Linux user and user group management

One User Profile

1 User Information File /etc/passwd

Let's open this file to see

There are some formats involved, we still remember to use man to view the help of configuration information

man 5 passwd

Here you see: Each item of the split has a detailed description, let's summarize it here

The first field: User name

The second field: password flag, we can see that all are x , then where is the real password? Let's look at the /etc/shadow file

Here we see that the second field corresponding to root is the root password. Obviously it is encrypted, so why the password is not directly placed in passwd, we look at the detailed permissions of the two files

For passwd, generally Users can still be readable, but for shadow, there is no permission, only root can view, this is to be more secure.

The third field: UID (user ID)

We can find in the passwd in addition to the root user we know, there are many other things we have not seen, these are called system users ( Pseudo-users), can't log in, just use it when doing system call service, we don't need to control them

0: superuser

1-499 system user (pseudo-user)< Br>

500-65535 Normal User

4th Field: GID (User Initial Group ID)

Here we want to distinguish between the initial group and the additional group

The initial group means that the user has the relevant authority of the group as soon as he logs in. Each user's initial group can only have one, which is generally the same group name as the user's user name as the initial group of the user

Additional group: Users can join multiple other user groups and have the rights of these groups. Additional groups can have multiple

5th field: user description, this is generally description information

6th field: Home directory

Normal user: /home/username/

Superuser: /root/

7th field: Login It Shell

Two shadow files /etc/shadow

We open this file to see

1st field : Username

The second field: Encrypted password, the encryption algorithm is SHA512 encryption algorithm, if it is ""!!”“*” means no password, can't log in

3 fields: The last modified date of the password. We see that this field of root is 17105. This is the standard time of January 1, 1970. Every day, the timestamp is +1

4th Field: The modification interval of the two passwords (compared to the third field), that is, how many days after the password can be modified, we see that the root user's field is 0

5th field: password Validity period (compared to the third field), we see that the root user's field is 99999, which is basically permanent.

The sixth field: the number of warning days before the password expires (and the fifth) Compared with the field, that is to say, for example, we set a password validity period in the fifth field, such as 10 days, then our field setting is 7, then there are 7 days left. When it expires, there will be a warning.

7th field: The number of grace days after the password expires (compared to the 5th field)

0 means that the password expires immediately after expiration, and -1 means never expires

The 8th field: The time when the account expires (to be represented by a timestamp). If this field has an expiration time set, the previously set validity period is useless.

ninth field: reserved

So we have been talking about timestamps, then we look at the conversion formula for timestamps

1 Convert timestamps to dates

date -d “1970-01-01 16066 days”

We converted the timestamp of 16066 to a date

2 Convert date to timestamp

Three sets of information files /etc/group and group password file /etc/gshadow

1 Group information file /etc/group

We open this file to see

Field 1: Group Name

Field 2: Group Password Flag

Field 3: GID

Field 4: Additional User in Group

2 Group Password File /etc/gshadow< Br>

Field 1: Group Name

Field 2: Group Password

Field 3: Group Management Username

The fourth field: additional users in the group

Brothers even Shen Chao said that the group password management is not recommended, generally managed by root, so here you can know

Four user management related files

1 User's home directory

Ordinary users: /home/username/, owner and group are all users, permissions are 700

Superuser: /root/, owner and own Groups are root, permissions are 550

2 User's mailbox

/var/spool/mail/username/

For example, we create a user fuqiang, then go to this Looking under the path, you will find that the new user's mailbox is automatically generated under this path

3 User Template Directory

/etc/skel /

Let's take a look at this directory

We see that the content under this directory is the same as the content under /home/username. That is to say, when creating a user, under the /home/user name, the files in these template directories are automatically generated

Five User Management Commands

1 User Add Command useradd :

useradd option username

Options:

-u UID Manually specify the user's UID, we know that the normal user's UID is from 500, automatically to the back, If I want to set a Geely number, such as 888, I can use this. Options

-d home directory, for example, if we don't want to put it under /home, we can use this option to change

-c user description

-g group name: manual Specify the user's initial group, this is generally not recommended to modify

-G group name: manually specify the user's additional group

-s shell: manually specify the user's login shell, the default is /bin/Bash

So if we don't add any options, what is the default? For example, I am adding a user of fq now

Let's come Check out the file information related to the user

We can see the default information

Then where is the user default file?