User Management for Linux

I. The process of user login verification

1. Find out if there is an account entered in/etc/passwd? If not then jump out, if any, then the account corresponding UID and GID (in/etc/group) read out, in addition, the account's home directory and shell settings are also read out.

2. Then check the password list, then Linux will enter the/etc/shadow inside to find the corresponding account and UID, and then check the password entered in the file and the password is consistent.

II. documents related to

User

/etc/passwd

Account name: Password: uid:gid: User Information Description: Home directory: SHELL

/etc/shadow

Account Name: Password: the date of the most recent password change: The password cannot be changed by the number of days (compared to the third field): The password needs to be re-changed (compared to the third field): The number of days before the password needs to be changed (relative to the 5th field): Account Grace time after password expires (relative to 5th field)

Group

/etc/group

Group name: Group Password: GID: The name of the account supported by this group

Active groups and initial groups

groups: effective and Support Group viewing

NEWGRP: switching of effective user groups

NEWGRP can change the active user group of the current user, and it is also provided with a shell to provide functionality.

/etc/gshadow

User group name

The password column, again, begins with! Indicates no legal password, so no user group administrator

User Group Admin Account

Account number of the user group

So a little summary follows:

User: UID:/ETC/PASSWD Group: Gid,/etc/group

Shadow Password: User:/etc/shadow Group:/etc/gshadow

User type: admin: 0, Normal User: 1~65535, which system user 1-499, general user 500~65535

User Group Category:

Administrators group: General Group, System Group

User Group Category:

Private group: When a user is created, a group that has the same name as the user is automatically created if the group to which it belongs is not specified

Basic group: Default group for users

Additional groups: Additional groups: Groups other than the default group

Attach some encryption methods:

Symmetric encryption: Encrypt and decrypt using the same password

Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key

One-way encryption, hash encryption: Extracting data signatures, often used for data integrity checks
1. Avalanche effect
2, fixed-length output
Md5:message Digest, 128-bit fixed-length output
Sha1:secure Hash algorithm, 160-bit fixed-length output

User management:

Useradd,userdel,usermod,passwd,chsh,chfn,finger,chage

Group Management:

groupadd,groupdel,groupmod,gpasswd

Detailed Introduction

useradd [Options] USERNAME

-U UID

-G GID (Basic Group)

-G GID ... (Additional groups)

-C "comment"

-d/path/to/directory

-S SHELL

-M,

-M

-R Add System user which is the primary reference for/etc/login.defs,/etc/shells specifies the security shell that is available for the current system

-D, reference information, where the main reference includes/etc/default/useradd,/etc/login.defs,/etc/skel/*

Userdel:

Userdel [Options] USERNAME

-r: Delete User's home directory at the same time

ID: View user's account attribute information-u,-g,-g-n

Finger: View user account information

Example:

Useradd-u 1011-g 104-g 104-s/bin/bash-m-d/home/myuser2 myuser2

In fact, when Useradd account, the main operation includes

1. Create a row of account-related data in/etc/passwd, including creating a Uid/gid/home folder, etc.

2. In/etc/shadow, the password related parameters of this account are filled in, but no password has been

3. Add a group name that is identical to the account name in the/etc/group

4. Under home Create a directory with the same name as the user's home folder, and the permission is 700

passwd [options] USERNAME

-L: Lock, password invalid

-U: Unlocking

-S: List password-related information

-N: followed by the number of days, how long after the password can not be changed, shadow in the 4th field

-X: followed by the number of days, how long after the password must be changed , shadow in the 5th field

-W: Number of days followed, warning days before password expires , 6th field in shadow

Chage

Compared to Passwd-s, Chage is able to display the parameters of the password in more detail.

Usermod

-u:uid,-G gid,-a-g does not apply the-a option, overwriting previous additional groups

-C: Account description-d-m: directory-S shell-l Modify account name

-L: Lock Account-U: Unlock Account

Userdel

-R: Delete the user's home folder

Finger: View information about a user

CHFN: Modifying information about the finger

Chsh: Modify the shell's related information

ID: Query UID and GID information related to the user

About user groups this piece:

Groupadd:-G: followed by a specific GID,

-R: New System User

Groupmod:-G: Modify existing GID numbers

-N: Modify an existing group name

Groupdel: Deleting a user group

User Management for Linux