Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is the method of account and rights management of Linux". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Next, let the editor take you to learn "what is the account and rights management method of Linux"?

1. Manage user accounts 1.1 user accounts Overview user accounts indicate that the superuser root is the default superuser account in the Linux operating system and has the highest permissions on this host. Superusers are unique in the system. Ordinary users are created by root users or other administrator users, and their permissions are limited. Generally, they only have full permissions in the user's own host directory. When installing the Linux operating system and some applications, they will add some specific low-privilege user accounts. These users are generally not allowed to log in to the system, but are only used to maintain the normal operation of the system or a program, such as bin, daemon, ftp, mail, and so on. 1.2 Group account Group account description: there is only one basic group account for the basic group (private group), which is usually the group specified when the user is created. What is recorded in the fourth field in the / etc/passwd file is the user's basic group GID number additional group (public group) the user adds a specified group in addition to the basic group. 1.3 UID and GID

UID: user identification number

GID: group identification number

The UID and GID numbers of root user accounts are fixed values of 0

The UID and GID numbers of the user account of the program default to 1x499.

The UID and GID numbers of ordinary users default to 5000060000.

1.4 user account file

User accounts, passwords and other information in the Linux system are saved in the corresponding configuration files, and user accounts can be managed by directly modifying these files or using user management commands.

There are two main configuration files related to user accounts, namely / etc/passwd and / etc/shadow. The former is used to save the basic information such as user name, host directory and login shell, while the latter is used to save the user's password, account validity and other information. In these two configuration files, each line corresponds to a user account, and different configuration items are separated by a colon ":".

1.41 user account file / etc/passwd

All users can access the contents of the / etc/passwd file based on the operational and administrative needs of the system, but only root users can make changes.

In the early UNIX operating system, the password information of the user account is saved in the passwd file, illegal users can easily obtain the password string and break it violently, so there are some security risks. Later, after improvement, the password is transferred to a special shadow file, while only the password placeholder "x" is retained in the passwd file.

Each line corresponds to a user's account record.

Root:x:0:0:root:/root:/bin/bash field 1: user account name (root) field 2: user password placeholder "x" (x) field 3: user account UID number (0) field 4: GID number (0) field 5: user full name (root) field 6: host directory (/ root) field 7: login Shell information (/ bin/bash is a logged-in system / sbin/nologin and / bin/false to prohibit users from logging in to the system ) Note: in field 7, / bin/nologin login is rejected, and login is rejected when prompted; / bin/false does not prompt 1234567891.42 user account file / etc/shadow

■ saves the user's password, account validity and other information.

By default, only root users can read the contents of the / etc/shadow file, and direct editing of the contents of the file is not allowed.

Each line corresponds to a user's password record

9 fields (separated by:)

Root:$6$ VyOUGqOC$v5HlLM1wagZC/FwGfnrtJFnlT:18445:0:99999:7::: field 1: user account name (root) field 2: password string information encrypted using MD5, when "*" or "!!" Indicates that this user cannot log in to the system. If the content of this field is blank, the user can log in to the system without a password ($6$ VyOUGqOC$v5HlLM1wagZC/FwGfnrtJFnlT) field 3: the time when the password was last modified, which indicates the number of days between January 01, 1970 and the last time the password was modified (18445) field 4: the minimum valid days of the password, which must pass at least this number of days before you can change the password again. The default value is 0, which means there is no limit to field 5: the maximum number of days for which the password is valid. After this change, the password must be changed again. The default value is 99999, indicating that there is no limit to (99999) Field 6: how many days in advance to warn the user that the password will expire, and the default value is 7 (7) Field 7: how many days after the password expires this user (empty) field 8: account expiration time. This field specifies the number of days for the user to be invalidated (calculated from January 01, 1970), and the default value is empty, indicating that the account is permanently available. (blank) Field 9: reserved fields (not used) (empty) Note: fields 7, 8 and 9 are seldom used and generally use default. You can add user account useradd or adduser by understanding 12345678910111.5 user account management 1.5.1

Add the record of the user account at the end of the / etc/passwd file and / etc/shadow file.

If the user's host directory is not explicitly specified, a host directory with the same name as the user's account is automatically created under the / home directory, and various initial configuration files for the user are established in that directory.

If the group to which the user belongs is not specified, a basic group account with the same name as the user account is automatically created, and the recorded information of the group account will be saved to / etc/group and / etc/gshadow files.

When adding a user using useradd or adduser, nothing can be done because the user is not activated. This user can only be activated after a password has been configured before the operation can be carried out.

Format: useradd [option] user name 1 Common option:-u: specify the user's UID number, requiring that the UID number is not used by other users. -d: specifies the location of the user's host directory (does not take effect when used with-M). -e: specify the expiration time of the user's account. You can use the date format of YYYY-MM-DD. -g: specify the basic group name of the user (or use the GID number). The corresponding group name must already exist. -G: specify the user's additional group name (or use the GID number), and the corresponding group name must already exist. -M: no host directory is established. -s: specify the login Shell of the user (for example, / bin/bash is a login system, / sbin/nologin and / bin/false are forbidden to log in to the system). For example: useradd-d / admin-g wheel-G root admin1useradd-e 2020-12-31-s / sbin/nologin admin21234567891011

Add user account zhangsan when adding the user account zhangsan, the user's directory is created at the same time

Set up a user whose user name is lisi, the UID number is 2000, specify the user's additional group name zhangsan, do not establish the host directory, and specify the user's account expiration time 2021-12-31.

