CentOS 7 User Management 2

CentOS command to view files related to users

1. User management
2. User group
3. Permission assignment

1. Command to view files related to users:
1.cat
2.more
3.head /etc/passwd #View the first ten lines of the file
4. head -2 /etc/passwd #View the first two lines of the file
5.tail /etc/passwd #View the last ten lines of the file
6.tail -f /etc/passwd #Track the last ten lines of the file in real time
6.tail -2 /etc/passwd #View the last two lines of the file
7.wc -l /etc/passwd #Display the number of lines in the file
8.nl /etc/passwd #Print the contents of the file directly and display the line number


Root: X : 0 : 0 : root : /root :/bin/bash

Username: The username should not be too long. Niejunzhong -> njz
X: The password bit is reserved, the previous linux stored the password
Uid User identifier Gid
Default group identification number The system creates a group with the same name by default The shell default bash password file shadow Etc/passwd has read permission for each user. Earlier passwords were placed in the password bits.






Man -5 shadow

Login: Encrypted Password: Last Modified Time: Min Interval: Max Interval: Warning Time: Account Idle Time: Expiration Time: Flag.

Time: In 1969, Ken Thomas developed the prototype of unix. The industry believes that linux was born on January 1, 1970.
Root superuser does not have write permission by default, and can still be modified or deleted.

Pwconv password write-back The password is first written to passwd and then converted to shadow

Passwd command ls -l /usr/bin/passwd
Why can ordinary users change their passwords?



Definition of SetUID: When an executable program has the SetUID permission, when the user executes the program, it will be executed as the owner of the program.
The owner of Passwd is root All ordinary users who change their passwords become root owners to execute this command.

Modify the user configuration file to add a user (principle)
Username /etc/passwd
Password /etc/shadow
1. vi /etc/passwd username password uid gid describe the host directory shell

2, Mkdir create a host directory to give permission chown user directory

3, Vi / etc/shadow

can log in to the command prompt at this time.

4. There are all hidden files in cd /etc/skel ls -a

5. The files in Cp skel go to the new user's home directory


linux (centos) user and permissions





User configuration file /etc/
Login.defs Configure the maximum time interval and the minimum time interval for emails (root is not limited) Automatically create a directory Umask
Etc/default/useradd Whether the default directory account of the home directory is disabled Account expiration time

Login information
Before login: etc/ issue Avoid exposing system version information After

login : /etc/motd internal information wall broadcast

User category:
Linux users are divided into three types:
super user root uid=0
common user uid
500-60000 pseudo user: uid 1-499 user with

Uid 0 It is called super user. Before the command prompt, []# ls



pseudo-user
1. The pseudo-user is related to system and program services.
Bin, baemon, shutdown, halt, etc., any linux system has these pseudo-users
Mail, news, games, apache, etc. by default. ftp, mysql, and sshd, etc., are related to the processes of the Linux system.
2. Pseudo users usually do not need or cannot log in to the system
3. There can be no host directory

2. User management:
1. Create a new user
useradd user1
2. Delete user
userdel -r user1
3. Change password
1) passwd user1
2) echo 123|passwd --stdin user1
4. View user
id user1

3. User affected file
If user deletes it with userdel, it can delete or create a new one by deleting the following affected file.
1)/etc/passwd
2)/etc/shadow
3)/etc/group
4)/var/spool/mail
5)/home

1)/etc/passwd user properties
user1:x:500:500::/home/ user1:/bin/bash
1-1) username
1-2) the file where the user password is located /etc/shadow
1-3) user uid
1-4) the gid of the group to which the user belongs
1-5) user description
1-6) User home directory
1-7) User login shell
User classification
1-1) Super user
1-2) System user
1-3) Ordinary user
2./etc/shadow
1) Encryption method: grub-md5-crypt
2)!! Indicates that the user does not have a password
3)!$$$$ Indicates that the user is locked

3./etc/group
user1:x:500:
Group name: group password bit:

4./home
1) user1's home directory
/home/user1
2) delete user
userdel -r user1 #If
userdel user1 is deleted, the user's home directory and user mailbox will be left

5. Manage user commands - usermod
1) Lock a user
usermod -L user1
2) Unlock a user
usermod -U user1
3) After locking the user /etc/shadow
!$1$Ttyif4Oi$piuprg8yV9.FGc4MzA4EP0 #One
will appear in front of the password!


Fourth, group management:
1. Create a new group
groupadd grp1
2. Delete the group
groupdel grp1
3. User and group management:
1. Add the user to the group
1).usermod -g grp1 user1
2).usermod -G grp1 user1
3).gpasswd -a user1 grp1 #Add
the user user1 joins the group grp1
2. Delete the user from the group
1).gpasswd -d user1 grp1 #Delete
the user user1 from the grp1 group


Other user commands:
Finger user which host to log in, when to log in, whether there are emails and scheduled tasks
Su user switch user
Passwd -S user to view the user's password status.
Who, w View current users
Batch add users Command loop + echo '12345' |passwd --stdin user
Gpasswd -a user1 grap1
Gpasswd -d user1 grp1

5. Relationship between users and files - permissions:

1.chmod
2.chown
3. setuid
4.setgid
5.sudo
6.acl


1.chmod authorization method
1) chmod 755 /mnt
2) chmod a+x file
3) umask file permission mask, which determines the folder permission is 755, the file permission is 644
4 ) View the permissions of a single directory itself
ls -ld mnt/
5) Switch users in the current terminal
su - user1

2.chown change the owner and group
chown user4 test #Change the owner
to user4
chown :user4 test
#Change the group to user4
chown user4:user4 test #Change
the owner and group at the same time

3.SetUID
operation object: execute program
-rwxr-xr-x root root file
-rwsr-xr-x root root file
find setuid program find / -perm -4000 -o -perm -2000
effect: once an execution command is added with the s bit, everyone else executes it as the owner of the command.
How to add the s bit:
1) chmod u+s /bin/touch
2) chmod 4755 /bin/touch
4 2 1 setuid setgid t bit

4.setgid
operation object: folder
function : set setgid on the directory, the subfolders in the directory also inherit the gid permission of the parent folder
chmod g+s test
chmod 2755 test

5. t bit sticky bit
Operation object: the permission of the directory is 777
function: in a public folder, you can only delete your own things
chmod o+t /tmp
chmod 1777 /tmp

6.sudo authorization
1) echo $PATH
#This environment variable determines under which paths you can directly find the executable program
2) Set up sudo
2-1) visudo
2-2) vi /etc/sudoers #The
second method is not recommended
user1 localhost=/usr/sbin/useradd user5,/usr/sbin/userdel -r user5,/sbin/service httpd restart
3)!str #Execute the last command starting with str in the history

7.acl authorization
1) set permission
setfacl -mu:user1:rwx /test
2) view permission
getfacl /test
3) delete user1 in /test Permissions on
setfacl -xu:user1 /test
4) Delete all acl permissions on
/test setfacl -b /test
5) Set the default permissions of acl
setfacl -md:u:user1:rwx test #The
future subdirectories of the current directory will be Inherit directory acl permissions