Introduction to user management under Linux system

1. The significance of users and user groups

1) The meaning of user existence
2) The significance of user groups

2. How users and user groups exist in the system

3. System configuration files related to users

/etc/shadow user authentication information file

4. User-related operations

1) Creating and deleting users and user groups
2) Information management of users and user groups

5. User Decentralization

6. View and read file permissions

1. The significance of users and user groups

1) The meaning of user existence

The system resources are limited. How to allocate system resources reasonably?

1. Account

2. Authorization

3. Authentication

The above three 'a's are called the 3A mechanism, which constitutes the lowest-level security architecture in the system.

2) The significance of user groups

A user group is a logical container that classifies and uniformly authorizes users.

Simply put, user groups are like classes or community organizations when we were in school. What rights you are granted in your class and what powers your department in the community has, that's what you have. This facilitates the unified decentralization of power.

2. How users and user groups exist in the system

Because computers are sensitive to numbers, and we humans are more sensitive to names, we can use this feature to store users in the computer in the form of associated numbers and strings.

We know that everything in Linux is a file, so users are no exception. What we call users and user groups are actually a string in the file.

The user is a line of characters in the /etc/passwd file. The user group is a line of characters in the /etc/group file. vim /etc/passwd This command can be used to view the contents of the passwd file and obtain user information. vim /etc/group This command can be used to view the contents of the group file and obtain user group information.

However, it is a bit troublesome to view the ID information of users or user groups in files. Linux provides us with such commands to facilitate us to view the relevant information of users:

whoami View the current user name id [parameter][user name] View the user's id information. The default user name is to view the current user -u View the user's user id
    -g View the user's primary group id
    -G View all group IDs of the user
    -n displays the name. It cannot be used alone. It needs to be used in conjunction with the above command to display the user ID range:
    0: super user id
    1-999: Linux system ID
    1000-65535: User-level ID
            
            The above id information is recorded in /etc/login.defs

3. System configuration files related to users

/etc/passwd User identity information file

The meaning of the string in passwd: User name: User password: User ID: User primary group ID: User description: User home directory: User default shell

/etc/group Group identity information file

Group name: Group password: Group id: Additional members of the group

/etc/skel/.* User environment configuration file templates

/etc/shadow user authentication information file

/home/username User home directory

/var/spool/mail/username User mailbox file

4. User-related operations

1) Creating and deleting users and user groups

We can use the watch command to monitor the creation and deletion of users

watch -n 1 "tail -n 4 /etc/passwd /etc/group;echo =======;ls -l /home"

User creation command useradd:

useradd username ##User creation -u id username ##Specify user uid
        -g id username ##Specify the primary group id
        -G id username ##Specify additional group id
        -d dir username ##Specify the user's home directory -M username ##Do not automatically create a home directory when creating a user -c word username ##Specify user instructions when creating a user -s shell username ##Specify shell
userdel username ##User deletion -r username ##Delete the user and delete the home directory and system configuration file groupadd groupname ##Group creation -g id groupname ##Specify group id
groupdel groupname ##Group deletion

2) Information management of users and user groups

Sometimes we need to change the user's related attributes during the use of the server. Although we know that the user is stored in the form of a string in the /etc/passwd file and know the meaning of the string:

User name: User password: User id: User primary group id: User description: User home directory: User default shell

Of course, we can use the root user to modify these fields to change the user information, but in actual applications we will not do this, but use some related commands:

usermod [options] [parameters] [username]
 
[options]
        -l #Change user name -u #Change user uid
        -g #Modify the user's primary group id
        -G #Modify user additional group identity -aG #Add user additional group identity -c #Change user description text -d #Change user home directory pointer -md #Change home directory pointer and home directory name at the same time -s #Change default shell
        -L #Freeze account -U #Unlock account

Our password information is stored in the shadow file, shadow content:

Username: Encrypted password: Last modified time: Minimum modification interval: Password validity period: Number of warning days before password change: Grace time after password expiration: Account expiration time: Reserved fields

We can use the passwd command to modify password-related attribute information

passwd [options] [parameters] [username]
If option and parameter are not set, change password of 'username' [option]
        -S #Check password status -l #Freeze account authentication -u #Unlock account authentication -d #Delete user password -e #Change the default usage time to 0
        -n #Set the minimum usage time -x #Set the password expiration time -w #Set the expiration warning time -l #Set the number of inactive days change -d 0 [username] #Must change the password to log in change -E "xxxx-xx-xx" [username] #Set the freeze date

5. User Decentralization

When we use servers in practice, we often use decentralization, which allows us to execute some commands with higher permissions. For example, we can use decentralization to allow ordinary users to run some commands as root, so that we do not need to log in to the root account, while ensuring the security of the system while also achieving our goal.

Authorization method:

We can use the visudo command to modify the /etc/sudoers file (of course we can also use vi or vim to modify it, but vi and vim do not provide syntax detection, which makes it inconvenient to find errors when we modify the file incorrectly)

For convenience, we usually add decentralization around line 100 of the file:

username hostname=(newusername) [NOPASSWD:] /command, /command1

6. View and read file permissions

1) Permissions check

ls -l file # View file permissions ls -ld dir # View directory permissions

File permission information is divided into three categories:

u stands for user, which is the owner of the file; g stands for group, which is the owner group of the file; o stands for other, which is other people who have nothing to do with the ownership of the file; each major type has a flag bit with authority, which is rwx
r stands for read, which is the read permission, w stands for write, which is the write permission, and x stands for execute permission

We can use the chmod command to modify file-related permission information

chmod [ugo][+-=][rwx] [filename/dirname] #Grant permissions through expressions chmod [xxx] [filename/dirname] #Grant permissions through numbers By understanding Boolean quantities, we can convert the three bits of rwx from binary to octal.
w-2
x-1

S permissions

You can use string expressions to set S permissions. The functions of S permissions are:

When the s permission is set to the u bit of a file, it means that the file executor will obtain the owner identity of the file when executing it. It can only be used on binary files. When the s permission is set to the g bit of a file, it means that the file executor will obtain the group identity of the file. If it is used on a directory, the group of the files created in the directory will become the group of this directory. The effect of the Sticky Bit is only effective for directories, and the effect is that only the owner of the file can delete his own files in the current directory.

This is the end of this article about user management under Linux system. For more relevant content about user management under Linux system, please search previous articles on 123WORDPRESS.COM or continue to browse the related articles below. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in: