Shulou(Shulou.com)06/02 Report--

User profile: / etc/passwd

Cat / etc/passwd view the linux user profile:

* the content of the user profile is divided into 7 sections, which are divided into:

The first paragraph represents the user name

The second paragraph x represents the password and is saved in the / etc/shadow file

The third paragraph represents uid (subscriber number)

The fourth paragraph represents gid (user group number)

The fifth paragraph represents comments (usually empty or describe user-related comments)

The sixth paragraph represents the user's home directory.

The seventh paragraph represents the shell of the user (usually / bin/bash, users created by the system have / sbin/nologin, etc., and nologin indicates that they cannot log in)

Password profile: / etc/shadow

* password profile corresponds to / etc/passwd user profile and is divided into 9 segments, divided by:

The first paragraph represents the user name

The second paragraph represents the encrypted password (the two users have the same password and different encrypted values)

The third paragraph represents the date of the last password change (in days, the number of days that has elapsed since 1970-01-01 to the day when the password was last changed)

The fourth paragraph represents the minimum number of days required between two password changes.

The fifth paragraph represents the maximum number of days for the password to remain valid

The sixth paragraph represents the number of days before the password expires to prompt the user.

The seventh paragraph represents the maximum number of days for which the user's account remains valid without logging in.

The eighth paragraph represents the expiration time of the user's account.

Paragraph 9 is meaningless for the time being, reserved domain

System backup file

* some files with a-symbol after the file name that appear in the / etc directory are automatically backed up by the system and are used to restore data when important files are mistakenly deleted

User group management

1. Add user group: groupadd groupname

After the user group is created, check the user group profile and show that it has been created successfully. The gid (user group number) is 1004*.

two。 Specify gid (user group number),-g parameter when creating a user group

* Select unused numbers above 1000 when specifying gid, and reserve gid for the system below 1000

3. Delete user group: groupdel groupname

When deleting a user group, you cannot delete it if there are users in the group *

User management

1. Create user: useradd username

If you do not specify a user group when you add a user, a group that is the same as username will be created *

two。 Specify the user group when you create the user:-g parameter

* as shown below: when creating a user usertest2, specify that the user group is grouptest. After the creation is completed, check that the user profile gid is the gid:1001 of the user group grouptest.

* * add:

-u parameter: specify user uid (user number)

-d parameter: specify the user's home directory

-s parameter: specify user shell (/ bin/bash, nologin, etc.)

-M parameter: when creating a user, do not create a home directory

The create user command can also be: adduser username*

3. Delete user: userdel username

* it should be noted that after the user is deleted using this command, the user's home directory will not be deleted. Ls / home found that the usertest2 user directory is still there.

4. Delete the user while deleting the user's home directory:-r parameter

5.usermod command: changing user information

Modify user uid:usermod-u uid username

Modify user gid:usermod-g gid username

Modify the user's home directory: usermod-d directory path username

Modify user shell:usermod-s shell path username

Lock in users: usermod-L username

Unlock user: usermod-U username

Modify the user expansion group: usermod-G groupname username

View user extension group information: users can belong to multiple groups in id username,linux. For example, the third column below shows the user extension group *

Add a user group linux02 to the linux01 user:

Add multiple groups (linux02, linux03) to linux01 users:

* when you need to add multiple expansion groups to users, you need to write all the groups to be added separated by ",". If you add linux02 group for the first time and add linux03 group for the second time, then the linux03 group will cover the linux02 group, and only linux03 will be used for linux01 users.

User password management

1. Change the password:

Root user change password command: passwd

If the password is not difficult enough, enter it again and change it successfully *

Normal user change password command: passwd username

* when prompted that the password is not long enough, you can change it successfully by entering it again.

After the password change is successful, check that the second column of linux01 in the password configuration file / etc/shadow is already encrypted:

The second column shows "!!" It means that the user cannot log in because he has not set a password.

