Linux user, user group management

Others 2020-03-06 16:44:50 views: null

Linux users and user group management

Linux system is a multi-user multi-task time-sharing operating system, a user want to use any system resources, must first apply for an account to the system administrator, and then log in as the account.

The user's account on the one hand can help system administrators to users using the system to track and control their access to system resources; it can also help you organize your files, and provide security protection for the user.

Each user account has a unique user name and password for each.

After the user types the correct user name and password when logging in, you can enter the system and their own home directory.

Implement user account management, work to be done mainly in the following aspects:

  • Add user accounts, delete and modify.
  • User password management.
  • User group management.

A, Linux user account management system

User account management mainly related to adding user accounts, modify, and delete.

Add user accounts is to create a new account in the system, and then assign users to a new account number, user group, home directory and login Shell and other resources. Just add the account is locked and can not be used.

1, add a new user account using the useradd command, its syntax is as follows:

useradd Options Username

Parameter Description:

  • Options:

    • -c comment Specifies the description of a comment.
    • -d directory Specifies the user's home directory, if this directory does not exist, you can use the -m option, you can create a home directory.
    • -g group of users specify the user group they belong to.
    • -G group of users, user groups, specify additional groups the user belongs.
    • -s Shell file specifies a user's login Shell.
    • -u user specifies the user number user number, if there are -o option, you can re-use other user identification number.

  • username:

    Specifies the login name of the new account.

Example 1

# useradd –d /usr/sam -m sam

This command creates a user sam, where -d and -m option is used to generate a home directory / usr / sam login name sam (/ usr as the default user's home directory is the parent directory).

Example 2

# useradd -s /bin/sh -g group –G adm,root gem

This command creates a GEM user, is the user's login Shell  /bin/sh, group it belongs to the user group, while groups belonging adm root user, wherein the user group is the group of the main group.

There may be a new group:#groupadd group及groupadd adm

Increase user account is in the / etc / passwd file, a record increase for new users, while updating other system files such as / etc / shadow, / etc / group and so on.

Linux provides integrated systems management tools userconf, which can be used for unified management of user accounts.

3, delete account

If a user account is no longer used, can be removed from the system. To delete a user account is / etc / passwd and other system files to delete the user record, if necessary, delete the user's home directory.

Delete an existing user account using a userdelcommand in the following format:

userdel username Options

Common option is -r, its role is to delete along with the user's home directory.

E.g:

# userdel -r sam

This command removes the user in a system file sam (mainly / etc / passwd, / etc / shadow, / etc / group, etc.) recording, deleting user's home directory.

4. Modify Account

Modify user account is about to change the attributes of a user based on the actual situation, such as the number of users, home directories, user groups, such as Shell login.

Modify existing user information using the usermodcommand format is as follows:

usermod options Username

Commonly used options -c, -d, -m, -g, -G, -s, -u以及-o等, meaning these options and useraddcommand options, as you can specify a new value for the resource users.

In addition, some systems can use the options: -l new user name

This option specifies a new account, the original user name soon changed to a new user name.

E.g:

# usermod -s /bin/ksh -d /home/z –g developer sam

This command sets the user's login sam Shell modified to ksh, the main directory to / home / z, the user group to developer.

5, user password management

An important part of user management is user password management. Just create a user account without a password, the system is locked but can not use, you must assign a password before you can use even specify an empty password.

Specify and modify user passwords Shell command passwd. Superuser can specify a password for yourself and other users, ordinary users can only use it to modify their own password. Format command is:

passwd username option

Options can be used:

  • -l Lock password, which disables the account.
  • -u password to unlock.
  • -d the account without a password.
  • -F forced to change password when users log in next time.

If the default user name, then modify the current user's password.

For example, assume that the current user is a SAM, the following command to modify the user's own password:

$ passwd 
Old password:****** 
New password:******* 
Re-enter new password:*******

If the super user, you can specify any user's password using the following form:

# passwd sam 
New password:******* 
Re-enter new password:*******

When ordinary users to change their passwords, passwd command will check the original password, and then verify that require users to enter a new password twice, enter the same password twice if, then the password assigned to the user; and the super user to specify a password for the user when you do not need to know the original password.

