File function |
File name |
##User account file
| /etc/passwd |
User password | /etc/shadow |
User group account file | /etc/gruoup |
User group password file | /etc/gshadow |
##(1) User account file——/etc/passwd
passwd
is a text file used to define user accounts of the system, since all users have
passwd
has read permission, so only user accounts are defined in this file, and passwords are not saved.
#
Each line defines a user account information, each line consists of
7
It consists of fields, and the fields are separated by
":"
separated by:
Account Name
:
password
:UID:GID:
personal information
:
Main directory
:Shell
/etc/passwd
Field description in the file
Account name: User login
Linux
The name used by the system.
Password: This was where passwords were previously saved in encrypted format, now passwords are saved in
/etc/shadow
file, here is just the password holder
"x"
or
"*"
. If
"x"
, indicating that the password has passed
shadow
protection of.
-
UID
: The user's identifier is a numerical value, which is used to distinguish different users. Each user has a
UID
Value:
of super user
UID——0
System user’s
UID——1
~
999
for ordinary users
UID——
≥
1000
GID
: The identifier of the basic group where the user is located is a numerical value, which is used to distinguish different groups. The same group has the same
GID
.
Personal information: You can record the user’s complete name, address, office phone number, home phone number and other personal information.
Home directory: similar
Windows
's personal directory, usually
/home/username
,here
username
is the username, user executes
"cd
~
"
command, the current directory will be switched to the personal home directory.
Shell
: Define what is activated after the user logs in
Shell
, the default is
Bash Shell
(2) User password file——/etc/shadow
#Each line A user information is defined. Each field in the row is separated by ":". The format is as follows:
Login name: Encrypted password: Last modification time: Minimum time interval: Maximum time interval: Warning time: No Active Time:Expiration Time:Flag
The meanings of the 9 fields in each line of the
/etc/shadow file are fields
Login name: Login name
Encrypted password: Password encrypted using SHA-512/SHA-256/MD5 algorithm ($id$, id is 1 for md5, 5 for sha256, 6 for sha512), if it is empty, Indicates that the user can log in without a password. If it is "*", it means that the account cannot be used to log in to the system. If it is "!", it means that the account password has been locked.
Last modification Time: The date when the password was last changed, expressed as the number of days from January 1, 1970
Minimum time interval: How many days the password cannot be changed. The default value is 0, which means there is no limit.
Maximum time interval: how many days after which the password must be changed. The default value is 99999, which means no restriction.
Warning time: how many days in advance to warn the user that the password will expire. The default value is 7 days, 0 means no warning is provided
Inactivity time: How many days after the password expires to disable this user
Expiration time: Password expiration date, expressed in days from January 1, 1970, the default is Empty, means permanently available. Flag: reserved for future development.
View the date when the user last modified the root password
(3) User group account file -/etc/group
Each group in the system has a line record in the /etc/group file, and any user can Read the user group account information configuration file.
Field description
Groupname: The name of the group
Passwd: The encrypted password of the group
GID: It is the ID that the system uses to distinguish different groups. The GID field in the /etc/passwd domain uses this number to specify the user's basic group.
Userlist: It is the user name separated by ",", and the listed members have this group as an additional group.
Assignment:
1. Create user lockuser, and specify the home directory as /home/lock, and then lock the user
2. Unlock lockuser and set the password to be changed the next time you log in.
3. Create user testuser and set password , change the user name to normaluser
4. Create a file, query the acl of the file, set acl for the file. The user is testuser1 and the permission is rwx. Set the acl mask: permission for the file. For r-x
5, set suid, set suid for the file (two ways u s and nnnn)
6. Set sgid, the way to set sgid for files (two ways g s and nnnn)
7. Set sbit, the way to set sbit for directories (two ways o t and nnnn)
Linux Add User to User Group
Through several examples using the Linux command line, I will show you step by step how to add users to the user group on Linux. Add users to user groups and how to add users and groups on Linux. These commands should work on any Linux distribution and have been tested on CentOS, Debian, and Ubuntu.
Add a new user to the user group
A Linux user can have a primary group and one or more secondary groups. These groups can be used as arguments to the adduser
command when creating a user.
All commands must be executed as the root
user. On Ubuntu, prepend all commands with sudo
, or run sudo -s
to switch to the root
user.
Add user groups
As a first step, I will add two new user groups, family
and friends
:
groupadd family
groupadd friends
Add a new user to a single user group
Below I will add a new user tom
and also add the user to the user group Groupfamily
. The family
user group will be added as a subordinate group using the -G
parameter.
useradd -G family tom
Add new user to multiple user groups
tom
is now a user in the family
user group. Parameter -G
allows specifying multiple user groups, separated by commas between each user group. If you want to add user tom
to the family
and friends
user groups, use the following command:
useradd -G family,friends tom
Set User Password
Please note that new Linux user tom
does not have a password yet, so cannot log in. To set the password for this user, you can execute the following command:
passwd tom
and enter the new password twice when the command requests it.
In the above example, we added user tom
to the secondary group. The adduser
command automatically created a new primary group and assigned the group Main group.
Set a new main group
Maybe you want to add ## When using #tom, set the main group to
family (instead of the
tom user group created by default), and the subsidiary group to
friends, you can use this Command:
useradd -g family -G friends tom
Use the man command to get a detailed description of all command line options of the
useradd command:
man useradd
Add an existing user to the user group
For this task, we will use the usermod command.
usermod The command can modify various options of the user, including the user's group membership.
First I will add a third user group colleagues:
groupadd colleagues
using usermod
I will add the colleagues user group as an affiliate group to the user
tom:
usermod -a -G colleagues tom
Command explanation: -a means
append, which can only be used in combination with the
-G option (affiliated group). So in the end we added the
tom user to the
colleagues user group, which is an affiliated group of the user.
-G
选项可以指定多个用户组,每个用户组之间使用逗号进行分隔。例如:-G group1,group2,group3
。
如果想要修改 tom
用户的主组为 family
,可以使用命令:
usermod -g family tom
使用 man
命令可以获取 usermod
命令的所有命令行选项的详细说明:
man usermod