User and group Management fundamentals Brief introduction
In Linux systems, user management is the allocation of resources based on user name and password
user category: User id: userid,uid16bits binary number: 0-65535 admin: ID number is 0,------as long as 0 is Admin user Ordinary user:1-65535 System users: 1-499 (centos 6), 1-999 (centos 7) login User: 500-60000 (CentOS6), 1000-60000 ( CENTOS7) name resolution: Name translation Username <--> UID by name Resolution Library: &NBSP;/ETC/PASSWD computer will only recognize ID number to determine user type Group Category: Group identity:groupid,gid Admins group:0 General user group:1-65535 System user group: 1-499 (CentOS6), 1-999 (CentOS7) Login User group: 500-60000 (CentOS6), 1000-60000 (CENTOS7) name resolution: groupname < --> gid Parse Library:/etc/group
categories of Linux groups :
User's primary group (primary group): User must belong to one and only one primary group group name with user name and only one user: additional group for User (secondary group): One user can belong to 0 or more secondary group private groups: The group name is the same as the user name and contains only one user public group: The group contains multiple users
User-related configuration files
Main profiles for Linux users and groups:/etc/passwd: Users and their attribute information (name, UID, primary group ID, etc.)/etc/group: Group and its attribute information/etc/shadow: User password and its related properties/etc/ Gshadow: group password and its related properties
[[email protected] ~]# cat /etc/passwdroot:x:0:0:root:/root:/bin/bash 1 2 3 4 5 6 7 1. User name 2. User password, here x is hidden, specific password in/etc/shadow 3.uid 4.gid 5. User's detailed description information 6. User's home directory 7. User's default Shell
/etc/group
[[email protected] ~]# cat/etc/group Bin:x:1:bin,daemon Group name: Group password: Group ID: List of users with the current group as additional groups (multiple words can be used, separated)
/etc/shadow
Qzx:$6$bhpk8acu5llxaacs$ib4zkp0r2b/zo5gkgxjzvsgtgfsyxtpd9sxl939oxcg.omr6k5g1bnmaqp59ivh8rzfrggslblt4/4l0dk5.q. : 17002:0:99999:7::: 1, User name 2, encrypted password, $6 represents sha512 encryption 3, the date of the most recent password change (from January 1, 1970 to the time the password was last changed) 4, the password can be changed in a few days (0 means can be changed at any time) 5, Password for the maximum period of time, the password must be changed in a few days 6, the password of a few days before the warning (default is one week) 7, password expires a few days payback will be locked 8, the expiration date of the account, from January 1, 1970 count, how many days after the account expires
650) this.width=650; "src=" Http://i.imgur.com/mRo7ktI.png "style=" margin:0px;padding:0px;border:0px; "/>
Pwunconv password does not convert directly to view the password in the passwd, after the execution cat/etc/passwd display password shadow there is no
[Email protected] ~]# Pwunconv [[email protected] ~]# cat/etc/passwd root:$6$vnmalxuv5utyfkps$y0pkrmezfazymhwmbhnd5.b ketxvtypotdzdaddp3avwt2yu2tflnwbq/us.bij0rze9qj4blw5mdlkz3706v1:0:0:root:/root:/bin/bash [[Email protected] ~]# Cat/etc/shadow Cat:/etc/shadow:no such file or directory
pwconv convert back to
-
haldaemon:!::haldaemon 1 2 3 4 1, group name: is the group name 2, group password: 3, group Administrator list: List of group Administrators, change groups password and member 4, List of users with the current group as additional groups: (comma delimiter)
Specifies to view the passwd,shadow,group of a user, Gshadow method
getent [Passwd,shadow,group, Gshadow] User name
For example
[Email protected] ~]# getent passwd qzxqzx:x:500:500:qzx:/home/qzx:/bin/bash[[email protected] ~]# getent group QZXQZX: X:500:[[email protected] ~]# getent Gshadow rootroot:::
Compilation and inspection of passwd and group
VIPW and VIGR
Pwck and GRPCK
Password
Encryption mechanism: Encryption: Clear text-to-ciphertext decryption: ciphertext-to-plaintext
Some characteristics of the password
One-way encryption: hash algorithm, the original text is different, ciphertext will be different
The same as the legal long output, obtained ciphertext irreversible introduction of raw data
Avalanche effect: Small changes in initial conditions, resulting in a dramatic change in results
Md5:message Digest, 128bits sha1:secure hash algorithm, 160bits sha224:224bits sha256:256bits sha384:384b Its sha512:512bits
Change the encryption algorithm authconfig--passalgo=sha256--update
12
The complexity strategy for passwords
Use at least 3 of the numbers, uppercase letters, lowercase and special characters
Long enough
Use random passwords
change regularly; Do not use passwords that have been used recently
User and group Management fundamentals