Shulou(Shulou.com)06/02 Report--

Whether it is the Windows operating system or the Linux operating system, you must have a legal account and password to log in to the system. This blog mainly introduces the account information under the Linux system.

Blog outline:

1. Account number and group of Linux system

1.UID and GID

two。 User account number

(1) / etc/passwd file structure

(2) / etc/shadow file structure

3. Effective group and initial group

(1) / etc/group file structure

(2) effective group and initial group

(3) / etc/gshadow file structure

II. Account management instructions

(1) useradd command

(2) passwd command

(3) chage command

(4) usermod command

(5) userdel command

(6) groupadd command

(7) groupmod command

(8) groupdel command

(9) gpasswd command

(10) id instruction

1. Account number and group of Linux system

As a Linux system administrator, a very important link is to "manage accounts". Because you manage the whole system, and the applications of all legitimate users of the system need your consent and the appropriate permissions to complete the daily work. This can see the importance of "management account"!

1.UID and GID

Although our users log in to the Linux operating system, they enter our legitimate account, but the LInux operating system will not directly know your "account name", it only knows the ID corresponding to the account. As for the existence of accounts, people can remember them better. When you log in to the operating system, enter the account information, "Shell translator" will be responsible for finding the corresponding ID number of the account, the system can decide whether the account can log in to the operating system.

There will be two ID numbers when you log in to determine your identity and whether you can log in to the operating system. Each logged-in user will have at least two ID: one is the user ID (UID), and the other is the group ID (GID).

When we check the owner and group of files and directories, we show the user name and group name very amicably, but the system is also judged according to UID and GID. The UID and GID corresponding to the account are stored in the / etc/passwd file.

two。 User account number

If users on Linux systems need to log in to the Linux operating system to get the corresponding Shell environment to work, they need to go through the following steps:

First of all, find out whether the corresponding account information exists in the / etc/passwd file, and if not, pop out; if so, read the UID and GID corresponding to the account in / etc/passwd and / etc/group, in addition, the host directory and Shell environment of the account will also be read out; second, check whether the password is correct. At this time, the Linux system will enter the / etc/shadow file to find the corresponding account and UID, and check whether the entered password is correct; finally: if there is no problem with the above conditions, this will log in to the Linux system normally

The / etc/passwd and / etc/shadow files are read by the system when the user logs in to the Linux operating system (which is why the illegal operator writes the special account to the / etc/passwd file). So if you want to back up the account of the Linux system, these two files must also be backed up!

The following focuses on the files of / etc/passwd/ (storing user UID, GID) and etc/shadow (storing user password):

(1) / etc/passwd file structure

The structure of the / etc/passwd file is like this: each line represents an account, and several lines indicate that there are several accounts in the system, many of which are needed for the normal operation of the system, and we make them the users of the system program. Note that these accounts cannot be deleted or modified at will.

The structure of the / etc/passwd file is as follows:

Let's take root users as an example. Each segment is separated by a ":" for a total of seven segments. The meanings of the paragraphs are as follows:

The first paragraph: account name; that is the name we use to log in to the operating system normally! Need to correspond to the second paragraph of UID;: password placeholder; the password of the early UNIX operating system exists here, but because this file can be read by ordinary users, after the development of Linux, the password information is later stored in the / etc/shadow file, but there will be an "x" sign here. The third paragraph: the value range of UID; for UID corresponding to the account is shown in the figure:

The fourth paragraph: the GID; corresponding to the user is related to the / etc/group file information, which is used to standardize the corresponding relationship between the group name and GID; the fifth paragraph: the description column of the user information; this information is just used to explain the meaning of this account; the sixth paragraph: the user's host directory; as we all know, the root user host directory is the / root directory, then the ordinary user's host directory is / home/ user name. Paragraph 7: the Shell environment in which the user logs in to the system; (2) / etc/shadow file structure

/ etc/shadow file structure is also a line corresponding to a user information, but this file is mainly used to store user password information, while the contents of this file are not allowed to modify, delete and other operations. The file structure is as follows:

We also take root users as an example, with each segment separated by ":" for a total of 9 segments. The meanings of the paragraphs are as follows:

