Users and Groups in Linux

Linux operating system is a multi-user operating system, it allows multiple users to log in to the system at the same time, the use of system resources, in order to make all users work smoothly, protect each user's files and processes, but also for the security and stability of the system itself, must establish a mechanism, so that each user's permissions can be standardized. To do this, first distinguish between different users, which generated the user account.

Account in fact, even if a user's identity in the system, the system according to the account to distinguish each user's files, processes, tasks, etc., to each user to provide a specific environment, such as: The user's working directory, Shell version, X-window environment configuration, so that each user's work can be independent.

1.Linux Accounts: User accounts and group accounts

User account: Normal user account and Superuser account (Administrator account)
Group accounts: Groups are collections of users. In CentOS, there are two types of groups: private groups and standard groups

When creating a new user, without specifying the group to which he belongs, CentOS builds a private group with the same name as the user, which contains only the user himself; standard groups can hold multiple users, and if you use standard groups, you should specify the group to which he belongs when you create a new user. The same user can belong to more than one group . When a user belongs to more than one group, the group to which they are logged on is called the primary group, and the other groups are called additional groups.

Account System files under 2.Linux

/ETC/PASSWD: Each row defines a user account, a row is divided into multiple fields to define the properties of the user account, between the fields by: delimited; Any user can read
/etc/shadow: Encrypted user password; only root user readable
/etc/group: Storage group information, any user can read
/etc/gshadow: Define user group password, group Administrator and other information, the file only the root user can access

The essence of account management is to manage the above 4 account system files

/ETC/PASSWD: Each row defines a user account, one row is divided into multiple fields to define the attributes of the user account, the fields are separated by:, and the contents of the file are as follows:
Cc:x:1000:1000:cc:/home/cc:/bin/bash
User name: Password: User id: Group identification number: Annotative Description: Host directory: Command interpreter
Password: This field holds the encrypted password. The password in this file is X, which means that the user's password is protected by the/etc/shadow file, and all encrypted passwords and password-related settings are saved in/etc/shadow
Annotative Description: For example, information such as the user's full name
Host directory: The directory that the user enters after logging in
Command interpreter: Indicates the shell used by the user, and the default is bash

/etc/shadow: Encrypt the user password; only the root user is readable; the contents of the file are as follows:

Root:$6$p272tjui$4gsqvud5dgekensh.ej7rwgyhjhj.hnwf/kctnpozpbqx8gwnvocakve/dg7oyvotbvuughlvkydlpns12tdj1 : 17142:0:99999:7:::
User name: Password: Last modified time: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time: Flag

Password: the password of the user is SHA512 encrypted
Last modified: The number of days from January 1, 1970 to the last time the user changed the password
Minimum time interval: the number of days from January 1, 1970 to which the user can change the password
Maximum time interval: The number of days from January 1, 1970 to which the user must change the password
Warning Time: How many days before the user password expires remind users to update
Inactivity Time: The number of days to disable an account after the user password expires
Expiry time: From January 1, 1970 onwards to the number of days to disable the account
Flags: Reserved Bits

/etc/group: Grouping users as a way to manage and control access to users in Linux. Each user belongs to a group, a group can have multiple users, and a user can belong to a different group. When a user belongs to more than one group at a time, the primary group to which the user belongs when logged in the/etc/passwd file is the primary group to which they belong, and the other groups are called additional groups. When a user wants to access a file for an attached group, they must first use the NEWGRP command to become a member of the group to which they want to access. All the properties of the group are stored in the/etc/group file. The file example is as follows:

root:x:0:
Group name: Group Password: GID: Group member

Group Password: For security reasons, the password is not saved with the field "x" placeholder
GID: Group identification number, each group has its own unique GID
Group member: Multiple members are separated by ",", and in CentOS7, if there is only one member, the

/etc/gshadow defines user group password, group Administrator and other information, the file can only be accessed by the root user, the file example is as follows: \

Root::
Group name: Group Password: Group Administrator account: Group member

Users and Groups in Linux