User and group configuration management in Linux

Article Title: user and group configuration management in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source. Linux user and group management
　
The main task of user management is to create a legal user account, set and manage user passwords, modify user account attributes, and delete obsolete user accounts when necessary.
　
1. Add a new user
　
In Linux, only the root user can create a new user. The following command creates a user with the login name user1.
　
# Useradd user1
　
However, this user is not allowed to log on, because the initial password has not been set for it, and users without a password cannot log on to the system. By default, a user home directory with the same user name will be created in the/home directory. If you need to specify another user's main directory, you can use the following command:
　
# Useradd-d/home/xf user1
　
At the same time, the user will get a Shell program:/bin/bash upon login. If you do not want the user to log on, you can specify the Shell program of the user as follows: /bin/false, so that the user cannot execute commands in Linux even if he logs on:
　
# Useradd-s/bin/false user1
　
In Linux, when a user is added, a new group is created. The Group has the same name as the user, and the user is a member of the group. To assign a new user to an existing group, run the following command:
　
# Useradd-g user user1
　
In this way, the user is a member of the user group. If you only want to make it belong to another group, you should use:
　
# Useradd-G user user1
　
After completing this operation, you should also use the passwd command to set an initial password for it.
　
2. delete a user
　
To delete a user, you only need to use a simple command "userdel user name. However, it is best to delete the files that remain on the system. You can use "userdel-r username" to achieve this purpose.
　
3. Modify user attributes
　
We have seen how to specify the user's home directory, its Shell, and its group when creating a user... And so on. In Linux, a command is provided to implement:
　
Usermod-g group name-G group name-d user main directory-s User Shell
　
Another direct method is to modify the/etc/passwd file. In this file, each user occupies a line and its content is:
　
User name: Password: User ID: Group ID: User Full name: User main directory: User Shell
　
However, it is worth noting that the password is usually replaced by a "*" and you cannot see it.
　
4. Add a group
　
Do you still remember that Linux Files can set different access permissions for people in the same group and for people in different groups? You can create user groups as needed:
　
Groupadd group name
　
5. delete a group
　
Similarly, we sometimes need to delete a group. Its command is the groupdel group name.
　
6. Modify group members
　
To add a user to a group, you only need to edit the/etc/group file and write the user name to the end of the group name. For example, to add a newuser to a softdevelop group, you only need to find the line softdevelop:
　
Softdevelop: x: 506: user1, user2
　
Add newuser to the end to form:
　
Softdevelop: x: 506: user1, user2, newuser
　
In addition, in Red Hat Linux, a graphical user management tool, userconf, can be used to manage users more directly.
　
　 Two important files: passwd and group
　
In linux's security mechanism, the/etc/passwd and/etc/group files are very important. They control important settings for linux users and groups.
　
◆/Etc/passwd file description (used to set user attributes)
　
View with vi/etc/passwd
　
In the passwd file, each row is divided into seven parts by the colon (":"), which are:
　
[User name]: [Password]: [UID]: [GID]: [identity description]: [main directory]: [logon shell]
　
Where:
　
[UID] although the system is used to indicate the ownership of the file and determine the permissions, the content in this region is not required to be unique. One common example related to security issues is that there are multiple user accounts with UID and GID 0. Note that there is a user imnotroot with UID and GID 0 in the last row of the file. Although it claims that it is not root, it has the same permissions as root, because the system does not divide the user's power based on the [user name], but the UID and GID. Therefore, this situation has undoubtedly laid a security bomb for the system. However, when imnorroot locks the screen, it cannot be unlocked if its password is different from that of root, because the system only finds the first user with a UID of 0 (naturally root), it does not look down-it is also unique when UID.
　
[GID] The default group ID, which can be found in the file/etc/group.
　
　　 <注意> : The IDs of [UID] and [GID] smaller than 500 are generally reserved by the system and are not identified by common users and groups, therefore, newly added users and groups generally have UID and GID greater than 500.
　
◆/Etc/group file description
　
Vi/etc/group to view its content
　
It consists of four parts:
　
[Group name]: [Password domain]: [GID]: [member list]