View all users and all user groups in linux [theory]

View all users and all user groups in linux [theoretical] 1. Understand the concept of single-user multi-task and multi-user multi-task in Linux. Linux is a multi-user and multi-task operating system; we should understand the concepts of single-user multi-task and multi-user multi-task. 1. single-user multi-task in Linux; single-user multi-task. For example, after logging into the system with beinan, I want to open gedit to write the document, but during the process of writing the document, I feel less music, so I have to enable xmms to make music again. Of course, it is not enough to listen to some music, and MSN has to open it, I want to know what some of my colleagues are doing now. In this way, when I Log On As A beinan user, I run gedit, xmms, msn, and the input method fcitx; this is a bit simple. A beinan user executes several tasks to complete the work. Of course, the beinan user and others can log on remotely, it can also do other work. 2. Multiple users and multi-tasks in Linux. Sometimes many users use the same system at the same time, but not all users must do the same thing, so there are multiple users and multiple tasks. For example, LinuxSir. the Org server contains FTP users, system administrators, web users, and common users. At the same time, some may be visiting the forum, and some may be uploading software package management sites, for example, luma or Yuking is managing their home page system and FTP. At the same time, there may be system administrators who are maintaining the system. They use nobody users to browse the home page, the uploaded Software Package uses FTP users. The Administrator's maintenance or viewing of the system may use a common account or super-Permission root account. Different users have different permissions, different users are required to complete different tasks. You can also say that different users may do different jobs. It is worth noting that: multi-user multi-task operations are not performed by the keyboard and display of a single machine at the same time. Multiple users may log in remotely. Line, such as remote control of the server. Anyone with user permissions can perform operations or access. 3. User roles are differentiated. Users are divided into roles in the system, in Linux, permissions and tasks are different due to different roles. It is worth noting that user roles are identified by UID, especially UID. In system management, the system administrator must stick to the unique UID feature. root User: The system is unique and real. You can log on to the system, operate any files and commands of the system, and have the highest permissions. Virtual users: these users are also known as pseudo users or fake users. They are differentiated from real users. Such users do not have the ability to log on to the system, but are indispensable users for system operation, for example, bin, daemon, adm, ftp, mail, etc. All these users are owned by the system rather than those subsequently added. Of course, we can also add virtual users. Common real users: these users can log on to the system, but can only operate the contents of their home directories; limited permissions; these users are added by the system administrator; 4. Security of multi-user operating systems; multi-user system More convenient. From a security perspective, the multi-user management system is more secure. For example, if a file under a beinan user does not want other users to see it, just set the file permissions, only one beinan user can read, write, and edit data. In this way, only one beinan user can operate on its private files. Linux is the best performing solution for multiple users, linux can protect the security of every user, but we also have to learn about Linux as a secure system. If there is no security-aware administrator or management technology, such a system is not secure. From the server point of view, the system security under multiple users is also the most important. For Windows operating systems that we commonly use, the system's capability of permission management can only be said to be general, there is no way to compare with Linux or Unix systems; 2. Concepts of user and group; 1. Concepts of user; based on our understanding of multiple users in Linux, we understand that Linux is a real multi-user operating system, so we can build several users in Linux ). For example, our colleague wants to use my computer, but I don't want him to log on with my user name, because my user name contains information and information (that is, private content) that he does not want others to see) in this case, I can create a new user name for him to use the user name I opened. This is in line with the operational rules from the perspective of computer security. Of course, the user (user) in Linux, some users are used to complete specific tasks, such as nobody and ftp. org's webpage program is a nobody user. ftp or nobody is used for anonymous ftp access. If you want to know some Linux