Detailed explanation of the relationship between Linux users and user groups
1, user and user group files
In linux, user accounts, user passwords, user group information, and user group passwords are stored in different configuration files.
In the linux system, the created user account and its related information (except the password) are stored in the /etc/passwd configuration file. Since all users have read permission for the passwd file, the password information is not saved in the file but is saved in the /etc/shadow configuration file.
In the passwd file, a line defines a user account, each row consists of several different fields, each field value is separated by ":", and each field represents a certain aspect of the account information.
In the newly installed linux system, the passwd configuration file already has a lot of account information. These accounts are automatically created by the system. They are the accounts that need to be used for the normal operation of the linux process or some service programs. The last field of these accounts is. The value is usually / sbin/nologin, indicating that the account cannot be used to log in to the linux system.
In the passwd configuration file, the correspondence between fields from left to right and their meanings:
Since passwd no longer stores password information, it is represented by x.
To make a user account unable to log in to Linux, simply set the user's shell to / sbin/nologin. For example, for an FTP account, you are generally allowed to log in and access only the FTP server. You are not allowed to log in to the linux operating system. To make a user not have telnet authority, that is to say, the user is not allowed to use telnet to log in remotely and access the linux operating system. Then set the shell used by the user to /bin/true. To allow users without telnet and ftp login privileges, set the user's shell to /bin/false.
In the /etc/shells file, if there is no /bin/true or /bin/false, then manually add: [root@localhost ]# echo "/bin/false">>/etc/shells[root@localhost ~ ]# echo "/bin/true">>/etc/shells
2, the user password file
For the sake of security, the user's real password is encrypted using the MD5 encryption algorithm and stored in the /etc/shadow configuration file. Only the root user can read this file.
Similar to the passwd file, the shadow file also defines information about each line and saves an account. The first field is the user account name, and the second field is the password for the account.
3, user group account file
User group account information is stored in the /etc/group configuration file and can be read by any user. The user group's real password is stored in the /etc/gshadow configuration file.
In group, the first field represents the name of the user group, the second field is x, the third is the ID number of the user group, and the fourth is the user member list of the user group. Each user name is separated by a comma .
4, add users
Create or add a new user using the useradd command. Its command usage is:
Useradd [option] username There are many option options for this command, the main ones are: -c comment user set comment on account description text -d home directory specified to replace the default / home/username home directory -m If the directory does not exist, create it. -r combines with -m to create a home directory for system accounts -M does not create a home directory -e date specifies the date when the account expires. The date format is MM/DD/YY-f days. The account is permanently suspended after a few days expire. If - is specified, it is immediately suspended. If -1, the function is disabled -g user group specifies the user group to which the user is added. The user group must exist -G user group list specifies the user group to which the user is added at the same time List, each group separated by a pseudo-n does not create a private user group for the user -s shell specifies the shell used by the user to log in. The default is /bin/bash-r. Creates a system account with a user ID less than 500. By default, no corresponding account is created. Home Directory -u User ID Manually specify the new user's ID value, which must be unique and greater than 499-p password Specifies the login password for the new user. The password here is the password value obtained by encrypting the MD5 password for the login password. The actual password is not true. Therefore, in practical applications, this parameter option is used less often. The passwd command is usually used to set the login password for the user.
