Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The usage of the Linux basic command gpasswd

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the usage of the Linux basic command gpasswd". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Gpasswd

The gpasswd directive is used to manage the group files "/ etc/group" and "/ etc/gshadow", and each group can set administrators, team members, and passwords. System administrators can use the-An option to define group administrators and the-M option to define members. They have all the rights of group administrators and members. Gpasswd, called by a group administrator with a group name, prompts only for a new password for the group. If a password is set, members can still use newgrp (1) without a password, and non-members must provide a password.

Group passwords are an inherent security issue because multiple people are allowed to know the password. However, groups are a useful tool for allowing collaboration between different users.

Warning, this tool operates only on "/ etc/group" and "/ etc/gshadow" files. Therefore, you cannot change any NIS or LDAP groups. This must be performed on the appropriate server.

The scope of this command: RedHat, RHEL, Ubuntu, CentOS, SUSE, openSUSE, Fedora.

1. Grammar

Gpasswd [options] group

2. List of options

Option

Description

-- help

Show help documentation

-- version

Show command version

-a |-- add user

Add a user to a group

-d |-- delete user

Delete member

-r |-- remove-password

Delete group password

-R |-- restrict

Restrict access to named groups. Only group members are allowed to join named groups using newgrp.

-M |-- members user,...

Add multiple members to a group

-A |-- administrators user,..

Set up group administrator

3. Configuration

The following configuration variables in "/ etc/login.defs" change the behavior of the tool:

ENCRYPT_METHOD (string), which defines the system default encryption algorithm used to encrypt passwords (if no algorithm is specified on the command line). Available algorithms are: DES (default), MD5, SHA256, SHA512. Note: this parameter overrides the MD5_CRYPT_ENAB variable.

MAX_MEMBERS_PER_GROUP (number), the maximum number of members for each group entry. When the maximum is reached, start a new group entry (line) in / etc/group (with the same name, same password, and same GID). The default value is 0, which means that there is no limit to the number of members in the group. This feature (split grouping) allows you to limit the length of lines in a group file. This is useful for ensuring that the lines of the NIS group are no more than 1024 characters. If you need to enforce such restrictions, you can use 25. Note: split grouping may not support all tools (even in the Shadow tool set). You should not use this variable unless you really need it.

MD5_CRYPT_ENAB (boolean), indicating whether the password must be encrypted using an MD5-based algorithm. If set to Yes, the new password is encrypted using a MD5-based algorithm that is compatible with the algorithm used in the latest version of FreeBSD. It supports infinite length passwords and longer salt strings. Set to No if you need to copy the encrypted password to another system that does not understand the new algorithm. The default is no. This variable is replaced by the ENCRYPT_METHOD variable or any command-line option used to configure the encryption algorithm. This variable is not recommended. You should use ENCRYPT_METHOD.

SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number), which defines the number of SHA rounds used by the encryption algorithm by default when Encrypt_Method is set to SHA 256or SHA 512 (when the number of rounds is not specified on the command line). There are many rounds, and this is a more difficult violent coercive password. Note, however, that more CPU resources are needed to authenticate users. If not specified, libc selects the default number of rounds (5000). The value must be in the range of 1000-999999999. This value is used if only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS is set. If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest value will be used.

4. Files

/ etc/group, group account information.

/ etc/gshadow, security group account information.

5. Examples

1) add user user01 to group weijie

[root@localhost david] # gpasswd-a user01 weijie / / add users to the group

Adding user user01 to group weijie

[root@localhost david] # cat / etc/group / / View group information, which has been added successfully

Weijie:x:501:user01

2) set up group administrator

[root@localhost david] # gpasswd-A weijie weijie / / setup administrator

[root@localhost david] # cat / etc/gshadow / / View group information, which has been set by the administrator

Weijie:!:weijie:

This is the end of the introduction to "the usage of the Linux basic command gpasswd". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report