Shulou(Shulou.com)06/01 Report--

What this article shares to you is about how to manage the CentOS operating system account. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

The configuration files related to account management are as follows: account information file is / etc/passwd, account password file is / etc/shadow, group information file is / etc/group, group password file is / etc/gshadow.

1. What do you think of the etc/passwd file

As shown in the figure above, there is an account for each behavior in the / etc/passwd file. The meaning of each field separated by colon is as follows:

[1] account name. Change the name and use the command usermod-l

[2] password, this field is enabled. The account password is configured in the / etc/shadow file

[3] UID, the unique ID of the account. Commands that affect the value of this field include: useradd-u, usermod-u

[4] GID, unique identification of the initial group, associated with the third field of the / etc/group file. This group is the default valid group of the account (valid groups can be switched using the newgrp command). Commands that affect the value of this field include: useradd-g, usermod-g

[5] description. Commands that affect the value of this field include: useradd-c, usermod-c

[6] absolute path of home directory. Commands that affect the value of this field include: useradd-d, usermod-d

[7] shell. Shell is enabled by default for the account. When it is / sbin/nologin, the account cannot log in. The shell that can be used by the account can be queried with the command chsh-l (the query result is the contents of the / etc/shells file). Commands that affect the value of this field include useradd-s and usermod-s

2. What do you think of the etc/shadow file

As shown in the figure above, each line of the file / etc/shadow corresponds to the password information of an account. The meaning of each field separated by colon is as follows:

[1] account name, the first field of the associated / etc/passwd file

[2] password, encrypted ciphertext, encryption algorithm specified by ENCRYPT_METHOD in / etc/login.defs file, here SHA512. Commands that affect the value of this field include: usermod-L (front!! Frozen), usermod-U (thawed), passwd-l (frozen), passwd-u (thawed),

[3] creation date, the figure above shows a number that represents the number of days experienced since 1970-01-01. Commands that affect the value of this field include: chage-d

[4] how many days will it take after the password is created before it can be modified again. 0 means there is no such limit. Commands that affect the value of this field include: passwd-n, chage-m

[5] the password expires after how many days it is created. 99999 days is about 99999 / 365. Hundreds of years mean that the password will not expire. Commands that affect the value of this field include: passwd-x, chage-M

[6] how many days before the password expires, start sending warning messages to the user. Commands that affect the value of this field include: passwd-w, chage-W

[7] how many days can be allowed after the password expires, during which the user can also log in and change the password, after which the user will not be able to log in. Commands that affect the field value include: useradd-f, usermod-f, passwd-I, chage-I.

[8] expiration date, a number that represents the number of days experienced since 1970-01-01. After this day, the user's password will expire and can no longer log in, regardless of whether it expires or not. Commands that affect the value of this field include: useradd-e, usermod-e, chage-E

[9] retention

3. What do you think of the etc/group file

As shown in the figure above, each line of the file / etc/group corresponds to a group. The meaning of each field separated by colon is as follows:

[1] Group name. Rename and use the command: groupmod-n

[2] password, enabled, group password configured in / etc/gshadow file

[3] GID, the unique identification of the group, is associated with the fourth field in the / etc/passwd file as the initial group of the corresponding account. Commands that affect the value of this field include: groupadd-g, groupmod-g

[4] A list of account names, separated by commas. These accounts can be actively switched to members of the group. For example, the user mophee above (the initial group is mophee) can use the newgrp command to change the effective group to mysql or mail. Commands that affect the field value include: useradd-G, usermod-[a] G

4. What do you think of the etc/gshadow file

As shown in the figure above, each line in the file / etc/gshadow corresponds to the password information of a group. The meaning of each field separated by colon is as follows:

[1] Group name, corresponding to the group name in / etc/group

[2] password, encrypted ciphertext, use the command gpasswd group_name to set the group password, use gpasswd-r group_name to delete the password