For reasons of system security, the user should select the more complex the password, for example, preferably using an 8-bit password, the password includes uppercase, lowercase letters and numbers, and should name, birthday, etc. differ.

When you specify an empty password for the user, execute the following command in the form:

# passwd -d sam

This command deletes the user sam's password when they next sign this user sam, the system does not ask for a password.

You can also lock the passwd command with -l (lock) the options for a user, it can not log in, such as:

# passwd -l sam

Two, Linux system user group management

Each user has a user group, the system can be centrally managed for all users in a user group. Linux systems have different requirements for different user groups, such as users of Linux users belonging to the group of its namesake, the user groups are created at the same time when creating a user.

Management user group involves adding user groups, delete and modify. Increase the group, delete and modify actually updates to the / etc / group file.

1, add a new user group using the groupadd command. The format is as follows:

groupadd options User Group

The available options are:

  • -g GID Specifies the group ID (GID) of the new user group.
  • -o -g option is generally used in conjunction with, the new group represents the GID may be the same GID system existing user groups.

Example 1:

# groupadd group1

This command adds to the system a new group group1, group identification number of the new group is added to 1 on the basis of the currently existing on the largest group identification number.

Example 2:

# groupadd -g 101 group2

This command adds a new group group2, specifying the identification number of the group is a new group of 101 to the system.

2, if you want to delete an existing user group, use groupdel command in the following format:

groupdel User Group

E.g:

# Groupdel group1

This command is deleted from the system group group1.

3, a user group is used to modify the properties groupmod command. The syntax is as follows:

groupmod options User Group

Commonly used options are:

  • -g GID Specifies the new group ID for the user group.
  • -o -g option while using the new GID user group can have the same GID system user group.
  • -n new user group will be the name of the user group to a new name

Example 1:

# groupmod -g 102 group2

This group ID command group 102 modified to group2.

Example 2:

# groupmod –g 10000 -n group3 group2

This command will set group2 identification number was changed to 10000, the group name changed to group3.

4, if a user belongs to a plurality of user groups, the user can switch between the user groups, to other users in order to have groups.

Users can log on, use the command newgrp to switch to other user groups, this parameter command is the purpose of the user group. E.g:

$ newgrp root

This command will switch to root of the current user group, a user group with the proviso that indeed the root user's primary group, or an additional set. Similar to the user account management, user group management can also be done through an integrated system management tools.

Third, related to a user account system files

Complete user management jobs there are many ways, but each method are actually related to system files to be modified.

Associated with the user and group information are stored in some system files, these files include / etc / passwd, / etc / shadow, / etc / group and the like.

The following describes the contents of these files.

1, / etc / passwd file is the most important document related to user management.

Linux system, each user has a corresponding rows in the / etc / passwd file, it records the user some basic properties.

This file is readable for all users. It's similar to the following example:

# cat /etc/passwd

root:x:0:0:Superuser:/:
daemon:x:1:1:System daemons:/etc:
bin:x:2:2:Owner of system commands:/bin:
sys:x:3:3:Owner of system files:/usr/sys:
adm:x:4:4:System accounting:/usr/adm:
uucp:x:5:5:UUCP administrator:/usr/lib/uucp:
auth:x:7:21:Authentication administrator:/tcb/files/auth:
cron:x:9:16:Cron daemon:/usr/spool/cron:
listen:x:37:4:Network daemon:/usr/net/nls:
lp:x:71:18:Printer administrator:/usr/spool/lp:
sam:x:200:50:Sam san:/usr/sam:/bin/sh

We can see from the above example, / etc / passwd in a row corresponds to a user, each of the rows in turn colon (:) 7 fields, the format and explained as follows:

Username: Password: user ID: Group ID: Annotated Description: home directory: login Shell

1) "User Name" is a string that represents the user account.

Generally no longer than eight characters, and the uppercase and lowercase letters and / or numbers. Login can not have a colon (:), because here is the colon delimiters.

For compatibility reasons, the login name is best not contain a dot character, and does not use a hyphen (.) (-) and plus (+) starts.

2) "Password" some systems, the storage of the encrypted user password.

