A, Linux User Management
Different user permissions Linux system is not the same.
root user: This user is unique, and has all the permissions system.
general user
Virtual User
In Linux, user account has its own identity and unique UID
In the Linux system UID is 0, that is super user, such as to set the administrator user, you can modify the UID is 0, it is recommended to use sudo
UID Linux system users to install the service program will create a unique user is 1 to 999, is responsible for running
From the beginning of 1000 the average user UID: Created by Administrator (CentOS 7), a maximum range of 1000 to 60000
UID user id number; the GID user group id number; the root user group id number is 0
1. Common command interpreter
/ Bin / sh default
/ Bin / bash default
/ Sbin / nologin virtual users
2. The user profile information
/ Etc / passwd: User Information
/ Etc / shadow: the user password information
/ Etc / group: group information
/ Etc / gshadow: user group password information
/etc/sk
3. User Management Commands
1) useradd command
This command is used to create a new user in Linux. After the account built, then use passwd to set the account password, and userdel Delete account
-c <Note>: plus notes text. Note the text is saved in the memo field of the passwd;
-d <login directory>: start directory of the specified user login;
-D: change the default value;
-e <expiration date>: Specifies the account expiration date;
- f <buffer days>: Specifies the number of days after the password expires i.e. close the account;
-g <group>: group the user belongs;
-G <group>: an additional group specific user belongs;
-m: automatically create the user's login directory;
-M: Do not automatically create the user's login directory;
-n: cancel establish a user name in the name of the group;
-r: create a system account;
-s <shell>: when a user logs being shell used;
-u <UID>: specified user id.
Create a user process:
a. useradd user_account
b. The system reads /etc/login.defs (user-defined file), rules, and / etc / default / useradd (default user profile) defined in the two documents create a new user
c. passwd and / etc / group file, add the user and group information to / etc /, shadow and / etc / gshadow password information to add the / etc /
d. Create a user home directory based on information / etc / default / useradd file configuration
e. to copy all the files to the new user's home directory / etc / skel in
Create a user-related directory / etc / skel
This directory is for basic environmental variable file new users need, when you add a new user, all files are automatically copied to the home directory of this directory, and the default is a hidden file, beginning with point
-D parameter is used to modify the defaults configuration file / etc / default / useradd file
useradd -D parameter options
2) usermod command
This command is used to modify the user information already existing systems, the user can not use the modified
3) userdel command
Delete users and related documentation (Advisory Notes / etc / passwd user information rather than directly delete users)
userdel (option) (parameters)
-f: Force delete users, even if the user is currently logged
-r: delete users at the same time, delete all files related to the user
4) groupadd command
This command is used to create a new workgroup, a new workgroup information will be added to the file system
Syntax
groupadd - Create a new group
groupadd [-ggid [-o]] [ -r] [-f] group [[]]
Options
-g: Specifies the id of the new working group;
-r: create a system working group, group ID workgroup system is less than 500;
-K: cover profile "/ect/login.defs";
-o: allows you to add the group ID number of working groups is not unique.
5) groupdel command
Deleting User Groups
6) passwd command
passwd command to change user passwords and expiration time, root user can modify the ordinary
Syntax
passwd (option) (parameter)
option
-d: delete the password, only the system administrator to use;
-f: enforcement;
-k: set up only after the password expired before being updated;
the -l: Lock password ;
-s: list relevant information requiring passwords, only the system administrator to use;
-u: to unlock the account has been locked.
-i: How many days to disable the account password expiration
-x: Set x days can change the password
-n: setting may not change the password n days
-e: password to expire immediately, forcing the user to change the password
-w: users receive a warning before the password expires number of days
Batch command to update the password
a. Review the user information about the current machine
tail /etc/passwd
b. Batch change the password, ctrl + d input end
chpasswd
7) the user query related commands
id command
to check the user id and group commands and corresponding uid, gid information
8)whoami、who、w、last、lastlog
whoami: display can be used to view the current logged-on user
w: displays the user currently logged on
last, lastlog view detailed user login information
last: command displays a list of users logged on and login time
lastlog: command displays all current machine closest to the user login information
9) Linux user identity switch command
su command for switching to a specific user
root switch ordinary users without password
Switching ordinary users to other users, the user needs to be output password
visudo command
For editing / etc / sudoers file, and provides a syntax check for configuration commands sudo
Configuring user sudo rights to oldboy
sudo configuration file
Sudo configuration that is aimed to make easy operation and maintenance work (the problem of inadequate permissions), do not threaten the system security
sudo command is used to execute commands in other capacities, the default identity for the root. Sudo user executable instructions provided in / etc / sudoers in. Ordinary users do not need the root password with root privileges
After configuring the / etc / sudoers file, you can mention the right to user commands, sudo command
Root performs switching operation using sudo su -, need to enter the current user's password