[3] Group administrator, use the command gpasswd-A user1,... Group_name can set up the administrator of the group. Note: group administrators can set passwords for group members

[4] Group members, this field is the same as the fourth field in / etc/group and changes synchronously, which can be maintained using gpasswd-[adM] in addition to using the useradd-G and usermod-G commands. Commands that affect the field value include: useradd-G, usermod-[a] G

In theory, account management can be carried out by modifying the above four configuration files, but this is not recommended. Linux provides enough commands to manage the account, and although these commands essentially modify the contents of these four files, it is recommended that you use these commands:

Useradd: add account

Useradd mophee # set up a group mophee, an account mophee, and a home directory / home/mophee with permissions of 700. No password, unable to log in. Useradd-u 519-g users mophee2 # set up account mophee2 and specify UID as 519, specify initial group as usersuseradd-r mophee3 # set up system account mophee3,UID and GID range: 100 accounts 499, no home directory

Usermod: modify account

Userdel: delete an account

Userdel mophee # Delete account mophee:#1, delete from / etc/passwd and / etc/shadow; # 2, remove from the last field of / etc/group and / etc/gshadow; # 3. Delete group userdel-r mophee # if there are no other member accounts in the initial group, delete the home directory and mail directory in addition to deleting the account

Passwd: account password management

Passwd-S mophee # lists the password information related to the account mophee

Chage: change the account password. Ordinary users can use this command to change their own passwords.

Chage-l mophee # lists the password information related to the account mophee

Groupadd: add group

Groupmod: modifying group

Groupdel: deleting a group

Gpasswd: group password, group administrator, and member management

Groups: view the group to which you belong

Groups mophee # list the groups to which the account mophee belongs

Newgrp: toggle valid groups

-

Other configuration files related to account management: / etc/login.defs, / etc/default/useradd (some default values when using the command useradd).

1. What do you think of the file / etc/default/useradd

GROUP: preset group ID

HOME: the base directory of the home directory, adding an account and creating its home directory is equivalent to creating a new directory with the same name as the account under the base directory, affecting the sixth field of / etc/passwd

INACTIVE: sets whether the password will expire after it expires.-1 means it will not expire, affecting the seventh field of / etc/shadow.

EXPIRE: password expiration date, the 8th field affecting / etc/shadow

SHELL: default shell, affecting the seventh field of / etc/passwd

SKEL: creating a home directory is the initial content of the reference, that is, when you create a home directory, you will copy a copy of the contents of that directory to the home directory.

CREATE_MAIL_SPOOL: whether to create a corresponding mailbox directory. During yes/no,yes, a directory with the same name as the account name will be created under the / var/spool/mail/ directory to store the mail of the account.

2. What do you think of the file / etc/login.defs

MAIL_DIR: the base directory of the mail directory, usually / var/spool/mail

PASS_MAX_DAYS: the number of days from the password creation date to the expiration date, affecting the fifth field of / etc/shadow

PASS_MIN_DAYS: the number of days after password creation is not allowed to change, affecting the fourth field of / etc/shadow

PASS_MIN_LEN: sets the minimum length allowed for the password, enabled and replaced by the pam module

PASS_WARN_AGE: the number of days before the password expires to start sending warnings, affecting the sixth field of / etc/shadow

UID_MIN: UID that is less than this number is the system account, which is set to 500 by default. When you use useradd and do not add the-r option, the added account UID is greater than this value.

UID_MAX: the system supports the maximum UID value

GID_MIN: similar to UID_MIN function, it affects GID

GID_MAX: similar to UID_MAX function, it affects GID

CREATE_HOME: whether to create a home directory by default, yes/no

UMASK: the inverse of the default permission of the home directory, that is, when the value is 077, the permission of the home directory is 700

USERGROUPS_ENAB: set whether to delete the group if there are no other member accounts under the initial group when you delete the account using the userdel command. Yes/no

ENCRYPT_METHOD: encryption algorithm, such as SHA512

The above is how to manage the CentOS operating system account. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.