Since Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. Security-wise, it is never a good idea to allow users to share the credentials of the same account. In fact, best practices dictate the use of as many user accounts as people needing access to the machine.
1. Create a new user (group)
①User
New users need to be realized through the instruction useradd.
Some basic usages of useradd are as follows:
useradd username Create a new user
useradd -u uid username specifies the user's uid
useradd -g gid username specifies the user's gid (must exist)
useradd -G gid useradd specifies the additional group of the user (must exist)
useradd -c ‘string’ username specifies the description of the user
useradd -d user home directory username specifies the user's home directory
useradd -s /etc/shell username specifies the shell used by the user (the user's shell is /etc/shell)
②User group
groupadd westos new user group westos
groupadd -g 233 westos1 Create a new user group and specify the ID of the user group westos1 as 233
groupdel westos delete user group westos
2. User switching
1. Log out the current user
To log off the current user, you need to execute the command: gnome-session-quit --force
After the current user logs out, use other users to log in.
2. Switch users
Switch users need to use the command: su-user
Note: 1. In the su-instruction, "-" means that when switching users, the environment of the current user will be switched at the same time
2. When the su-command is executed, a password is not required to switch from an advanced user to a lower-level user, such as a root user to switch to a student user; while a lower-level user switches to an advanced user and the switch between peer users requires a password.
3. How users are stored in the system
/etc/passwd User information file. The information format is "user name: password: uid: gid: description: home directory: shell"
/etc/group User group information file. The information format is "group name: group password: group id: group member"
/etc/shadows authentication information file
/etc/skel/.* The shell configuration is enabled by default, the user's bone file
/home/username user's home directory
4. User's view
①View current user
View the current user needs to input instructions: whoami
example:
②View of users in the system
To realize the user's view in the system, the id instruction is needed.
Related usage of id instruction:
id user View user id information
id -u user View user uid
id -g user View the gid of user user
id -G user View the id information of all groups in which the user user belongs
id -n user display name instead of numbers
5. Modification of user information
The usermod command is needed to modify user information.
The specific usage method is as follows:
usermod -l red black changes the name of user black to red
usermod -u black changes the uid of black
usermod -g black changes the gid of black (the modified gid must also exist)
usermod -G black changes the black additional group (the original group is also) (there are only two groups by default)
usermod -aG black add black additional group
usermod -c black change user black description information (if the user does not have description information, add it directly)
usermod -d black changes the home directory of user black
usermod -s black changes the shell of user black
usermod -L black freeze account black (passwd -L black is also possible)
usermod -U black unlock account black (passwd -Ublack is also possible)
6. User authorization
① In the system, super users can delegate operations that ordinary users cannot perform, and delegate power to ordinary users. Configuration file: /etc/sudoers
②Methods of decentralization
Execute the visudo command in the super user, enter the edit /etc/sudoers, and jump to about one hundred lines.
Execute the following commands:
User (username) Host name (obtained user identity) = (obtained user identity: root) command
③Execute decentralized orders
After switching to a normal user, execute the following command:
example:
student localhost=(root) /usr/sbin/useradd (delegated to student users the right to create new users)
student localhost=(root) NOPASSWD: /usr/sbin/useradd (delegated to student users the right to create new users, no password)
username (You need to add sudo to the previous point, not useradd +username directly)
"For example: sudo useradd AA
7. User authentication information
①View user authentication information
The information file that records user authentication is /etc/shadows,
Enter the following command to view
tail -n 2 /etc/shadow
Will display ght:!!:18084:0:99999:7:::
ght !! 18084 0 99999 7
User name User password Last password modification time Minimum password validity period Maximum password validity period Password warning period User inactive days User expiration date None
②User password
User password related instructions are as follows:
passwd username change user password
passwd -l username Add "!" before the user password
passwd -u username delete "!" before the user password
usermod -L username Add "!!!" before the user password
usermod -U username delete "! 1" before the user password
passwd-d username Clear user password
Note: When an ordinary user changes the password:
1. Must know the original password of the current user;
2. The password cannot be similar to the account name;
3. The password cannot be ordered numbers or ordered pure letters;
4. If the password is pure numbers or The letter must be greater than 8 digits.
Modify the above user authentication information
The time when the user password was last modified:
passwd -e ght
chage -d 0
Minimum user password validity period:
passwd -n 1 ght
chage-m 1ght
Maximum validity period of user password:
passwd -x 999 ght
chage -N 999 ght
Password warning period:
passwd -w 7 ght
chage -W 7 ght
User inactive days:
paswd -i 9 ght
chage -I 9 ght
User expiration date:
chage -E 2019-11-11 ght
