1. What is a user?
The user is the identity of
the system user. In the system, the user is stored as several characters + several system configuration files.
System configuration files related to user information:
/etc/ passwd ###User information
User: password: uid: gid: Description: home directory: shell used by users
-u -g -c -d -s
/etc/ shadow # ##User authentication information
User: password: last password modification time: minimum validity period: maximum validity period: warning period: inactive period: account expiration date
/etc/ group ###group information
group name: group password: group id: Additional group members
/etc/gshadow ###Group authentication information
/home/username ###User home directory /etc/skel
/.* ###User skeleton file
#Note: /etc/skel/ in this directory All files or directories will be copied to the user's home directory during the user's new creation process
#The hidden files that exist by default in this directory are the user's default configuration files
##User switch##
Use the 'su - user name' command to switch users. You must pay attention to whether the user is a super user or a normal user. This is very important in actual work or in experiments; use the 'exit' command to exit this user.
2. How to manage users?
##Before doing the following experiments, you need to turn on monitoring, so that you can see the changes more intuitively##
Experimental monitoring command:
watch -n 1 'tail -n 3 /etc/passwd /etc/group;echo ====;ls -l /home;echo ===;ls -l /mnt'
1) User creation useradd
useradd parameter username
##Every time you perform the next experiment, you need to delete the user information you just created, and then re-create it##
useradd -u user name ##specified user's uid
useradd -g group code (already exists) user name ##specify user initial group information##
useradd -G group code (existing group) user name ##specify additional group##
useradd -c ##User description
-d ##User home directory
-s ##The shell used by the user, /etc/shells records the name of the shell that the user can use
2) User deletion userdel
userdel -r user name ## -r means to delete user information and user's system configuration
3) Group establishment
groupadd -g ##Create group
groupdel group name ##Delete group
4) View
id parameters for user id information User
-u ##User uid
-g ##User initial group id
-G ##All group ids of the user
-n ##Display name instead of id number (used with u G) ## -Gn the name of all groups -un the name of the user
-a ##Display all information
5) User information change
usermod parameter user
-l ##Change user name ##usermod -l new name old name
-u ##Change uid
-g ##Change gid
-G ##Change additional group
-aG ##Add additional
group- c ##Change instructions
-d ##Change home directory designation
-md ##Change home directory designation and home directory name
-s ##Change shell
-L ##Freeze account
-U ##Unlock
##Before doing the experiment, you need to create a new user and start monitoring##
Note: The difference between usermod and useradd is that user information can be changed after the user is created.
3. How do superusers decentralize?
1) In the system, super users can delegate operations that ordinary users cannot perform to ordinary users.
Decentralized power configuration file: /etc/sudoers
2) Approaches to Decentralization
*) The super user executes visudo to enter the editing /etc/sudoers mode
*) Format:
obtain the privileged user hostname= (the obtained user identity) command
test desktop0.example.com=(root) /usr/sbin/useradd
test user can Execute /usr/sbin/useradd as superuser at desktop0.example.com
3) Execute the decentralization command
sudo command ##If you execute sudo for the first time, you need to enter the current user password
in /etc/sudoers If the settings are as follows:
test desktop0.example.com=(root) NOPASSWD: /usr/sbin/useradd
# ##Indicates that the user does not need their own password when calling the sudo command ###
##experiment:
Step 1: First create a new user with an ordinary user, it shows that the permissions are not enough
Step 2: Use the super user to enter visudo to edit and delegate power
The third step: switch to the ordinary user, create a new user, you need to enter the password, the establishment is successful
4. Control of user authentication information
1) "passwd" is used to modify user authentication information
passwd westos ##If it is a super user, you don't need to know the original password and modify it directly, there is no password strength limit. If it is an ordinary user, you need to enter the original password. The password cannot be less than 8 characters and cannot be pure numbers.
cannot be pure letters
##Monitoring command: watch -n 1 'passwd -S username'
watch -n 1 'tail -n 1 /etc/shadow'
passwd -S user ##View user password information
passwd -d user ##delete user password
passwd -l user ##Freeze account password ****passwd -l's account freezing strength is higher than usermod -U's freezing strength
passwd -u user##unlock user
passwd -e user ##change password default number of days
passwd -x user ##maximum validity period of
password passwd -n user ##minimum validity period
of password passwd -w user ##warning period before password expiration
passwd -i user ##Password inactive days
##passwd --stdin user ##Non-interactive change user password
2) chage parameter User
-d ##The last modification time of the user password group, if it is set to 0, the user must modify his own password after logging in to the system-
m ##The shortest validity period
-M ##The longest validity period-
W ## Warning period
-I ##User inactive days-
E ##Account expiration date format-E "YYYY-MM-DD"
####root password forgot######
1. Restart the system
2. Press the up and down keys to stop the system system booting during the system startup phase
3. Select the boot boot title, press "E" to edit
4. Find the linux16 boot entry here One line, delete the ro option from the end of this line, and change ro to rw, then add the rd.break option
5.ctrl+x to start the system boot entry after setting
6. After entering the system, execute chroot /sysroot to switch to the real one System environment
7.passwd root to modify the super user password
8.Create a file /.autorelabel to let the system scan all files
again 9.exit twice to automatically restart the system