Shulou(Shulou.com)06/02 Report--

Detailed explanation of privilege management of Linux users and user groups-01

Three important documents of Linux user management are explained in detail:

User name and password are required to log in to Linux. The / etc/passwd file saves the user name. When logging in to Linux, Linux first looks up whether the user name exists in the / etc/passwd file. If not, it pops out. If so, it reads the user ID and group ID of the user name, the root path corresponding to the user name, and the shell used. Finally, check whether the PWD corresponding to the UID is correct in / etc/shadow, then log in to the user's shell.

1.1 / etc/passwd details:

Cat / etc/passwd

Account name: user name, root is the system default highest administrator user. Password: because the password is saved in the / etc/shadow file, it is indicated by "x" here. If the password is not set, the entry is empty. User ID: the unique identification ID of the internal user of the system, in which the user ID has the following types: 0 represents the system administrator. If you want to establish a system administrator, you can first establish a normal account, and then change the user ID to 0. 1-500 system reservation ID,500 above is ordinary user ID. Group ID: the user group identifies ID, which is related to / etc/group. Description information: the description of the account. User root directory: the user logs in to the starting directory and first enters this directory after logging in to the system. The root user defaults to / root, while the normal user is / home/ user name. User login shell: the shell used by the user after logging in to the system.

1.2 / etc/shadow details:

In the early unix system, the user account and password were saved in passwd. Even if the password was saved in ciphertext in passwd, the passwd file was readable to all users. Now Linux uses "shadow" to save password ciphertext and passwd file to save user account information. "shadow" file can only be accessed by administrator users.

Cat / etc/shadow | tail-4

Account name: user name, which means the same as passwd.

Password: the ciphertext of the user's password.

The first character in the password field is "*" to indicate that the user cannot log in. If you do not want this user to log in, add a "*" in front of him.

The first character is "!" Indicates that the user is disabled, and the newly created user is disabled when he or she does not have a password, using "!!" To represent

The first character is "empty", which means that the user does not have a password and does not need a password to log in.

The date of the last password change: the last date of password change, why 15181? Because the Linux calculation date is January 1, 1970, and January 1, 1971 is 366, the date on which I changed my password is inferred to be 15181. The number of days that the password cannot be changed: indicates how long it will take to change the password. "0" means you can change it at any time. The number of days the password needs to be changed: the password must be updated within this time, otherwise the account will be temporarily invalid. 99999, indicating that the password does not need to be updated. Warning period before the password change period is approaching: when the expiration period of the account password is approaching, the system will issue a warning according to this field to remind the user that the password will expire. The default is 7. Account expiration period: if the password is not updated after the warning period, so that the password is invalid, and the user does not report to the administrator within the time limit in this field, the user will be temporarily invalidated if the account is reactivated. Account cancellation date: this field also uses the date calculation method since 1970, indicating that the user will no longer be able to use after the time specified in this field. Reserved: reserved fields.

1.3 / etc/group details:

Starting from the first line, there are a total of four items, in turn: group name: user group name. Group password: generally do not need to set, rarely use group login. But this password is also stored in / etc/shadow. Group ID: user group ID. The name of the supporting account: all accounts in this group. If you want david users to belong to the root group, add ", davidi" at the end of the first line. Note that there are no spaces when added.

2. Detailed description of user and user group management operations:

2.1 adduser add users:

Adduser [- u uid] [- g group] [- d home] [- s shell]

-u: give userID directly

-g: give GID directly

-d: directly establish the root directory in the existing directory

-s: define shell

Add user garfield

1adduser garfield

Verify that the addition of the user garfield is successful through the three user management files described earlier:

When we create a new user, we implement the basic settings of the new user through the / etc/login.defs and / etc/default/useradd files.

Cat / etc/login.defs

Cat / etc/default/useradd

The SKEL option in this file specifies that the contents of the user's root directory are copied from the / etc/skel directory.

2.2 passwd set user password:

Passwd [user name] set password

2.3 usermod disables and enables accounts:

Usermod-L [user name] disable account

Usermod-U [user name] enable account

Usermod-e YYYY-MM-DD [user name]

The usermod command disables and enables accounts by adding and deleting "!" before the corresponding user password in / etc/shadow. It came true.

2.4 groupadd create Group:

Groupadd [- g gid [- o]] [- r] [- f] group

2.4.1 when creating a user, specify which user group the user belongs to:

Usersadd-g group_name user_name

2.4.2 change the user's user group:

Usermod-g group_name user_name

2.4.3 add users to other groups:

Usermod-G group_name user_name

2.5 modify the name of the group:

Groupmod-n new_group_name old_ group_name

2.6 modify the user name:

Usermod-l new_user_name old_ user_name

2.7 Delete a user:

Userdel [- r] user_name

2.8 Delete a group:

Groupdel group_name

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.