Encyclopedia of User Management in Linux System

1. The meaning of the existence of users and user groups

• The meaning of user existence
  a, identity account
  b, authorized author
  c, authentication auth
  3A mechanism, which constitutes the lowest security architecture in the system

• The meaning of user group existence
  User group is a logical container, categorizing and uniformly authorizing users

2. How users and user groups exist in the system

• The user is actually a line of characters in the /etc/passwd file
• The user group is actually a line of characters in the /etc/group file

3. User switching and environment variables

• User view
  -whoami ##View current user
  -id ##View current user id

    		-u  ##查看用户的用户id              -g      ##查看用户的主组id
    		-G ##查看用户的所有组id             -n      ##显示名称
  

• User switching
  -su-username
  ##"-" means to switch users, log in by login, the process will display the shells of the root user and the switched user, and the home directory will also be converted to get the user environment of the switched user. If there is no "-", only the user identity information will be switched, not the user environment information.
  ##It should be noted that: it is not possible to switch back and forth between several users. You need to exit this user every time you switch, or the environment may be chaotic.
  If "-" is added, the two files /etc/bashrc and /etc/profile will be read when switching.
  
  If the "-" is not added, only the /etc/bashrc file will be read
  
  ##Add a command to log out graphics

      - gnome-session-quit --force
  

4. System configuration files involved by the user

• /etc/passwd#############User identity information. User name: password: user id: main group id: user description: home directory: default shell
  
• /etc/shadow#############User authentication information file
• /etc/group###############User group identity information file, group name: group password: group id: additional members of the group
  
• /etc/skel/.* ##############User environment configuration template
• /home/username#########User home directory

5. Creation and deletion of users and user groups

• User group creation groupadd User group deletion groupdel
  --g ###Main group id

• User creation "useradd + parameter + user name" and deletion userdel +'-r' + user name

    - 参数
         - g        ##设置主组信息           -G      ##设置附加组信息
         - c        ##设置用户信息           -s       ##设置shell信息
         - d        ##指定用户家目录       -M      ##建立用户时不建立家目录
  

A separate shell can be opened for monitoring during establishment:
Command:watch -n 1 "tail -n 3 /etc/passwd /etc/shadow/ /etc/grop;ls -l /home"

6. Information management of users and user groups

• User group management groupmod
  -groupmod -g group id group name
  

• User management usermod
  -usermod + parameter + parameter content + user

    	- l       ##修改用户名称                 -u      ##修改用户的用户id
    	- g       ##修改用户的主组id             -G      ##修改用户的附加组id
    	- c       ##修改用户说明                 -s      ##修改用户的shell
    	- d       ##修改用户的家目录指向          -md     ##修改用户的家目录和真实目录
    	- s       ##修改用户的shell类型          -aG      ##追加附加组，不会删除原来的附加组
    	- L       ##冻结密码                     -U      ##解冻密码
    	- 注：修改用户组的时候，这个组必须先存在！！！
  

##The first two pictures are command information, and the last one is monitoring information at runtime.

7. Content analysis of user authentication files

This content is stored in the /etc/shadow file, similar to the

meaning of each item in the picture :

	- 用户名:密码:最后一次修改密码的时间:密码最短有效期:密码最长有效期:密码过期警告:密码非活跃天数(过期了之后还可以用的天):到期日(y一般不设置)

8. User authentication management

Two ways:

• passwd+parameter+parameter content+user. passwd can modify the password and attributes, but some attributes cannot be modified

    - l              ##对用户密码进行冻结                 -u          ##对用户密码进行解冻
    - S或--stdin     ##对用户状态进行查看                 -e          ##设置最后一次修改密码的时间，只能设置为零
    - n              ##设置密码的最短有效期               -x          ##设置密码的最长有效期
    - w              ##设置密码的到期警告时间             -i          ##设置密码的非活跃天数
    - d              ##删除用户密码      
  

First use the command: watch -n 1 'tail -n 1 /etc/shadow'open a monitor to view the changes in the modified information in real time. For

example, set a password, set the time of the last password modification to 0, view the user password status, set the minimum password period to 1 day, and the longest period to 7 days, warning The period is 5 days, and the number of inactive days is 3 days.

• chage+parameter+parameter content+user name

    - l         ##显示密码信息                       -d     ##最后一次修改密码的时间
    - m         ##密码最短有效期                     -M     ##密码最长有效期
    - W         ##密码到期警告                       -I     ##密码非活跃天数
    - E         ##密码到期日   chage -E "YYYY-MM-DD" 用户名 
  

9. Decentralization of user power

There are some powers that ordinary users cannot use, such as useradd, userdel, etc., so we need to give these ordinary users powers, and then we need to use power decentralization.
Command format: sudo 命令
We can modify the contents of the files under /etc/sudoers to achieve the purpose of decentralization.
##If you use vim to modify these contents, grammar detection will not be provided. Using visudo will provide corresponding grammar detection. If an error occurs, it will prompt what now information. Press e to modify the prompt information. Generally modified from line 100 Zou You.
##For example, we want to delegate useradd and userdel powers to ordinary users, and set up secret-free execution

Format: Username Hostname=(Permission) The directory where the command is located.


Secret-free execution:


This concludes the content! ! ! ! ! !