Big Data Technology - User and Group Management

Enterprise 2023-06-21 18:56:45 views: null

1. Purpose of the experiment

1. Understand linux users and groups

2. Familiar with the basic operations of liunx users and groups

3. Learn more about linux system

2. Experimental content

1. Addition, deletion and modification of user accounts.

2. User password management

3. User group management

3. Experimental principle or process

The Linux system is a time-sharing operating system with multiple users and multiple tasks. Any user who wants to use system resources must first apply for an account from the system administrator, and then enter the system as this account.

On the one hand, user accounts can help system administrators track users who use the system and control their access to system resources; on the other hand, they can also help users organize files and provide users with security protection.

Each user account has a unique username and its own password.

Manage user accounts.

4. Experimental process and source code

1. Management of Linux system user accounts

The management of user accounts mainly involves adding, modifying and deleting user accounts.

Adding a user account is to create a new account in the system, and then assign resources such as user number, user group, home directory, and login shell to the new account. The account just added is locked and cannot be used.

The super user, that is, the root user, is similar to the Administrator user in the Windows system . It is not recommended to use the root user to log in to the system when performing administrative tasks.

Ordinary user accounts generally only have full permissions in the user's own home directory.

Program user: used to maintain the normal operation of the system or a certain program, generally not allowed to log in to the system. For example: bin , daemon , ftp , mail , etc.

The UID of the root user has a fixed value of 0 , and the GID number of the root group account has a fixed value of 0 .

UIDs and GIDs from 1 to 499 are reserved for program users by default, and UIDs and GIDs used by ordinary users / groups are between 500 and 60000 .

Tip: The experimental machine uses the ordinary user zhangyu , the account and password are both zhangyu , root authority is required to execute user commands , so we need to add a sudo in front of the command

1. Add a new user account

Use the useradd command, its syntax is as follows:

Parameter Description:

options :

  • -c comment specifies a commentary description.
  • The -d directory specifies the user's home directory. If this directory does not exist, use the -m option at the same time to create the home directory.
  • -g usergroup specifies the usergroup to which the user belongs.
  • -G usergroup,usergroup Specifies additional groups to which the user belongs.
  • -s shell file Specifies the user's login shell .
  • -u user number specifies the user number of the user. If there is also the -o option, the identification number of other users can be reused

Username :

  • Specify the login name for the new account.

eg1 : The command creates a user, where the -d and -m options are used to generate a home directory /usr/test for the login name test ( /usr is the parent directory where the default user home directory is located).

eg2 : command to create a new user test1 , whose login shell is /bin/sh , which belongs to the group user group, and also belongs to the adm and root user groups, among which the group user group is its main group.

New groups may be created here: groupadd group and groupadd adm

Adding a user account is to add a record for a new user in the /etc/passwd file, and update other system files such as /etc/shadow , /etc/group , etc. at the same time.

2. Delete account

If a user's account is no longer used, it can be deleted from the system. Deleting a user account is to delete the user record in system files such as /etc/passwd , and delete the user's home directory if necessary.

To delete an existing user account, use the userdel command, whose format is as follows:

​The commonly used

This command deletes the records of user test in system files (mainly /etc/passwd, /etc/shadow, /etc/group, etc.), and deletes the user's home directory at the same time.

3. Modify account

To modify a user account is to change the relevant attributes of the user according to the actual situation, such as user ID, home directory, user group, login shell , etc.

Commonly used options include -c, -d, -m, -g, -G, -s, -u and -o , etc. The meaning of these options is the same as the options in the useradd command, which can specify new resource values ​​for users.

Also, some systems can use the option: -l new username

This option specifies a new account, that is, the original user name is changed to the new user name

eg : The command changes the login shell of user test1 to zsh , the home directory to /home/z , and the user group to zhangyu .

Tip: The test user may be deleted by our previous delete command, so we need to create the test user in advance to execute this command.

4. User password management

An important part of user management is the management of user passwords. The user account has no password when it is first created, but it is locked by the system and cannot be used. It must be assigned a password before it can be used, even if an empty password is assigned.

The Shell command to specify and modify user password is passwd . Super users can specify passwords for themselves and other users, and ordinary users can only use it to modify their own passwords. The format of the command is:

Available options:

  • -l locks the password, that is, disables the account.
  • -u Password to unlock.
  • -d makes the account without a password.
  • -f Forces the user to change the password on the next login.

If the default username, modify the current user's password.

For example, assuming that the current user is zhangyu , the following command modifies the user's own password.

If you are superuser, you can specify any user's password in the following form:

When ordinary users modify their passwords, the passwd command will ask the original password first, and then require the user to enter the new password twice. If the passwords entered twice are the same, the password will be assigned to the user; and the super user will assign the password to the user. , you do not need to know the original password.

For the sake of system security, users should choose complex passwords. For example, it is best to use 8 -digit long passwords. The passwords contain uppercase and lowercase letters and numbers, and should be different from names and birthdays.

When specifying a null password for a user, execute a command of the following form:

This command deletes the password of user zhangyu , so that the system will not ask for the password when user zhangyu logs in next time.

The passwd command can also use the -l (lock) option to lock a user so that they cannot log in, for example:

Second, the management of Linux system user groups

Each user has a user group, and the system can centrally manage all users in a user group. Different Linux systems have different regulations on user groups. For example, a user under Linux belongs to a user group with the same name, and this user group is created at the same time as the user is created.