When the second column shows the "*" number, the password is locked and the user is unable to log in *

two。 Lock and unlock user passwords:

Lock password: passwd-l username

* linux01 lock the user who just created the password and check the password configuration file / etc/shadow the second column password encrypted content is displayed in front of the "!!", indicating that the user's password has been locked

Unlock password: passwd-u username

After unlocking the password of user linux01, check the password profile and display normally *

* * you can also use the usermod command mentioned above to lock and unlock the user password.-L parameter: lock password,-U parameter: unlock password.

3.stdin parameters:

When setting a password for a user, use the stdin parameter, which can be directly modified without secondary verification. It is commonly used in writing shell scripts.

4. Change the password at one time: (you can also change the password without secondary verification when the stdin parameter is not used)

Use echo-e to modify the password at one time. When the echo command is added with the-e parameter,\ n can be resolved to a new line (\ t → tab), and the combined pipe character "|" can be used to change the password directly without the need for second verification *

Password generation tool: mkpasswd

1. Install the install package: yum-y install expect

two。 Generate a random password:

* enter mkpasswd to generate a random password.-l parameter: specify the length of the generated password.-s parameter: specify that the generated random password contains several special characters.

Su command:

* there are two uses of the su command: 1. Switch users, 2. Execute a command as a user

1. Switching users: su-username

[root@localhost ~] # su-linux01 #-switch user environment variables while switching last login: September 3, 19:02:22 on CST 2019pts/0 [linux01@localhost ~] $pwd / home/linux01 # after the switch is completed, the current location is displayed in the user's home directory-- -- [root@localhost ~] # su linux01 [linux01@localhost root] $pwd/root # No-only switch users but not user environment variables The current location is still in the / root directory [linux01@localhost root] $lsls: unable to open the directory.: insufficient permissions

two。 Execute the command as a user:-c parameter

* create a file under the / test directory as the linux01 user and check that the file belongs to the linux01 user

[root@localhost] # su-- c "touch / test/linux01file.txt" linux01 [root@localhost] # ls-l / test/ Total dosage 0 Murray RWMub RWFok-1 linux01 linux01 0 September 3 19:21 linux01file.txt

Sudo command:

* allow ordinary users to temporarily have the privileges of root users

Use the linux01 user to view the root user home directory:

[linux01@localhost ~] $whoamilinux01 [linux01@localhost ~] $ls / root/ls: unable to open directory / insufficient root/: permissions

Add sudo permissions to the linux01 user:

[root@localhost ~] # visudo # Edit sudo configuration file

Find the line that the configuration file starts with root:

Add the following to enable linux01 users to temporarily have ls and cat permissions for root users:

Switch linux01 users and use sudo to view the / root directory and the files in the directory:

[root@localhost ~] # su-linux01 Last login: September 3 21:20:21 on CST 2019pts/0 [linux01@localhost ~] $ls / root/ls: unable to open directory / root/: permissions insufficient [linux01@localhost ~] $sudo ls / root # you can check the password of [sudo] linux01 after adding permissions in the sudo configuration file: # verify the user password test.log [linux01@localhost ~] $sudo cat / root/test.logABCDEFG for the first execution

To use sudo without verifying the password, add NOPASSWD: to the configuration file:

[root@localhost ~] # su-linux02 [linux02@localhost ~] $[linux02@localhost ~] $sudo ls / root/test.log # after modifying the configuration file, password verification is not required and the result is displayed directly

Restrict root remote login:

* in some cases, root users can be restricted from logging in remotely for security reasons

[root@localhost ~] # vi / etc/ssh/sshd_config # Editing profile restricts root remote login

Remove the comment symbol "#" from this configuration item and change the configuration value to no

[root@localhost ~] # systemctl restart sshd # restart the ssh service

Remote login prompts the SSH server to reject the password, limiting the success of remote login

After restricting root users from using remote login, ordinary users who need it can use the su command to switch to root users, but do not want ordinary users to know the root password. At this time, you can log in to root users using sudo password-free authentication:

Edit the sudo configuration file:

At this point, you can log in to the root user using sudo password-free authentication:

[linux01@localhost ~] $whoamilinux01 [linux01@localhost ~] $sudo su-root Last login: September 3, 22:44:47 on CST 2019pts/0 [root@localhost ~] #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.