Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to achieve user management under the linux system. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

I. the significance of the existence of users and user groups 1) the significance of the existence of users

The resources of the system are limited, how to allocate the system resources reasonably?

1. Identity account

two。 Authorized author

3. Certified auth

The above three'a 'are called 3A mechanism, and 3A mechanism constitutes the lowest security architecture in the system.

2) the significance of the existence of user groups

A user group is a logical container that classifies and uniformly authorizes users.

To put it simply, a user group is like a class or community organization when we were at school. You have the right to what rights are given to your class and what rights you have in the department of the community. This facilitates the unified delegation of power.

Second, the way users and user groups exist in the system

Because computers are sensitive to numbers and we are sensitive to names, we can use this feature to store users in the form of numbers and strings associated with them.

We know that everything in Linux is a file, so users are no exception, and what we call users and user groups is actually a string in the file.

The user is a line of characters in the / etc/passwd file. The user group is a line of characters vim / etc/passwd in the / etc/group file. With this command, you can view the contents of the passwd file, and then get the user information. Vim / etc/group can use this command to view the contents of the group file, and then get the user group information.

However, after all, it is troublesome to view the id information of a user or user group in a file. Linux provides us with this command to facilitate us to view the relevant information of the user:

Whoami view current user name id [parameter] [user name] view user's id information. User name defaults to view current user-u view user id-g view user's main group id-G view user's all group id-n display name, cannot be used alone Need to be used in conjunction with the above command to display information user id range: 0: superuser id 1-999:Linux system self-use id 1000-65535: user-level id above id information is recorded in / etc/login.defs III, the system configuration files involved by the user

/ etc/passwd user identity information file

String meaning in passwd user name: user password: user id: user main group id: user description: user home directory: user default shell

/ etc/group group identity information file

Group name: group password: group id: additional member of the group

/ etc/skel/.* user environment profile template

/ etc/shadow user authentication information file

/ home/username user home directory

/ var/spool/mail/username user mailbox file

4. User-related operations 1) Establishment and deletion of users and user groups

We can use the watch command to monitor the creation and deletion of users

Watch-n 1 "tail-n 4 / etc/passwd / etc/group;echo =; ls-l / home"

The user builds the command useradd:

Useradd username # # user creation-uid username # # specify user uid-g id username # # specify main group id-G id username # # specify additional group id-d dir username # # specify user's home directory-M username # # do not create home directory automatically when you create a user -c word username # # specify user description when creating a user-s shell username # # specify shelluserdel username # # user deletion-r username # # Delete user while deleting home directory and system profile groupadd groupname # # group establishment-g id groupname # # specify group idgroupdel groupname # # group deletion 2) user and user group information management

Sometimes we need to change the relevant properties of the user during the use of the server, although we know that the user is stored as a string in the / etc/passwd file and knows the meaning of the string:

User name: user password: user id: user main group id: user description: user home directory: user default shell

Then, of course, we can use root users to modify these fields for the purpose of changing user information, but in practice we will not do this, but use some related commands:

Usermod [options] [parameters] [username] [options]-l # modify user name-u # modify user's uid-g # modify user primary group id-G # modify user additional group identity-aG # add user additional group identity-c # change user description text -d # change the user's home directory pointing-md # both change the home directory pointing and the home directory name-s # change the default shell-L # freeze account-U # unlock the account

Our password information is stored in the shadow file, shadow contents:

User name: encrypted password: last modification time: minimum modification time interval: password validity period: warning days before password needs to be changed: grace time after password expiration: account expiration time: reserved field

We can use the passwd command to modify the password-related attribute information

Passwd [options] [parameters] [username] if options and parameters default, modify 'username' password [option]-S # View password status-l # freeze account Authentication-u # unlock account Authentication-d # Delete user password-e # modify default usage time is 0 -n # set minimum usage time-x # set password expiration time-w # set expiration warning time-l # set inactive days change-d 0 [username] # password must be changed to log in to change-E "xxxx-xx-xx" [username] # set freeze date 5. User decentralization

We use servers in practice and often use decentralization, which allows us to execute commands with higher privileges, for example, we can use decentralization to enable ordinary users to run commands as root, so that we do not have to log on to the root account, which not only ensures the security of the system, but also achieves our goal.

Authorization method:

We can use the visudo command to modify the / etc/sudoers file (of course, we can also use vi or vim to modify the file, but vi and vim do not provide syntax detection, so it is not convenient to find errors when we modify the file incorrectly)

For convenience, we have agreed to add decentralization to about 100 lines of the document:

Username hostname= (newusername) [NOPASSWD:] / command, / command 16, file permissions to view and read

1) permission View

Ls-l file # View file permissions ls-ld dir # View directory permissions

The information of file permissions can be divided into three categories: ugo

U stands for user, that is, the owner of the file g represents group, that is, the ownership group o of the file represents other, that is, other people, people who have nothing to do with the ownership of the file have the flag bit of power in each large type, that is, rwxr represents read, that is, read permission w represents write, that is, write permission x represents execution permission.

We can use the chmod command to modify the permission information about the file.

Chmod [ugo] [+-=] [rwx] [filename/dirname] # Grant permissions through expressions chmod [xxx] [filename/dirname] # through the understanding of Boolean quantities, we can convert rwx three bits from binary to octal, respectively, r-4w-2x-1.

S permission

You can set S permission in the way of string expression, the role of S permission:

When setting s permission on the u bit of a file, it indicates that the file executor will get the owner identity of the file during execution. It can only be used on the binary file. When setting s permission on the g bit of the file, it means that the executor of the file will get the group identity to which the file belongs. If it is used in the directory, then the group of the file created in the directory will become the Sticky Bit of this directory. The effect is that in the current directory, only the owner of the file can delete his own file on "how to achieve user management under the linux system" this article shares here, I hope that the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.