Although this field is stored only encrypted password string, not expressly, but due to the / etc / passwd file can be read to all users, so this is still a security risk. So now many Linux systems (such as SVR4) use the shadow technique, the user password after the real encryption stored in the / etc / shadow file, and in the password field of / etc / passwd file is stored in only one special characters, such as "x" or "*."

3) "user ID" is an integer within the system to use it to identify the user.

Under normal circumstances it with the user name is one to one. If the user identification number corresponding to the number of user names are the same, within the system will treat them as the same user, but they can have different passwords, different home directories, and so on different login Shell.

User identification number is usually in the range from 0 to 65 535.0 super root user identification number of 1 ~ 99 retained by the system, as account management, common user identification number 100 from the beginning. On Linux systems, this limit is 500.

4) "group ID" field of the record is the group they belong to.

Which corresponds to a record / etc / group file.

5) "Notes description" field record some personal information of the user.

Such as the user's real name, phone, address, etc., this field is no practical use. In different Linux system, the format of this field is not uniform. In many Linux systems, this field is stored in the comment section of any description text, used as output finger command.

6) "Home Directory", that is, the user's home directory work.

It is located in the user directory after logging in to the system. In most systems, each user's home directory are organized in the same specific directory, and the name of the user's home directory is the user's login name. Each user has their own home directory read, write, execute (search) permission, another user access to this directory is set depending on the circumstances.

7) After the user logs on, to start a process, the user is responsible for the operation passed to the kernel, this process is a user logs on to the command interpreter or a particular program to run the system, namely Shell.

Shell is the interface between the user and Linux systems. There are many Linux-Shell, each with different characteristics. Commonly used sh (Bourne Shell), csh (C Shell), ksh (Korn Shell), tcsh (TENEX / TOPS-20 type C Shell), bash (Bourne Again Shell) and the like.

The system administrator can specify a Shell for the user according to the system and user habits. If you do not specify Shell, the system uses sh as the default login Shell, that is, the field is / bin / sh.

The user's login Shell can also be specified for a particular program (this program is not a command interpreter).

Using this feature, we can restrict users to running specific applications, at the end of the application is running, users will automatically exit the system. Some Linux systems require only those registered in the system program to appear in this field.

8) there is a class of systems called a pseudo-user user (psuedo users).

These users in / etc / passwd file also has a record, but can not log in because their login Shell is empty. They exist mainly to facilitate system management, system processes to meet the appropriate requirements document belongs to the Lord.

Common pseudo-user are as follows:

Meaning pseudo-user 
bin users have an executable command file 
sys file system has 
adm has an account file 
uucp UUCP using the 
lp lp or lpd subsystem 
nobody NFS use

Have an account file

1, in addition to the pseudo-user listed above, there are many pseudo-standard user, for example: audit, cron, mail, usenet, etc., they are also associated with each process and documents required.

Since the / etc / passwd file is readable by all users, if the user's password is too simple or obvious words of the law, an ordinary computer can easily break it, so the higher security requirements of the Linux system after the encrypted password regarded isolated, stored in a separate file, this file is / etc / shadow file. There are super-user only has read access to the file, which ensures the security of user passwords.

2, rows / etc / shadow in the etc / passwd in correspondence / data / etc / passwd in accordance with its command automatically generated by the pwconv

It file format the / etc / the passwd Similarly, the number of fields, between fields with ":" separated. These fields are:

Login: password encryption: Last modified: minimum time interval: maximum time interval: Warning time: No Time: Time: Logo
  1. "Login" is consistent with the / etc / passwd file in the user's login name account
  2. "Password" field is stored in the user password is encrypted, length of 13 characters. If empty, the user does not correspond to the password, a password does not need to login; if not contained in the set {./0-9A-Za-z} character, the corresponding user can not log.
  3. "Last modified" that is from a certain moment, to the last user to modify the number of days the password. The start time may be different for different systems. For example, in SCO Linux, this time starting point is January 1, 1970.
  4. "Minimum interval" refers to the minimum number of days required to change the password between the two.
  5. "The maximum time interval" refers to the password is valid maximum number of days.
  6. "Warning Time" field indicates the number of days between the start alert the user to the system from the user's password formal failure.
  7. "Inactivity Time" indicates the user is not logged activity but the account remains active maximum number of days.
  8. "Dead time" field is an absolute given number of days, if you use this field, then it gives the lifetime of the corresponding account. After the expiration of the account is no longer a legitimate account, it can no longer be used to log in.