Example:
To create a user named nisj as a member of the babyfish user group, the command is: [root@localhost ~]# useradd -g babyfish nisj[root@localhost ~]# id nisjuid=502(nisj) gid =500(babyfish) groups=500(babyfish)[root@localhost ~]# tail -1 /etc/passwdnisj:x:502:500::/home/nisj:/bin/bash When adding a user, if not used - If the g parameter specifies a user group, the system automatically creates a private user group with the same name as the user account by default. If you do not need to create this private user group, you can use the -n parameter. For example, adding an account named nsj820 without specifying a user group results in: [root@localhost ~]# useradd nsj820[root@localhost ~]# id nsj820uid=503(nsj820) gid=503(nsj820) Groups=503(nsj820)[root@localhost ~]# tail -1 /etc/passwdnsj820:x:503:503::/home/nsj820:/bin/bash[root@localhost ~]# tail -2 /etc/ Passwdnisj:x:502:500::/home/nisj:/bin/bashnsj820:x:503:503::/home/nsj820:/bin/bash # The system automatically creates a user group named nsj820 with an ID number of 503
When creating a user account, the system will automatically create the corresponding home directory of the user. The default directory is placed in the /home directory. To change the location, use the -d parameter. For the shell used when the user logs in, the default is /bin. /bash, to change, use the -s parameter to specify
For example, to create an account named vodup with the home directory in the /var directory and specify the login shell as / sbin/nologin, the action command would be:
[root@localhost ~]# useradd -d /var/vodup -s /sbin/nologin vodup[root@localhost ~]# id vodupuid=504(vodup) gid=504(vodup) groups=504(vodup)[root@ Localhost ~]# tail -1 /etc/passwdvodup:x:504:504::/var/vodup:/sbin/nologin[root@localhost ~]# tail -1 /etc/groupvodup:x:504:
5, set the account properties
For created users, you can use the usermod command to modify and set various attributes of the account, including login name, home directory, user group, login shell, etc. The usage of this command is:
Usermod [option] username options
(1) Change the user account name
Use - l parameter to achieve, the command usage is: usermod -l new user name original user name
For example, to rename user nsj820 to nsj0820, the operation command is: [root@localhost ~]# usermod -l nsj0820 nsj820[root@localhost ~]# id nsj0820uid=503(nsj0820) gid=503(nsj820) groups= 503 (nsj820) [root @ localhost ~] # tail -1 / etc / passwdnsj0820: x: 503: 503:: / home / nsj820: / bin / bash visible from the output, the user name has been changed to nsj0820. The home directory is still the original /home/nsj820. If you also want to change to /home/nsj0820, you can execute the following command to implement [root@localhost ~]# usermod -d /home/nsj0820 nsj0820[root@localhost ~] # id nsj0820uid=503(nsj0820) gid=503(nsj820) groups=503(nsj820)[root@localhost ~]# tail -1 /etc/passwdnsj0820:x:503:503::/home/nsj0820:/bin/ Bash[root@localhost home]# mv /home/nsj820 /home/nsj0820
(2) Locking the account
To temporarily disable user login, lock the user account. Locking the account can be achieved with the -L parameter, and its command usage is:
Usermod -L account to lock
Linux locks the user by identifying the user locked by adding "!" to the password field in the password file shadow.
[root@localhost home]# usermod -L nsj0820[root@localhost home]# tail -1 /etc/shadownsj0820:!JEW25RtU$X9kIdwJi/HPzSKMVe3EK30:16910:0:99999:7:::
But going in through the root user and then su to the locked user, you can go in.
(3) Unlock account
To unlock an account, use the usermod command with the -U parameter.
[root@localhost ~]# usermod -U nsj0820[root@localhost ~]# tail -1 /etc/shadownsj0820:JEW25RtU$X9kIdwJi/HPzSKMVe3EK30:16910:0:99999:7:::
6, delete the account
To delete an account, use the userdel command, which is used as: userdel [-r] account name
-r is optional. If you take this parameter, delete the account and delete the corresponding home directory of the account.
[root@localhost ~]# userdel -r nsj0820
To set the expiration time for all user account passwords, you can do so by modifying the value of the PASS_MAX_DAYS configuration item in the /etc/login.defs configuration file. The default value is 99999, which means that the user account password never expires. The PASS_MIN_LEN configuration item is used to specify the minimum length of the account password. The default is 5 characters.
7, set the user login password
Use the passwd command to set the command usage: passwd [account name] If you specify the account name, set the login password for the specified account, the original password is automatically overwritten. Only the root user has the right to set the password for the specified account. General users can only set or modify the password of their own account (without parameters).
For example, to set the login password for the nisj account, the operation command is: [root@localhost home]# passwd nisjChanging password for user nisj.New password: BAD PASSWORD: it is too shortBAD PASSWORD: is too simpleRetype new password: passwd: All authentication tokens updated successfully. After the account login password is set, the account can log in to the system.
8, lock / unlock account password and query password status, delete account password
In Linux, in addition to the user account can be locked, the account password can also be locked, after either party is locked, will not be able to log in the system. Only the root user has the right to execute this command. To lock the account password, use the passwd command with the -l option. Its usage is:
Passwd -l account_name passwd -u account_name #unlock account password[root@localhost home]# passwd -l nisjLocking password for user nisj.passwd: Success[root@localhost home]# passwd -u nisjUnlocking password for user nisj.passwd : Success
To query if the password for the current account is locked, use the passwd command with the -S parameter. The usage is: passwd -S account name eg [root@localhost home]# passwd -S nisjnisj PS 2016-04-18 0 99999 7 -1 (Password set, MD5 crypt.)
To delete an account's password, use the passwd command with the -d parameter. Only the root user has the right to execute this command. Its usage is: passwd -d Account name After the account password is deleted, you cannot log in to the system unless Reset your password.
