto.com/3363989/1864816

User and group commands and related configuration files