Linux System Management Technical Manual - Chapter 6 Adding New Users

6.1/etc/passwd File

Linux identifies the user's file when logging in. /etc/passwd

/etc/Passwd includes 7 fields:

Login name (no more than 32 bits, no more than 8 bits after using NIS system)

Encrypted password or password placeholder (mostly placed In the /etc/shadow file, MD5 encryption is used by default (34 bits after encryption), Blowfish is used in SUSE, and set by passwd command)

UID (user ID) number (32-bit unsigned number, recommended limit is In 32767, the UID of root is 0, and having multiple UIDs of 0 will create a potential security hole. LDAP is a popular UID management tool.

The default GID (group ID) number (/etc/Defined in the group file, GID 0: root group, GID 1: bin group, GID 2: daemon group, default GID works when creating new files and directories)

“GECOS”Information: full name, Office, extension, home phone (record user personal information, finger, c Hfn, GECOS information is very suitable for LDAP management)

Main directory (modifying DEFAULT_HOME of /etc/login.def to no, it will prohibit users without home directory from logging in)

Login shell (chsh The command changes the shell used by itself. The /etc/shells file contains a list of shells that the chsh command allows the user to use. Adding entries to the shell file must use an absolute path.

6.2/etc /shadowfile

Format: root:$1$buJ6v3Ch$bwLIof5each9Nv.OEzD3T0:13348:0:180:14::14974:

Only superusers can read /etc/shadow files

In the case of a covert password system, the original password field in the /etc/passwd file must contain an x

The administrator must have two files /etc/shadow and /etc/passwd Maintenance (or use the useradd tool to maintain it yourself)

You can use the pwconv tool to keep the contents of the shadow file and the passwd file consistent

/etc/shadow file 9 fields:

Name (same as /etc/passwd)

Encrypted password

Last modified password time ( Number of days since January 1, 1970)

The minimum number of days between password changes (to prevent the user from changing the password immediately after changing the password, it is recommended to set 0)

Changing the password twice The maximum number of days between

How many days in advance to warn the user that the password will expire

The date the account expires (the number of days since January 1, 1970)

Reserved field, Currently empty

6.3/etc/group file

Format:

wheel:x:10:net,evi,lynda,boggs,tom ,millert

student:*:200:dotty

The newgrp command causes users who do not belong to a group to become belonging to the group

/etc/group file contains 4 Field:

Group name (as far as possible within 8 characters)

Encrypted password or contains an x, indicating that there is a gshadow file

GID number (to avoid Vendor-supplied GID conflicts, it is recommended to assign local groups starting from GID 500)

Member list, separated by commas (do not add spaces)

6.4 Add User< Br>

for new Before the account is created, it is very important for the user to sign and date the copy of the local user agreement and policy statement.

Steps required by the system:

Edit the passwd and shadow file definitions User account:

Add the user to the /etc/group file

Set an initial password

Create a user home directory, use the chown and chmod commands to change the user's home directory. Owner and Properties

Steps for the user:

Copy the default startup file to the user's home directory

Set the user's mail home directory and create a mail alias

Steps for the administrator:

Verify that the account is set correctly

Add the user's contact information and account status to the database

1) Edit passwd And shadow files

Fedora and RHEL systems use vipw to edit the passwd file and ask if you want to edit the shadow file again. SUSE, Debian and Ubuntu use vipw -s to implement the above functions

Add the account linda to /Etc/passwd:

linda:x:2000:2000:linda,,,:/home/li Nda:/bin/sh

Add in the /etc/shadow file:

linda:*:16268:0:99999:7:::

2) Edit /etc/groupfile

linda::2000:linda

3)Set initial password

passwd linda

4) Create user home directory

mkdir /home/linda

chown linda:linda /home/linda

chmod 700 /home/linda

5) Copy the default startup file

cp /etc/skel/[a-zA-Z]* ~linda (skel is in /etc/skel under ubuntu12.04, find /-name skel under other systems)

chown Linda:linda ~linda/[a-zA-Z]*

chmod 600 ~linda/[a-zA-Z]* (note, can't be written as ~linda/.*, as this also includes: (/home), will cause linda not only the owner of the file, but also the owner of its parent directory, very dangerous)

6) set the user's mail home directory

See 18.3. 2 Sections

7)Verify the new login

Log out, log in as the new user, and execute the command

pwd /*Verify the home directory*/

Ls -al /*Check the owner and group of the startup file */

8) Record user status and contact information

Maintain contact information and account status database

< Br>

6.5 Deleting Users

Manually deleting users Steps:

Deleting users from all local user databases or phone directories

Deleting users from alias files , or add a forwarding address

Delete the user's crontab file and all pending at jobs

Terminate all still running user processes

Put users from passwd, shadow , group and gshadow files deleted

Delete user home directory

Delete user's mail storage file

6.6 Forbidden login

Method 1) Add an asterisk or other character before the encrypted password so that it cannot be logged in via password access

Method 2) usermod -L linda and usermod -U linda respectively indicate that the password is locked and unlocked ( SUSE is invalid)

Method 3) Replace the user's shell, this pseudo shell is not in /etc/shells

6.7 Account Management Tool

The useradd command adds the user to the passwd file (and adds it to the shadow file if possible)

The usermod command can change the existing user's entry in the passwd file.

The userdel command can delete the user from the system, and can also delete the user's home directory.

groupadd, groupmod, groupdel can be /Etc/group file operation

Add user

useradd -c "David Hilbert" -d /home/hilbert -g facultry -G famous -m -s /Bin/sh hibert

The effect is as follows:

in /etc/passwd (hilbert:x:1005:30:David Hilbert:/home/hilbert:/bin/sh)

In /etc/shadow (hiblert:!:11508:0:99999:7:0::)

In /etc/group (add hilbert to the faculty and famous groups)< Br>

Created the home directory /home/hilbert

Copyed the contents of /etc/skel to the home directory

Deleted users

userdel hilbert

Removed passwd, shadow, and group files associated with hilbert Information

will remove the user's home directory after the -r option