The more high server server security requirements, the need to establish a rational hierarchy of user rights and server operating specifications
Mainly to view and modify user information through the user profiles in Linux
User Profiles
User information file / etc / passwd
man 5 passwd passwd View profile
The first field: user name
2 fields: Password flag
Field 3: UID (user ID)
0: superuser
1-499: User (pseudo-user)
500-65535: ordinary users
Field 4: GID (initial user group ID)
Field 5: User Description
6 fields: home directory
Average user: / home / username /
Superuser: / root /
7 field: Shell after login (Linux command interpreter)
Initial set group and the additional
The initial group: refers to a user logs immediately have the appropriate permissions to this user group, each user can have only one initial group, and in general is the same group name as the user name of this user's initial group
Additional groups: that users can join a number of other groups, and these groups have rights, additional groups can have multiple
Shadow file / etc / shadow
The first field: user name
2 fields: the encryption password
SHA512 hash algorithm encryption upgrade to the encryption algorithm
If the password is a bit "!!" or "*" stands for no password, can not log in
3 fields: password last modified date
1970/1/1 use as a standard time, every passing day timestamp plus 1
Field 4: (fields 3 and compared) to modify the time interval of the password twice
5 fields: password is valid (and third fields compared)
Field 6: password to modify the number of days before expiration warning (and compared with field 5)
Field 7: Number of days after the grace password expires (and compared with field 5)
0: represents the password expires immediately
-1: represents the password never expires
8 fields: Account expiry time
To use the timestamp indicates
9 field: Reserved
Group information file / etc / group
1 fields: group name
2 fields: group password flag
Field 3: GID (group ID)
Field 4: additional user group
User management related documents
Home directory
Average user: / home / username /, owner and group are user permissions 700
Superuser: / root /, owner and group are the root user privileges is 550
User mailbox / var / spool / mail / username /
User Template directory / etc / skel /
User Management Commands
Users add command useradd [option] username
-u UID: Specifies the user's UID number
-d home directory: Specifies the user's home directory
-c user Description: specifies the user's instructions
-g Group name: Specifies the user's initial group
-G Group name: specify additional groups
-s shell: Specifies the user's login Shell, the default is / bin / bash
Add the user to modify the default file path related to useradd sc command as an example
grep sc /etc/passwd
grep sc /etc/shadow
grep sc /etc/group
grep sc /etc/gshadow
ll -d /home/sc
ll -d /var/spool/mail/sc
User Defaults file / etc / default / useradd and /etc/login.defs
The default user group, home directory, password expiration grace days, password expiration time, the default Shell, template directory, such as whether to set up a mailbox
Change the user password passwd [options] username
-S: password query status of the user password. Only the root user can
-l: temporarily locked users. Only the root user can
-u: unlock the user. Only the root user can
-studin: by the pipe symbol data outputted as a user's password
