Linux is an operating system can achieve multi-user login, and allows multiple users to log in to the system resources. System to distinguish each user's files, processes, tasks, according to accounts provided specific working environment for each user.
First, the basic concept of user groups of
the system when parsing the user, and not directly to resolve the user name, but you make it enough that identifying and analyzing the ID, UID, GID
1、UID
Administrator: 0
average user: 1-65535
system users: 1-499 (centos6), 1-999 ( centos7)
login user: 500-60000 (centos6), 1000-60000 ( centos7)
name resolution: username <--- ---> UID
by name parsing library: / etc / passwd
2 GUIDE
Administrators group: 0
Normal Group: 1-65535
system user group: 1-499 (centos6), 1-999 ( centos7)
Login User Group: 500-60000) (centos6), 1000-60000 (centos7)
name resolution: groupname <------> gid
name resolution library: / etc / group
group Type: basic user groups, user additional groups
3, password policy
1, using a random password
2, a minimum length of not less than 8
3, should capital and lowercase letters, numbers, punctuation marks at least three
4, regular replacement
4, encryption algorithm
Symmetric encryption: encryption and decryption of a ciphertext is the same
asymmetric encryption key pair
algorithm: MD5, sha128, sha256
Second, the user and group management
Security Context: process runs in its capacity as the initiator; the process of file access, depending on the user to initiate this process rights
groupadd: Add group
Usage: groupadd [选项] group
Options
-g GID | Specifies the GID, can not create a system user groups created by default |
---|---|
-r | Create a system group |
groupmod: Modify Group
Options
-g GID | Modify the GID |
---|---|
-n newgroupname | Modify the group name |
groupdel: Delete Group
goupdel groupname
useradd: Add User
Options
-u UID | Specifies the UID |
---|---|
-g GID | Specifies basic group ID, a group to give this preexisting |
-G | Specify additional groups |
-c | Add comment information |
-d | Specifies the home directory, copy / etc / skel and rename the realization |
-s | Specify the default shell |
-r | Create System User |
-D | The Create default configuration of users |
For example
# useradd -u 5000 -g 500 -G jerry -c "hello world" -s /bin/sh tom
usermod: Modify User Attributes
Options
-u UID | Specifies the UID |
---|---|
-g GID | Specifies basic group ID, a group to give this preexisting |
-G | Specify additional groups |
-a | Added new additional group |
-c | Add comment information |
-d | Specifies the home directory, copy / etc / skel and rename the realization |
-m | Used with -d, the original home directory to move to a new home directory |
-l | Modify the user name |
-s | Specify the default shell |
-L | Lock the user |
-U | Unlock user |
For example
Gentoo modify the user's home directory is / var / tmp / gentoo; requires its users to access the original file can still be
# usermod -m -d /var/tmp/gentoo gentoo
userdel: Delete User
-r | And home directory be deleted |
---|
passwd: create or modify user password
- passwd: change the password
- passwd username: modify the specified user password, only root
Options
-l | Lock the user |
---|---|
-u | Unlock user |
-d | Clear password string, |
-e date | Expiration period |
-n days | Minimum deadline |
-x days | Maximum age |
-w days | Alarm time |
- -stdin | Create a password noninteractive |
E.g
echo "password" | passwd --stdin username
gpasswd: Create or modify the group password
gpasswd groupname
Options
-a username | Add a user to a group |
---|---|
-d username | Remove users from a group |
id: display the user's ID number
-u | Display UID |
---|---|
-g | Display GID |
-G | Show which group ID |
-n | -U -g -G needs and with the use of the name is displayed instead of ID |
chage: change user password expiration information
usage
chage options 登录名
Options
-d date | Specifies the password was last modified |
---|---|
-E date | Password expiration date, over time the account is not available |
-w days | Alarm time |
-m days | The minimum number of days a password can be changed |
-M days | The maximum number of days the password is valid |
Parsing library file
/etc/passwd 7个字段
root:x:0:0:root:/root:/bin/bash片
In: as the delimiter
1、用户名,长度不要超过8个字符,数字字母组成
2、口令:passwd ,shawod ,使用x占位符
3、用户的标识符UID
4、用户组的标识符GID
5、注释信息
6、用户的家目录
7、登录shell
密码信息
/etc/shadow
root:$6$rxtW5qBw$yNHpzQxqF61aBP.4EgWwdZG32DiaRg537VnUFV0x947zXHs3VLgEiToxwCQB1YsdqgTBlaQuP.gYirQQABoYB.:18312:0:99999:7:::
1、登录名
2、用户的加密口令,*,被锁定,!!代表过期, 加密算法, 加密因子
3、口令最后一次修改时间
4、两次修改口令最小的时间间隔
5、口令有效的最大天数
6、告警时间
组信息
/etc/group
root:x:0:
1、组名
2、口令
3、GID
4、以他为附加组的组内用户
练习
1、创建用户gentoo,UID为4001,基本组为gentoo,附加组为distro(GID为5000)和peguin(GID为5001);
# groupadd -g 5000 distro
# groupadd -g 5001 peguin
# useradd -u 4001 -G distro,peguin gentoo
2、创建用户fedora,其注释信息为"Fedora Core",默认shell为/bin/tcsh;
# useradd -c "Fedora Core" -s /bin/tcsh fedora
3、修改gentoo用户的家目录为/var/tmp/gentoo;要求其原有文件仍能被用户访问;
# usermod -m -d /var/tmp/gentoo gentoo
4、为gentoo新增附加组netadmin;
# groupadd netadmin
# usermod -aG netadmin gentoo