1.1 generates a case, the digital random password cat / dev / urandom | tr -dc [0-9a-zA-Z] | head -c 12
1.2 shadow file Detailed __ [root @ cenots7 ~] #getent shadow xuan
xiaowang: $ 6 $ 59K3dttN $ 5MqODFEnbQBFXT / ZNn2eMJ2mTuJ0lL77NsZZhEdfRX1McM1WpOdcTQLHWaLS5EwsPl0nFnN.E9rcQYO6QZakY /: 18099: 0: 99999: 7 :::
1.2.1 xiaownag, the user name
1.2.2 $ 6 $ U / C7 / CGJU7dVjEzP $ vTHrCiZc9drfQD1U0EskfDlCxrk4cOnIvIjYY2b0rSkFrMEJ.U6.EwJv9RvsFj2HcLNXwlUhYdEX9OXFX4Iy6 /, password area , divided into three fields with a $, $ 6, only the encryption mode, here is sha512. An intermediate portion, a salt with an interference word encrypted, the password is the real part of the back region.
1.2.3 Last updated password, refers to the number of days from 1970 to update the password.
1.2.4 the number of days a password can not change, 0 for unlimited.
1.2.5 maximum period of validity of the password. Also represents the number of days. Prior to maturity will be prompted by the need to update the password
warning period before password expiration 1.2.6, expressed in days, 7 represents the 7 days prior to expiration will be prompted to update the password
grace period expires after the 1.2.7 code. Password expiration, and this time login account, you must change your password immediately if you do not change your password, the Log.
1.2.8 valid account. Note that not password, the account is valid. This date is also the relative number of days used, relative to the number of days since 1970 expiry date.
1.2.9 spare
1.3 chage major modifications shadow information, password aging-related operations
[root@cenots7 home]#chage -h
Usage: chage [options] LOGIN
//假设给xiaowang 配置账户密码信息
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY|密码最后更新天数,按1970记零
chmod -d 18105 xiaowang .更新密码的变更日期
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE|账户过期天数,按1970年记零
chmod -E 18200 xiaowang .密码到18200-18105天后生效。
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration|密码非活动期限,限制登录
to INACTIVE
chage -I 10 xiaowang 密码到期后10天,可以登录,立即更改密码。
-l, --list show account aging information
chage -l xiaowang 显示信息
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
chage-M 30 xiaowang 最长有效期,绝对天数表示.30天密码到期。
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS|密码过期前警告天数
chage -W 7 xiaowang 密码到期前7天警告。
//使用命令前,要给用户设定密码,新建用户无密码,使用此指令会出错
chage -E # xiaowang #表示密码最后更新的日+想要使用的天数。过期后登录系统,提示账号过期,请联系管理员。1.4 useradd to add users
-u 2000,指定用户的uid是2000
-o 配合-u,可以不用检查uid是否重复,但这样做容易混乱。
-g MAINGROUP指定用户的主组,账号必须属于一个主组。
-G 附属组列表。 指定用用户的附属组,用户可以有很多附属组。
-c "describe" 描述信息,
-d HOME_DIR指定家目录,目录要存在,不会自动创建
-s /bin/bash 指定shell类型
-N 不创建私用组。不会自动创建跟用户名相同的组
-r 创建系统用户,默认不自动创立家目录。New user related files
/ etc / default / useradd
/ etc / skel / * Hide files are copied template file home directory
/etclogin.defs
newusers with passwd file formats, batch increase user
chpasswd batch repair a user's password
Related Information 1.5 usermod modify account
Usage: usermod [options] LOGIN
u UID 指定用户UID。
g GID 指定主组的GID。
G group1,group2,若保留原有的附加组,则 -aG .
s 变更默认shell.
c "descriptions." -d new home directory, if there is a failure. If you want to migrate, the original home directory, -dm used in conjunction.
l ,-l newname oldname
L user 锁定用户,密码栏增加!,登陆时即使密码输入正确,也是提示登录错误。
U user解锁用户.
e YYYY—MM-DD,一定注意格式,必须用2019-07-01格式,否则不识别因为此处参数直接修改shadow文件,此字段是从1970年算起,指明用户账号有效期,过期日登录后会提示,过期联系管理员,并退出。
f 设定非活动天数,即过期宽限期。1.6 passwd
-d user,删除密码
-l user,锁定用户
-u user,解锁指定用户
-e user,登陆时必须修改密码*************常用
-n days user,在days内不允许修改密码
-x user 密码使用最长期限,用天表示。
-w user 提前多少天警告
-i user 非活动期限
///////修改用户密码信息有两个命令 passwd 或者 chage
1.7 Group related
1.7.1 gpasswd change the password for the user group, the group increased remove users
gpasswd -d USER GROUP 从GROUP中删除USER
gpasswd -a USER GROUP 增加USER至GROUP中1.7.2 Change group membership View
groupmems [option][action]
gruopmems -g GROUPS 指定组
groupmems -g grpname -a user 指定用户加入组。每次智能添加一个用户
groupmems -g grpname -d user 从组grpname 中删除user
groupmems -g grpname -p 清空所有组员
groupmems -g grpname -l 列出所有组员1.8 Permissions configuration and special privileges
1.8.1 umask and special privileges
Global configuration file: / etc / bashrc Personal: . ~ ./ bashrc . umask 022 write configuration files
1.8.2 Suid,Sgid,Sticky
Suid: designated 4, chmod u + s file to. Users run the program, executed by the owner of rights program file itself. Occupied by the owner execute permission position x, s x indicates that there execute permissions, S represents the original do not have permission.
SGid: 2 represented by, chmod g + s file. s represents a group has x, S x represents a group had no permission.
Sticky: represented by 1, setting directory permissions to write, but directory files only the owner and root can delete your files. You can modify other people's files, but no delete permissions. Occupy the other x execute bit, t represents the other has the right to execute, T indicates no enforcement power.
1.8.2 specific properties file
chattr + i file, not delete, rename, move. Defining misuse root canceled with chattr -i file
chattr + a only additional content, canceled with chattr -a
view lsattr file specific file attributes
1.9 Access Control List (ACL)
Reference blog ACL basis
ACL Advanced
ACL permissions can be set for users, groups, sub-files, directories automatically inherit permissions from the parent directory
setfacl -mu: wang: rwx file | directory users to modify acl
the setfacl -mg: | acl File Directory modification group rw: Admins
the setfacl -xu: wang file | directory delete acl
setfacl -b file clear all attached ACL file permissions.
getfacl file1 | setfacl --set-file = - file2 to file1 file2 reference set permissions
influence of the mask is the largest foreign rights owners and other people and groups.
getfacl -R / dir /> acl.txt save acl, the tar can be restored.
Real columns: the setfacl -mu: Xuan: rwx f1 the setfacl -mg: Xuan: rw f1
the setfacl -xu: Xuan delete acl permission
permission to check the implementation of the order, whether the owner? Direct effect. Whether acl user table in the entry into force. Whether acl group list, at entry into force. Note ll view of group permissions are permissions mask. mask defines the highest authority. If the user is a group belonging to the file of the group, but also acl group list, it will get two group's accumulated rights.