Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of CentOS user account management. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

1. User management

/ etc/passwd username profile

/ etc/shadow user password profile

(1) structure of / etc/passwd:

Username:password:uid:gid:commit:user home path:shell

Description:

Uid and gid systems add themselves sequentially by default

User's home directory-ordinary users at / home,root / (or ~)

Shell refers to login method-common / bin/bash,/sbin/nologin (set to non-login form)

(2) structure of / etc/shadow

Username: user name

Password: password, encryption $1 (md5), $5 (sha-256), $6 (sha-512),! No password, * locked user

Time of last password change: days from 1970-1-1

How many days will it take to change the password:

Password expiration period:

Warning password invalidation: notice a few days before password expiration

Invalid account period: change the password in time to avoid unavailability of users

The next is the reserved field.

Insert: Linux time synchronization

Date-s definition time (date format)

Ntpdate time server address

Hwclock-h: same time as in BIOS

2. Operations on user accounts

(1) basic operation

Add user: useradd-u [uid]-g [gid]-G [group]-d [home dir path]-M [don't create home path]

-s [shell such as / sbin/nologin, / bin/bash] [username] can create user-specified groups

Delete user: userdel-r is deleted together with the home directory

Add user group: groupadd-g [gid] [groupname]

Delete user group: groupdel [groupname]

View: id [username]

Example: failed to switch users, no user's home directory

Solution:

# mkdir

# cp-rv / etc/skel/.b*

; # if you need to delete it at the same time, the master group of the home directory should be the user

(2) change the attributes of the user account

Usermod-u-g-G-s-d-L: locked user-U: unlocked user

Chfn username: add a description of the user account

Set password

Randomly generate passwords: mkpasswd-l fixed length-s defines special characters-yum install-y mkpasswd)

Recording tool: keepass

3. Switch users

Su-[username] switch completely, switch environment variables and home directories, etc.

Su-C''command'-user temporarily executes commands with the privileges of a user

Sudo allows ordinary users to execute commands temporarily with the privileges of a specified user.

Set the user's password sudo / bin/ls / root/

Change visudo configuration, "user ALL= (source user) NOPASSWD: (no password required) absolute path to execute command"

Example 1: enter the password only once when changing the password

Solution: passwd-stdin

Echo-e "[new password]\ n [new passwd]\ n" | passwd passwd-- stdin [username];\ n is the carriage return-e dative character

Example 2: Telnet connection is too slow

Solution:

Vim / etc/ssh/sshd_config

Enable UseDNS* and change the value to no

/ etc/init.d/sshd restart or service sshd restart

Example 3: disabling remote root does not prevent commands from being executed with root privileges

Solution:

1. Disable root remote login

Vim / etc/ssh/sshd_config

PermitRootLogin.. Enabled, the value is changed to no

/ etc/init.d/sshd restart or service sshd restart

two。 Change the handover execution permission

Visudo

[username] ALL= (root) NOPASSWD:/bin/ls,/bin/su (location: under the line root) do not switch passwords

Su-[username]

Sudo su-

This is the end of the article on "sample Analysis of CentOS user account Management". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.