The management of user groups involves adding, deleting and modifying user groups. The addition, deletion, and modification of groups are actually updates to the /etc/group file.

Available options are:

  • -g GID specifies the group identification number ( GID ) of the new user group.
  • -o     is generally used together with the -g option, which means that the GID of the new user group can be the same as the GID of the existing user group in the system .

eg1 : The command adds a new group group1 to the system , and the group identification number of the new group is added 1 to the current largest group identification number .

​eg2 : This command adds a new group group2 to the system , and specifies that the group identification number of the new group is 101 .

2. If you want to delete an existing user group, use the groupdel command, the format is as follows:

eg : This command deletes the group group1 from the system . ​​​​

Commonly used options are:

  • -g GID Specifies a new group identification number for the user group.
  • The -o     and -g options are used at the same time, the new GID of the user group can be the same as the GID of the existing user group in the system .
  • -n     new-usergroup Change the name of the usergroup to the new name.

eg1 : Command to modify the group identification number of group2 to 102

​eg2 : The command changes the identification number of group2 to 10000, and the group name to group3.

3. System files related to user accounts

There are many ways to accomplish user management, but each method actually involves modifying the relevant system files.

Information related to users and user groups is stored in some system files, including /etc/passwd, /etc/group , etc.

The contents of these files are described below.

1. The /etc/passwd file is the most important file involved in user management.

Each user in the Linux system has a corresponding record line in the /etc/passwd file, which records some basic attributes of the user.

This file is readable by all users. Its content is similar to the following example:

2. /etc/shadow file

Since the /etc/passwd file is readable by all users, if the user's password is too simple or the rules are obvious, an ordinary computer can easily crack it, so Linux systems with higher security requirements All the encrypted passwords are separated and stored in a separate file, which is the /etc/shadow file. Only the super user has the permission to read the file, which ensures the security of the user password.

The record lines in /etc/shadow correspond to those in /etc/passwd one by one. It is automatically generated by the pwconv command according to the data in /etc/passwd. Its file format is similar to that of /etc/passwd and consists of several fields. Fields are separated by ":" . These fields are:

  • The " login name " is the user account that matches the login name in the /etc/passwd file
  • The " Password " field stores the encrypted user password with a length of 13 characters. If it is empty, the corresponding user has no password, and no password is required for login; if it contains characters that do not belong to the set { ./0-9A-Za-z } , the corresponding user cannot log in.
  • " Last modification time " indicates the number of days from a certain moment to when the user modifies the password for the last time. The time origin may be different for different systems. For example, in SCO Linux , the starting point of this time is January 1 , 1970 .
  • " Minimum time interval " refers to the minimum number of days required between password changes.
  • " Maximum Time Interval " refers to the maximum number of days a password remains valid.
  • The " warning time " field indicates the number of days between when the system starts to warn the user and when the user's password officially expires.
  • " Inactive time " indicates the maximum number of days that the account can remain valid without any login activity by the user.
  • The " expiration time " field gives an absolute number of days. If this field is used, then the lifetime of the corresponding account is given. After the expiration, the account is no longer a valid account and can no longer be used to log in.

The following is an example of /etc/shadow :

3. All information of the user group is stored in the /etc/group file.

Grouping users is a means of managing users and controlling access rights in the Linux system.

Every user belongs to a user group; there can be multiple users in a group, and a user can belong to different groups.

When a user is a member of multiple groups at the same time, the main group to which the user belongs is recorded in the /etc/passwd file, that is, the default group to which the user belongs when logging in, and other groups are called additional groups.

When a user wants to access files belonging to an additional group, he must first use the newgrp command to make himself a member of the group to be accessed.

All information about user groups is stored in the /etc/group file. The format of this file is also similar to the /etc/passwd file, with several fields separated by colons (:) , these fields are:

  • " Group Name " is the name of the user group, consisting of letters or numbers. Like login names in /etc/passwd , group names should not be repeated.
  • The " Password " field stores the encrypted password of the user group. Generally, user groups in Linux systems do not have passwords, that is, this field is generally empty, or * .
  • The " group identification number " is similar to the user identification number, and is also an integer, which is used to identify the group within the system.
  • " User list in the group " is a list of all users belonging to this group, and different users are separated by commas (,) . This user group may be the user's main group, or it may be an additional group.

An example of an /etc/group file is as follows :

5. Experimental conclusion and experience

For any system, the management of user accounts is very important. Adding, deleting, and modifying user accounts should be done by personnel with administrator privileges and need to follow security best practices to protect the system from unauthorized access.
User password is also an important part of protecting system security. System administrators should ensure that each user has a strong enough password and update these passwords regularly. In addition, administrators can also limit the number of failed login attempts by users within a certain period of time to prevent malicious attacks.
User group management enables administrators to manage users and permissions more effectively. By assigning users to different groups, administrators can easily grant or revoke different access rights. In addition, administrators can also create new user groups to categorize users based on job responsibilities or other factors.
in conclusion:

The management of user accounts, passwords, and groups is the key to system security, and administrators should take it seriously. At the same time, system administrators should also regularly audit and monitor the system, and promptly resolve security vulnerabilities and other issues.
experience:

This experiment gave me a deeper understanding of the management of user accounts, passwords and groups, and how to apply them to improve system security. I also recognized the importance of administrators in system security and the need to handle these components carefully.

Guess you like

Origin blog.csdn.net/qq_53142796/article/details/131227202
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com