1.5.2 set the password passwd for the user account

Root users can specify a user name as a parameter to manage the password of the specified account.

Ordinary users can only change their passwords by executing a separate "passwd" command.

Command format: passwd [options] user name Common option:-d: clear the password of the specified user, and log in to the system using only the user name. -l: lock the user account, the locked user account will no longer be able to log in to the system. -S: check the status of the user's account (whether it is locked). -u: unlock the user account. (when-u is unlocked, it will be prompted if there is no password, and you need to use-f to force unlock) 123456

Set password

You can log in directly after clearing the password.

1.5.3 modify attributes of user account usermod command format: usermod [options] user name Common option:-u: modify the user's UID number. -d: modify the location of the user's host directory. -e: modify the expiration time of the user's account and use the date format of YYYY-MM-DD. -g: modify the basic group name of the user (or use the GID number). -G: modify the user's additional group name (or use the GID number). -s: specifies the login Shell of the user. -l: change the login name of the user account. -L: lock the user account. -U: unlock the user account. 1234567891011

Change the login of the zhengsan user to wangwu

1.5.4 delete user account userdel command format: the user's host directory can be deleted 12 when the "- r" option is added to the userdel [- r] username

Create a chenliu account and delete it using-r to find that the host directory has been deleted

If the host directory to be deleted contains other accounts, the host directory will not be deleted

two。 Manage group accounts 2.1 group accounts manage 2.1. 1 group account files / etc/group: save basic information of group accounts / etc/gshadow: save password information of group accounts [root@promote home] # grep "ceshi1" / etc/groupceshi:x:1002:ceshi1ceshi1:x:1003: field 1: name field 2: placeholder "x" field 3: GID field 4: use of group accounts User members (generally excluding the user account corresponding to the basic group) Multiple members are separated by commas "," 123456789102.1.2 add group account groupadd add group account command format: groupadd [- g GID] group account name delete group account command format: groupdel group account example: groupadd-g 2000 ceshi2 add a group account named ceshi2,GID 2000 group account tail-1 / etc/group view the last line of this document, usually the last line is the 1234567 you just added

Add a group account named class01

2.1.3 add and delete group member gpasswd command format: gpasswd [options] Group account Common options:-a: add a user to the group-d: delete a user member from the group-M: define a list of group members, delete the group account groupdelgroupdel account name 1 by a comma

Example

Groupdel market delete group account marketgrep "market" / etc/group 122.2 query account information 2.2.1 query group groupsgroups [user name] 12.2.2 query user identity idid [user name] 1

2.2.3 query user account details fingeryum install-y finger installation finger (version may be different, can be directly completed by Tab) finger [user name] 12

2.2.4 query user information w, who, users command 1 that have logged in to the host

Usually use tty to abbreviate various types of terminal devices, Centos7 system, tty1 for graphical interface, tty2-tty6 for text interface, can be switched with ctrl+Alt+F1-F6.

Press Ctrl+Alt+F2 to log in, execute the w command, and check that the terminal used is tty2

The pts description is connected with a remote tool, such as xshell. The following numbers represent the chronological order of login. The smaller the number, the earlier the login.

3. Permissions for files and permissions for attribution to 3.1 files / directories

Read r: allows you to view file contents and display directory lists

Write w: allows file contents to be modified, new files or subdirectories to be created, moved, or deleted in the directory

Executable x: allows you to run programs and change directories

Permission entry read and write execution. The character indicates that the rwx- number indicates (octal) ownership (ownership) that the owner owns the user account of the file or directory, the group account that owns the file or directory, and the group account number 3. 3. View the permissions and ownership of the file / directory

-rw-r--r--. 1 root root January 28 22:59 aa.txt file type and permissions master group 123.4 set permissions for directories and files chmod syntax 1:chmod [ugoa] [+-=] [rwx] files or directories. (+, -, = = add, remove, set permissions, respectively) (u, g, o, a represent owner, subordinate group, other users, All users) (r The wrecom x permission character can be represented as the octal character 4pm 2pm 1 respectively, indicating that a combination of permissions requires the accumulation of numbers. Such as rwx=7,rw-r-r=644) Syntax 2:chmod nnn file or directory. (3 octal numbers) Common command options:-R: recursively modify the permissions of all subitems under the specified directory 12345673.5 set the directory and file ownership chownchown master file or directory chown: group file or directory chgrp file or directory chown master: group file or directory chown master. Group files or directories-R: recursively modify the attribution of all subdirectories and files under a specified directory 1234567893.6 set default permissions for directories and files umask

Umask action

Specifies the default value of permissions for the current user when creating a new file or directory

The permission of the newly created file or directory is the default maximum permission minus umake (the maximum default permission for ordinary files is 6, and the maximum default permission for directories is 7)

1.umask setting: umask 022

2.umask View: umask

At this point, I believe that everyone on the "Linux account and rights management methods are what" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.