I. The process of user login verification
1. Find out if there is an account entered in/etc/passwd? If not then jump out, if any, then the account corresponding UID and GID (in/etc/group) read out, in addition, the account's home directory and shell settings are also read out.
2. Then check the password list, then Linux will enter the/etc/shadow inside to find the corresponding account and UID, and then check the password entered in the file and the password is consistent.
II. documents related to
User
/etc/passwd
Account name: Password: uid:gid: User Information Description: Home directory: SHELL
/etc/shadow
Account Name: Password: the date of the most recent password change: The password cannot be changed by the number of days (compared to the third field): The password needs to be re-changed (compared to the third field): The number of days before the password needs to be changed (relative to the 5th field): Account Grace time after password expires (relative to 5th field)
Group
/etc/group
Group name: Group Password: GID: The name of the account supported by this group
Active groups and initial groups
groups: effective and Support Group viewing
NEWGRP: switching of effective user groups
NEWGRP can change the active user group of the current user, and it is also provided with a shell to provide functionality.
/etc/gshadow
User group name
The password column, again, begins with! Indicates no legal password, so no user group administrator
User Group Admin Account
Account number of the user group
So a little summary follows:
User: UID:/ETC/PASSWD Group: Gid,/etc/group
Shadow Password: User:/etc/shadow Group:/etc/gshadow
User type: admin: 0, Normal User: 1~65535, which system user 1-499, general user 500~65535
User Group Category:
Administrators group: General Group, System Group
User Group Category:
Private group: When a user is created, a group that has the same name as the user is automatically created if the group to which it belongs is not specified
Basic group: Default group for users
Additional groups: Additional groups: Groups other than the default group
Attach some encryption methods:
Symmetric encryption: Encrypt and decrypt using the same password
Public Key cryptography: each password appears in pairs, one for the private key (secret key) and one for the public key
One-way encryption, hash encryption: Extracting data signatures, often used for data integrity checks
1. Avalanche effect
2, fixed-length output
Md5:message Digest, 128-bit fixed-length output
Sha1:secure Hash algorithm, 160-bit fixed-length output
User management:
Useradd,userdel,usermod,passwd,chsh,chfn,finger,chage
Group Management:
groupadd,groupdel,groupmod,gpasswd
Detailed Introduction
useradd [Options] USERNAME
-U UID
-G GID (Basic Group)
-G GID ... (Additional groups)
-C "comment"
-d/path/to/directory
-S SHELL
-M,
-M
-R Add System user which is the primary reference for/etc/login.defs,/etc/shells specifies the security shell that is available for the current system
-D, reference information, where the main reference includes/etc/default/useradd,/etc/login.defs,/etc/skel/*
Userdel:
Userdel [Options] USERNAME
-r: Delete User's home directory at the same time
ID: View user's account attribute information-u,-g,-g-n
Finger: View user account information
Example:
Useradd-u 1011-g 104-g 104-s/bin/bash-m-d/home/myuser2 myuser2
In fact, when Useradd account, the main operation includes
1. Create a row of account-related data in/etc/passwd, including creating a Uid/gid/home folder, etc.
2. In/etc/shadow, the password related parameters of this account are filled in, but no password has been
3. Add a group name that is identical to the account name in the/etc/group
4. Under home Create a directory with the same name as the user's home folder, and the permission is 700
passwd [options] USERNAME
-L: Lock, password invalid
-U: Unlocking
-S: List password-related information
-N: followed by the number of days, how long after the password can not be changed, shadow in the 4th field
-X: followed by the number of days, how long after the password must be changed , shadow in the 5th field
-W: Number of days followed, warning days before password expires , 6th field in shadow
Chage
Compared to Passwd-s, Chage is able to display the parameters of the password in more detail.
Usermod
-u:uid,-G gid,-a-g does not apply the-a option, overwriting previous additional groups
-C: Account description-d-m: directory-S shell-l Modify account name
-L: Lock Account-U: Unlock Account
Userdel
-R: Delete the user's home folder
Finger: View information about a user
CHFN: Modifying information about the finger
Chsh: Modify the shell's related information
ID: Query UID and GID information related to the user
About user groups this piece:
Groupadd:-G: followed by a specific GID,
-R: New System User
Groupmod:-G: Modify existing GID numbers
-N: Modify an existing group name
Groupdel: Deleting a user group
User Management for Linux