06 Linux user and group management

Knowledge about users and groups

  • Home directory

All users have home directories: root user's home directory is / root. The home directory of other users is / home /. For example, the home directory of user1 is / home/user1
When we create a user, the system will automatically create the user's home directory.
Home directory is represented by ~. cd ~ means to move to the home directory.

  • user

The user's information is saved in / etc/passwd. The file holds the user name, user id, group id and shell information.
All users have id numbers. In uid.

  • group

Concept of group: group users. This allows users to be managed by group.
Groups all have id numbers. In gid.
The main component and the vice component. Users can only have one primary group and multiple secondary groups.
By default, when you create a user, the user's primary group is automatically created. The user id is the same as the primary group id.

Commands about users

last        #View the user login information of the server (tty indicates physical machine login, pts indicates remote login)
whoami      #View the currently logged in user (who I am)
who         #View the currently logged in user (who is logged in to this server now)
id          #View current user id information (uid and gid)

Administrator user

The administrator user is a special user who has a lot of permissions (only root).

  • Add an administrator user
[root@localhost ~]$ vim /etc/sudoers
	user1	ALL(ALL)	ALL         #Add administrator user1

#In this way, you can have a lot of permissions, such as:
[user1@localhost ~]$ sudo systemctl restart firewalld    #Restart the service (add sudo before the command)

Administrative files about users and groups

/etc/passwd
cat /etc/passwd

Output:

......
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
user1:x:1000:1000::/home/user1:/bin/bash

This file is divided into several fields, separated by colons.
The fields are user name: x for password: uid:gid: user's description information: Home Directory: user's default shell
The second field represents the password, which is occupied by x. the real password is saved in the / etc/shadow file.
If the user's default shell is / sbin/nologin, the user cannot log in.

  • uid

root has a UID of 0
System user UID is 1 ~ 999
General user UID is 1000+

/etc/shadow

This file holds the user's password (hash value).

  • View / etc/shadow
cat /etc/shadow

Output:

root:$6$9tYeXsFoaHYvM.X4$c6g4oDV9A/l7OYerkrYmr1hNJXNccboRWUqnn4sjCvWnsPWNOO1S21OHqR1gTiGaUZhr9OxCYqv4aWugZGe9L1::0:99999:7:::
......

Interpretation:

format
    $id$salt$encrypted
 explain
    id 1,md5 encryption
    With id 5,SHA256 encryption
    With id 6,SHA512 encryption
    Salt is the salt value, which is an interference value for hash ing the password

Be careful:
This document is very important and cannot be obtained by others.
It is better to change the password regularly and set complex password.
Otherwise, it is easy to be cracked by others: https://blog.csdn.net/netrookiex/article/details/96431981

User management command

su switch user
su user1    #Switch to user1 (do not change the current directory)
su - user1  #Switch to user1 (change the current directory - > user1's home directory)
su			#Switch to root
exit        #Exit current user
Increase user

When creating a user, the system will automatically create a home directory and a mailbox directory (/ var / spool / mail / < user name >)

For example:

useradd user1       #Add user user1
passwd user1        #Change user user1's password

Parameters:

-d	#Specify home directory
-g	#Specify base group (primary group)
-G	#Specify extension group (sub group)
-u	#Specify user UID
-s	#Specify the Shell interpreter
-e	#Specified account expiration time (YYYY-MM-DD)
-c	#User description

For example:

useradd -d /user3 user3     #Create user user3 and specify / user3 as home directory instead of / home/user3
useradd -s /sbin/nologin user4     #Create user user4, but this user cannot log in
  • The command to add a group is similar:
groupadd userGroup	#Add group userGroup
Modify user information
usermod	    #Usage and parameters are almost the same as useradd
    -L	#Lock user (no login)
    -U	#Unlock (login allowed)
    -md	#Modify home directory and transfer old data to new home directory
Change user password
passwd user1    #Change user1's password
    -l	#Lock user (no login)
    -u	#Unlock (login allowed)
    -d	#Enable users to use empty password (system permission required)
    -e	#Change password at next login
    -S	#Display user password configuration information
    --stdin		#Read in password from standard input

Give an example:

echo "123" | passwd --stdin user6       #user6's password changed to 123, not user input
delete
userdel user6       #Delete user user6
    -r	#Delete user related directories at the same time

109 original articles published, 51 praised, 90000 visitors+
Private letter follow

Tags: shell sudo network vim

Posted on Fri, 06 Mar 2020 22:14:34 -0800 by renegade888