The following is an example of the / etc / shadow of:

# cat /etc/shadow

root:Dnakfw28zf38w:8764:0:168:7:::
daemon:*::0:0::::
bin:*::0:0::::
sys:*::0:0::::
adm:*::0:0::::
uucp:*::0:0::::
nuucp:*::0:0::::
auth:*::0:0::::
cron:*::0:0::::
listen:*::0:0::::
lp:*::0:0::::
sam:EkdiSECLWPdSa:9740:0:0::::

3, all of the information stored in the user group are / etc / group file.

The user group is a means for users to manage and control access to the Linux system.

Each user belongs to a user group; a group may have a plurality of users, a user may also belong to different groups.

When a user is also a member of more than one group, the record in the / etc / passwd file is the primary group the user belongs, which is the default login group belongs, while the other group is called additional groups.

When the user wants to access a file belonging to additional groups, you must first use the newgrp command to become a member of the group to be visited in.

All information are stored in the user group / etc / group file. The format of this file is also similar to the / etc / passwd file, by a colon (:) separated several fields, these fields are:

Group Name: Password: Group ID: the group user list
  1. "Group Name" is the name of the group, made up of letters or numbers. And / etc / passwd login name as the group name should not be repeated.
  2. "Password" field password is stored in the user group encryption. General Linux system user group have no password, that this field is usually empty, or *.
  3. "Group ID" user ID and the like, is also an integer, the internal system was used to identify the group.
  4. "Subscriber in the group list" is a list of all users belonging / b] of this group, (,) different users are separated by commas. This user group may be the user's primary group, it may be an additional group.

/ A Examples etc / group file is as follows:

root::0:root
bin::2:root,bin
sys::3:root,uucp
adm::4:root,adm
daemon::5:root,daemon
lp::7:root,lp
users::20:root,sam

Fourth, add bulk users

Add and delete users on every Linux system administrators are easy, more difficult is if you want to add dozens, hundreds or even thousands of users, we are less likely to use useradd to add one by one, necessity of creating a large number of users looking for easy ways. Linux system provides the tools to create a large number of users, allowing you to create a large number of users immediately, as follows:

(1) first user to edit a text file.

Each column in accordance with the /etc/passwdformat of writing the password file, pay attention to each user's user name, UID, can not host the same directory where the password field can be left blank or enter x number do. User.txt a sample file reads as follows:

user001::600:100:user:/home/user001:/bin/bash
user002::601:100:user:/home/user002:/bin/bash
user003::602:100:user:/home/user003:/bin/bash
user004::603:100:user:/home/user004:/bin/bash
user005::604:100:user:/home/user005:/bin/bash
user006::605:100:user:/home/user006:/bin/bash

(2) execute the command as root  /usr/sbin/newusers, the file you just created from the user user.txtto import data, create a user:

# newusers < user.txt

You can then execute the command  vipw or  vi /etc/passwd check  /etc/passwd file these data whether the user has occurred, and whether the user's home directory has been created.

(3) Run / usr / sbin / pwunconv.

The  /etc/shadow generated  shadow code decoding, and then written back  /etc/passwd in, and /etc/shadowthe shadowpassword field deleted. This is to facilitate the next step of the cryptographic transformation work, which is to cancel the  shadow password function.

# pwunconv

(4) edit each user's password control file.

Sample files  passwd.txt as follows:

user001: Password 
user002: Password 
user003: Password 
user004: Password 
user005: Password 
user006: Password

(5) execute commands as root  /usr/sbin/chpasswd.

Create a user password, chpasswd it will pass  /usr/bin/passwd encoded command code written  /etc/passwd password bar.

# chpasswd < passwd.txt

(6) determining the encoded password write / etc / passwd the password field.

Run  /usr/sbin/pwconv password encoded  shadow password, and writes the result  /etc/shadow.

# pwconv

This completes the creation of a large number of users, after which you can go to the / home user home directory permissions for these check whether the settings are correct, and user login authentication password is correct.

Current person
Published 29 original articles · won praise 3 · views 20000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/yangleiGJ/article/details/85991546
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com