accounts, see/etc/passwd; 2. The concept of a user group. A user group is a collection of users with the same features. For example, we sometimes want to allow multiple users to have the same permissions, for example, to view or modify a file or execute a command, we need a user group. We define all users to the same user group. The user group has certain operation permissions. In this way, users in the user group have the same permissions on the file or directory, this is implemented by defining groups and modifying file permissions. For example, to allow some users to view a document, such as a schedule, the person who writes the timetable must have the read and write permissions for execution. We want some users to know the content of the timetable and not let them modify it. Therefore, we can divide all these users into a group, then modify the permissions of the file to make the user group readable. In this way, each user in the user group is readable. The ing between the user and the user group is as follows: one-to-one, many-to-one, one-to-many, or many-to-many. One-to-one: a user can be the only member of a group. Multiple-to-one: multiple users can be members of a unique group and cannot belong to other user groups. For example, beinan and linuxsir users belong to the beinan user group only. one-to-many: A user can be a member of multiple user groups. For example, beinan can be a member of the root user group, a member of the linuxsir user group, or an adm user group. many-to-many: multiple users correspond to multiple user groups And several users can belong to the same group. In fact, the many-to-many relationship is the expansion of the first three; the above three items can also be understood; 3. The user) configuration files, commands, or directories related to user groups; 1. configuration files related to users and groups; 1) configuration files related to users) related configuration files;/etc/passwd Note: user configuration file;/etc/shadow Note: user shadow password file; 2) user group) related configuration files;/etc/group Note: User group configuration file;/etc/gshadow Note: shadow file of user group; the/etc/group file contains all the groups/etc/shadow and all the usernames in the/etc/passwd system [plain] 1./etc/group explanation; the/etc/group file is the configuration file of the user group, including the user and user group, and shows which user belongs User groups or user groups, because a user can belong to one or more different user groups. users in the same user group have similar characteristics. For example, if we add a user to the root user group, this user can browse the files in the root user's home directory. If the root user opens the read and write permissions for a file, all users of the root user group can modify this file. If it is an executable file (such as a script), users of the root user group can also execute it; user Group features provide great convenience for system administrators in system management, but security is also worth noting. For example, a user has the most important content for system management, it is best to allow users to have independent user groups, or set the permissions of files under the user to be completely private. In addition, the root user group should not easily add normal users, 2. the/etc/group content is analyzed in detail. The/etc/group content includes the User Group, User group password, GID, and User contained in the User group ), each user group has one record. The format is group_name: passwd: GID: user_list. Each record in/etc/group has four fields: first field: User group name; second field: user group password; third Field: GID fourth field: User List. Each user is separated by a comma (,). This field can be blank; if the field is blank, the user group is the GID user name. 2. Tools or commands for managing users and groups; 1) Tools or commands for managing users; useradd Note: Add User adduser Note: Add User passwd Note: Set the password usermod for the user Note: to modify the USER command, you can use usermod to modify the login name, user's home directory, and so on; pwcov note: synchronize users from/etc/passwd to/etc/shadowpwck. Note: pwck verifies whether the contents of the user configuration file/etc/passwd and/etc/shadow are legal or complete. pwunconv note: it is the vertical reverse operation of pwcov. It is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file. finger note: view user information tool id Note: view User UID, GID, and the user group chfn Note: Change User information tool su Note: User Switching tool sudo note: sudo uses another user to execute commands (execute a commandas another user), su is used to switch users, and then the user to complete the corresponding tasks, however, sudo can directly execute the following commands. For example, sudo can execute root authorization without the root password. Only root can execute the corresponding commands; however, you have to use mongodo to edit/etc/sudoers. mongodo Note: visodo is the command to