The first paragraph: account name; it must correspond to the name in the / etc/passwd file! The second paragraph: password; this field is the real password and is the encrypted password information. These encrypted messages can also be viewed using special decryption tools. Therefore, the permissions of / etc/shadow files are generally "- rw-" or "-", and only root users can read and modify them. Note that the permissions of this file are generally not recommended to move, otherwise there may be trouble! The third paragraph: the date when the password was recently changed; but strangely, why 18167? This is because the Linux date is calculated as the cumulative date of January 1, 1970. The calculation method is as follows: [root@localhost ~] # awk-F:'{print $1 days 3}'/ etc/shadow | grep rootroot 18167 [root@localhost ~] # date-d "1970-1-1 18167 days" +% Y/%m/%d% H:%m:%s "2019-09-28 009 awk paragraph 4: the number of days the password cannot be changed. Indicates how long it will take for the password of this account to be changed after it was last changed. 0 means at any time, and 99999 means it is not allowed to be modified; the fifth paragraph: the number of days that the password needs to be changed (validity period); the number of days for which the password is forced to be changed. 99999 means there is no limit; paragraph 6: the number of warning days before the password change period; if it is 7, the reminder starts when there are still 7 days to expire; the seventh paragraph: the account grace time after the password expires (expiration period); if it is 7, the password can still be used within 7 days of expiration, and if it expires, the password will be forced to change; paragraph 8: account expiration date Indicates that this account will not be used after the specified date; paragraph 9: retain; in case new features are added

After the general user's password is forgotten, you can ask the system administrator to reset it, but after the root password is forgotten, you must carry out the system first aid mode and reset it!

3. Effective group and initial group

Through the user account, we learned about two files related to the user: / etc/passwd, / etc/shadow file, and we also need to know two configuration files related to the group: / etc/group, / etc/gshadow file.

(1) / etc/group file structure

/ etc/group file is the file that stores the corresponding relationship between GID and group name. The file structure is as follows:

The / etc/group file, where each line represents a group, is also separated by ":" for a total of four paragraphs, with the meaning of each paragraph:

The first paragraph: the group name; corresponds to the GID of the third field; the second paragraph: the group password; it is also a password placeholder, which is usually set by the system administrator; the third paragraph: GID; is the fourth paragraph of GID; corresponding to the fourth field of / etc/passwd: the account name supported by this group; that is, which users join the group

Let's take a look at the correspondence between UID/GID and password, as shown in the figure:

(2) effective group and initial group

The GID corresponding to the fourth field in the / etc/passwd file is the so-called initial group

Use the "groups" command to view its valid group. If a user joins multiple groups at the same time, the first group name you view is the user's valid group; you can use "newgrp group name" to switch valid groups. When you use the "newgrp group name" command, you will enter a special Shell environment. After setting up, you need to use the "exit" command to exit the current Shell environment.

(3) / etc/gshadow file structure

The file structure is shown in the figure:

Separated by ":", there are also four fields, and the meaning of each field:

The first paragraph: group name; the second paragraph: password bar, beginning with "!" Indicates that there is no valid password, so there is no group administrator; the third paragraph: the account of the group administrator; the fourth paragraph: join the account supported by the group; II. Account management instructions (1) useradd command

Useradd command to add users. Common parameters, as shown in the figure:

When we usually add an account, if there is not too much demand, just "useradd user name"! This is because the system has set a lot of default values.

When we create an account with "useradd user name", the system defaults to us to do the following things:

Add a line of data related to the account in the / etc/passwd file, including the establishment of the UID/GID/ host directory, etc.; write the password-related parameters of the account in the / etc/shadow file, but do not have a password; add a group name with the same account name in the / etc/group file; create a user home directory with the same name as the account in the / home directory with permissions of 700

We can use the "useradd-D" command to view the default values set by the system, as shown in the figure:

In addition to these basic account settings, UID/GID also has password parameters in the / etc/login.defs file, as shown below:

(2) passwd command

The passwd command is mainly used to set password-related content for users. Common parameters are shown in the figure:

(3) chage command

The chage command is mainly used to set more detailed password parameters. Specific parameters, as shown in the figure:

(4) usermod command

The usermod command is mainly used to set account parameters and commonly used parameters, as shown in the figure:

(5) userdel command

The userdel command is used to delete a user, and there is only one common option:

-r: delete along with the user's host directory

(6) groupadd command

The groupadd command is used to add a new user group, and the main parameters are:

-g: followed by a specified GID

-r: create a system group

(7) groupmod command

The commonly used parameters are:

-g: modify the existing GID number

-n: modify the existing group name

(8) groupdel command

The groupdel command is used to delete groups!

(9) gpasswd command

Usage: "gpasswd group name", commonly used parameters, as shown in figure:

About the parameters used by group administrators:

(10) id instruction

Mainly used to query someone or their own related UID/GID and other information. Use the method "id user name"!

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.