9, create a user group
Users and user groups belong to a many-to-many relationship. A user can belong to multiple user groups at the same time. A user group can contain multiple different users.
Create a user group using the groupadd command whose command usage is: groupadd [-r] user group name
If the command has the -r parameter, a system user group is created. The GID value of this user group is less than 500. If there is no -r parameter, an ordinary user group is created with a GID value greater than or equal to 500.
10, modify the user group properties
After the user group is created, the related attributes of the user group can be modified as needed. The modification of user group attributes is mainly to modify the name of the user group and the GID value of the user group. (1) Changing the name of a user group To rename a user group, use the groupmod command with the -n parameter. The usage is: groupmod -n New user group name Original user group name
Rename a user group without changing its GID value
For example, to rename the student user group to the teacher user group, the operation command is: [root@localhost home]# groupadd student[root@localhost home]# tail -1 /etc/groupstudent:x:505:[root@ Localhost home]# groupmod -n teacher student[root@localhost home]# tail -1 /etc/groupteacher:x:505:
(2) Reset the GID value of the user group's GID user group You can re-set the setting, but it cannot be duplicated with the GID value of the existing user group. Modifying the GID does not change the name of the user name.
To modify the GID of a user group, use the groupmod command with the -g parameter, whose usage is: groupmod -g new_GID user group name
For example, to change the GID of the teacher group to 506, the action command would be: [root@localhost home]# groupmod -g 506 teacher[root@localhost home]# tail -1 /etc/groupteacher:x:506:
11, delete the user group
Deleting a user group is achieved using the groupdel command. Its usage is: groupdel user group name
When deleting a user group, the deleted user group cannot be a private user group of an account. Otherwise, the deleted user group cannot be deleted. To delete the user group, delete the account that references the private user group and then delete the user group.
[root@localhost home]# groupdel teacher[root@localhost ~]# grep teacher /etc/group # There is no output, indicating that the teacher user group does not exist, delete the success
12, add the user to the specified group / remove the user from the specified group
Users can be added to the specified group to make it a member of the group. The implementation command is: gpasswd -a user account user group name
To remove a user from a user group, the implementation command is: gpasswd -d user account user group name For example: [root@localhost home]# groupadd student[root@localhost home]# gpasswd -a nisj studentAdding user nisj to Group student[root@localhost home]# id nisjuid=502(nisj) gid=500(babyfish) groups=500(babyfish),505(student)[root@localhost home]# gpasswd -d nisj studentRemoving user nisj from group student [root@localhost home]# id nisjuid=502(nisj) gid=500(babyfish) groups=500(babyfish)[root@localhost home]# groups nisjnisj : babyfish
13, set the user group administrator
Add a user to a group and remove a user from the group, except that the root user can perform this operation, and the user group administrator can perform this operation.
To assign a user as an administrator of a user group, use the following command to implement it;
Gpasswd -A User group command to manage user accounts Function: Sets the specified user as the user administrator of the specified user group. A user administrator can only perform user management on an authorized user group (adding users to or removing users from the group), and has no right to manage other user groups.
[root@localhost home]# gpasswd -a nisj studentAdding user nisj to group student[root@localhost home]# gpasswd -A nisj student[root@localhost home]# useradd stu[root@localhost home]# gpasswd -a stu studentAdding User stu to group student[root@localhost home]# groups stustu : stu student[root@localhost home]# su - nisj[nisj@localhost ~]$ gpasswd -d stu studentRemoving user stu from group student[nisj@localhost ~] $ gpasswd -d stu stugpasswd: Permission denied.
14, user other related
In addition, Linux also provides commands such as id, whoami, and groups to check the status of users and groups. The id command is used to display the current user's uid, gid, and the list of user groups to which they belong; whoami is used to query the current user's name; groups is used to view the user group to which the specified user belongs.
At the same time, we can use the graphical interface to manage users and user groups. The system ---> management ---> users and groups can open the corresponding configuration interface.
Attachment: To add a user to a group, you can also add a user to a user group as follows. Do not use: usermod -G groupA This will cause you to leave other user groups, just for this user group groupA member. You should use the -a option: usermod -a -G groupA user(FC4: usermod -G groupA,groupB,groupC user) -a for append, that is, adding itself to the user group groupA without leaving other user groups .
Fully Transparent Liquid Crystal Display
Fully Transparent Liquid Crystal Display,Industrial Instrument Lcd Display,Household Appliances Lcd Display,Fire Facility Instrument Display
Dongguan Yijia Optoelectronics Co., Ltd. , https://www.everbestlcdlcms.com