User and group Management fundamentals

User and group Management fundamentals Brief introduction

In Linux systems, user management is the allocation of resources based on user name and password

 user category: User id: userid,uid16bits binary number: 0-65535 admin: ID number is 0,------as long as 0 is Admin user Ordinary user:1-65535     System users: 1-499 (centos 6), 1-999 (centos 7)      login User: 500-60000 (CentOS6), 1000-60000 ( CENTOS7) name resolution: Name translation     Username <--> UID     by name Resolution Library: &NBSP;/ETC/PASSWD computer will only recognize ID number to determine user type Group Category: Group identity:groupid,gid     Admins group:0     General user group:1-65535         System user group: 1-499 (CentOS6), 1-999 (CentOS7)           Login User group: 500-60000 (CentOS6), 1000-60000 (CENTOS7) name resolution: groupname < --> gid     Parse Library:/etc/group 

categories of Linux groups :

User's primary group (primary group): User must belong to one and only one primary group group name with user name and only one user: additional group for User (secondary group): One user can belong to 0 or more secondary group private groups: The group name is the same as the user name and contains only one user public group: The group contains multiple users

User-related configuration files

Main profiles for Linux users and groups:/etc/passwd: Users and their attribute information (name, UID, primary group ID, etc.)/etc/group: Group and its attribute information/etc/shadow: User password and its related properties/etc/ Gshadow: group password and its related properties

• /etc/passwd

[[email protected] ~]# cat /etc/passwdroot:x:0:0:root:/root:/bin/bash 1    2 3 4  5    6      7  1. User name   2. User password, here x is hidden, specific password in/etc/shadow  3.uid  4.gid    5. User's detailed description information   6. User's home directory   7. User's default Shell 

• /etc/group

  [[email protected] ~]# cat/etc/group Bin:x:1:bin,daemon Group name: Group password: Group ID: List of users with the current group as additional groups (multiple words can be used, separated)

• /etc/shadow

  Qzx:$6$bhpk8acu5llxaacs$ib4zkp0r2b/zo5gkgxjzvsgtgfsyxtpd9sxl939oxcg.omr6k5g1bnmaqp59ivh8rzfrggslblt4/4l0dk5.q. : 17002:0:99999:7::: 1, User name 2, encrypted password, $6 represents sha512 encryption 3, the date of the most recent password change (from January 1, 1970 to the time the password was last changed) 4, the password can be changed in a few days (0 means can be changed at any time) 5, Password for the maximum period of time, the password must be changed in a few days 6, the password of a few days before the warning (default is one week) 7, password expires a few days payback will be locked 8, the expiration date of the account, from January 1, 1970 count, how many days after the account expires

  650) this.width=650; "src=" Http://i.imgur.com/mRo7ktI.png "style=" margin:0px;padding:0px;border:0px; "/>

  Pwunconv password does not convert directly to view the password in the passwd, after the execution cat/etc/passwd display password shadow there is no

  [Email protected] ~]# Pwunconv [[email protected] ~]# cat/etc/passwd root:$6$vnmalxuv5utyfkps$y0pkrmezfazymhwmbhnd5.b ketxvtypotdzdaddp3avwt2yu2tflnwbq/us.bij0rze9qj4blw5mdlkz3706v1:0:0:root:/root:/bin/bash [[Email protected] ~]# Cat/etc/shadow Cat:/etc/shadow:no such file or directory

pwconv convert back to

•   haldaemon:!::haldaemon  1         2 3  4  1, group name: is the group name   2, group password:   3, group Administrator list: List of group Administrators, change groups password and member   4, List of users with the current group as additional groups: (comma delimiter)

Specifies to view the passwd,shadow,group of a user, Gshadow method

getent [Passwd,shadow,group, Gshadow] User name

For example

[Email protected] ~]# getent passwd qzxqzx:x:500:500:qzx:/home/qzx:/bin/bash[[email protected] ~]# getent group QZXQZX: X:500:[[email protected] ~]# getent Gshadow rootroot:::

Compilation and inspection of passwd and group

• VIPW and VIGR

• Pwck and GRPCK

Password

Encryption mechanism: Encryption: Clear text-to-ciphertext decryption: ciphertext-to-plaintext

Some characteristics of the password

1. One-way encryption: hash algorithm, the original text is different, ciphertext will be different

2. The same as the legal long output, obtained ciphertext irreversible introduction of raw data

3. Avalanche effect: Small changes in initial conditions, resulting in a dramatic change in results

Md5:message Digest, 128bits sha1:secure hash algorithm, 160bits sha224:224bits sha256:256bits sha384:384b Its sha512:512bits

Change the encryption algorithm authconfig--passalgo=sha256--update
12

The complexity strategy for passwords

1. Use at least 3 of the numbers, uppercase letters, lowercase and special characters

2. Long enough

3. Use random passwords

4. change regularly; Do not use passwords that have been used recently

User and group Management fundamentals