edit/etc/sudoers. You can also use this command, directly Using vi to edit/etc/sudoers has the same effect; sudoedit Note: similar to the sudo function; 2) tools or commands for managing user groups; groupadd note: add User Group; groupdel Note: delete user group; groupmod Note: Modify user group information groups note: Display User Group grpck gr Conv note: synchronize or create/etc/gshadow through the file content of/etc/group and/etc/gshadow. If/etc/gshadow does not exist, create it. grpunconv note: use the/etc/group and/etc/gshadow file content to synchronize or create/etc/group, and then delete the gshadow file; groups: view the group member groups gliethttp of the currently logged-on user. view the group where the gliethttp user is located, and view the current username in the group member whoami. 3./etc/skel directory; the/etc/skel directory is generally the directory for storing User Startup files, which is controlled by the root permission. When we add users, files in this directory are automatically copied to the Home Directory of the newly added user. Files in the/etc/skel directory are hidden files, which are similar. file Format. You can modify, add, or delete files in the/etc/skel directory to provide users with a unified, standard, and default user environment; [root @ localhost beinan] # ls-la/etc/skel/total usage 92drwxr-xr-x 3 root 4096 August 11 23:32. drwxr-xr-x 115 root 12288 October 14 13:44 .. -rw-r -- 1 root 24 May 11 00:15. bash_logout-rw-r -- r -- 1 root 191 May 11 00:15. bash_profile-rw-r -- r -- 1 root 124 May 11 00:15. bashrc-rw-r -- 1 root 5619. canna-rw-r -- 1 root 438 May 18 15:23. emacs-rw-r -- 1 root 120 May 23 05:18. gtkrcdrwxr-xr-x 3 root 4096 August 11 23:16. kde-rw-r -- 1 root 658. files in the zshrc/etc/skel directory are generally copied to the Home Directory of the newly added user by using the useradd and adduser commands; if we add a user by modifying/etc/passwd, we can create the user's home directory and copy the files under/etc/skel to the user's home directory, then, chown is used to change the owner of the new user's home directory; 4./etc/login. defs configuration file;/etc/login. the defs file is a plan for creating a user, such as whether to use the home directory, the UID and GID range, and the user's validity period when creating a user, this file can be defined by root. For example,/Ora's/etc/logins. defs file content; # * REQUIRED * # Directory where mailboxes reside, _ or _ name of file, relative to the # home directory. if you _ do _ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # QMAIL_DIR Maildir MAIL_DIR/var/spool/mail Note: when creating a user, create a user mail file in the/var/spool/mail directory; # MAIL_FILE. mail # Password aging controls: # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS99999 note: the maximum number of days when the user's password does not expire; PASS_MIN_DAYS0 note: the minimum number of days between password modification; PASS_MIN_LEN5 Note: The minimum password length; PASS_WARN_AGE7 note: # Min/max values for automatic uid selection in useradd # UID_MIN 500 note: The minimum UID is 500, that is, when a user is added, the UID starts from 500; UID_MAX60000 note: the maximum UID is 60000; # Min/max values for automatic gid selection in groupadd # GID_MIN500 Note: GID starts from 500; GID_MAX60000 # If defined, this command is run when removing a user. # It shoshould remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument ). # USERDEL_CMD/usr/sbin/userdel_local # If useradd shoshould create home directories for users by default # On RH systems, we do. this option is ORed with the-m flag on # useradd command line. # CREATE_HOME yes Note: whether to create a user's home directory requires creation; 5./etc/default/useradd file; rule file when adding a user through useradd; # useradd defaults fileGROUP = 100 HOME =/home Note: Create the user's home directory in/HOME; INACTIVE =-1 Note: whether to enable account expiration and suspension, -1 indicates not enabled; EXPIRE = Note: account end date. If not set, it indicates not enabled; SHELL =/bin/bash Note: SHELL type used; SKEL =/etc/skel Note: by default, the default file storage location of the user's directory is added. That is to say, when adduser is used to add users, the files in the user's home directory are, all of them are copied from this directory. Note: There are so many user and group management content. You only need to understand and master the content mentioned above, user and group management is similar. Because user and group are associated with file and directory permissions, therefore, operations on file and directory permissions will also be written into an independent document. This article only helps novice students understand the principles of user and group, therefore, when I write this article, I mostly explain the content. I mean it is important to let new beginners understand the theory by explaining and indexing some commands, technical Operations are nothing more than command usage;