The configuration files related to account management are as follows: the account information file is / etc / passwd, the account password file is / etc / shadow, the group information file is / etc / group, and the group password file is / etc / gsshadow.
1. What do you think of the / etc / passwd file
As shown in the figure above, each line in the / etc / passwd file is an account, and each field divided by colon has the following meanings according to sequence number:
[1] Account name. Rename using the command usermod – L
[2] Password, this field is enabled. The account password is configured in the / etc / shadow file
[3] Uid, the unique identification of the account. Commands that affect the value of this field include: useradd – u, usermod – U
[4] GID, the unique identification of the initial group, and the third field of the associated / etc / group file. This group is the default valid group of the account (valid groups can be switched by using the newgrp command). Commands that affect the value of this field include: useradd – G, usermod – G
[5] Description. Commands that affect the value of this field include: useradd – C, usermod – C
[6] Absolute path to home directory. Commands that affect the value of this field include: useradd – D, usermod – D
[7] Shell, which is enabled by default. When it is / SBIN / nologin, the account cannot log in. The shell that the account can use can be queried with the command Chsh – L (the query result is the content of the / etc / shells file). Commands that affect the value of this field include: useradd – s, usermod – S
2. What do you think of the / etc / shadow file
As shown in the figure above, each line of the file / etc / shadow corresponds to the password information of an account. The meaning of each field divided by colon is as follows according to the sequence number:
[1] Account name, associated with the first field of / etc / passwd file
[2] Password, encrypted ciphertext and encryption algorithm are defined by encrypt in / etc / login.defs file_ Method specifies SHA512 here. Commands that affect the value of this field include: usermod – L (preceding!! Freeze), usermod – U (unfreeze), passwd – L (freeze), passwd – U (unfreeze)
[3] Creation date. The figure above shows a number, which represents the number of days since January 1, 1970. Commands that affect the value of this field include: chage – D
[4] How many days will it take to change the password again after it is created? 0 means there is no limit. Commands that affect the value of this field include: passwd – N, chage – M
[5] The password expires after several days. 99999 days is about 99999 / 365 years, which means that the password will not expire for hundreds of years. Commands that affect the value of this field include: passwd – x, chage – M
[6] How many days before the password expires to start sending warning messages to users. Commands that affect the value of this field include: passwd – W, chage – W
[7] How many days can be allowed after the password expires? During this time period, the user can also log in and change the password. After this time period, the user can’t log in. Commands that affect the value of this field include: useradd – F, usermod – F, passwd – I, chage – I
[8] Expiration date, a number that represents the number of days since 1970-01-01. After this day, the user’s password will become invalid. No matter whether it expires or not, you can’t log in again. Commands that affect the value of this field include useradd – E, usermod – E, and chage – E
[9] Reserved
3. What do you think of the / etc / group file
As shown in the figure above, each line of the file / etc / group corresponds to a group. Each field divided by colon has the following meanings according to sequence number:
[1] Group name. Rename using the command: groupmod – n
[2] Password, enabled. The group password is configured in the / etc / gshadow file
[3] GID, the unique ID of the group, is associated with the fourth field in the / etc / passwd file as the initial group of the corresponding account. Commands that affect the value of this field include: groupadd – G, groupmod – G
[4] List of account names separated by commas. These accounts can be actively switched to members of the group. As shown in the figure above, user morphee (the initial group is morphee) can use the newgrp command to switch its effective group to MySQL or mail. Commands that affect the value of this field include: useradd – G, usermod – [a] G
4. What do you think of the / etc / gshadow file
As shown in the figure above, each line in the file / etc / gshadow corresponds to the password information of a group, and the colon is used as the meaning of each field after segmentation. According to the sequence number, they are as follows:
[1] Group name, corresponding to the group name in / etc / group
[2] Password, encrypted ciphertext, use the command gpasswd group_ Name to set the group password, use gpasswd – R group_ Name delete password
[3] Group administrator, use the command gpasswd – a user1,… Group_ Name to set the administrator of the group. Note: Group administrators can set passwords for group members
[4] Group members. This field is the same as the fourth field of / etc / group and changes synchronously. In addition to the useradd – G and usermod – G commands, it can also be maintained by gpasswd – [ADM]. Commands that affect the value of this field include: useradd – G, usermod – [a] G
———————————————–
In theory, account management can be performed by modifying the above four configuration files, but it is not recommended. Linux provides sufficient commands to manage accounts. Although these commands are actually used to modify the contents of these four files, it is recommended to use these commands:
Useradd: add account
Useradd morphee # creates a group morphee, an account morphee, and a home directory / home / morphee with permissions of 700. No password, unable to log in. Useradd - U 519 - G users morphee2 # establish account morphee2 and specify uid 519. Specify the initial group as usersuseradd - R morphee3 # establish system account morphee3. The range of uid and GID is 100 ~ 499. There is no home directoryUsermod: modify account
Userdel: delete account
Userdel morphee # deletes the account morphee: #1, from / etc / passwd and / etc / shadow# 2. Remove from the last field of / etc / group and / etc / gshadow# 3. If there are no other member accounts in the initial group, delete the group userdel - R morphee # in addition to deleting the account, delete its home directory and mail directoryPasswd: account password management
Passwd - s morphee # lists the password information related to the account morphee
Chage: modify the account password. General users can modify their own password with this command
Chage - L morphee # lists the password information related to the account morphee
Group add: adds a group
Groupmod: modify group
Groupdel: delete a group
Gpasswd: group password, group administrator and member management
Groups: view the groups to which you belong
Groups morphee # lists the groups to which the account morphee belongs
Newgrp: switch between valid groups
———————————————-
Other configuration files related to account management: / etc / login.defaults, / etc / default / useradd (some default values when using the command useradd).
1. What do you think of the file / etc / default / useradd
Group: default group ID
Home: the reference directory of the home directory. Adding an account and creating its home directory is equivalent to creating a new directory with the same name as the account name under the reference directory, affecting the sixth field of / etc / passwd
Inactive: set whether the password expires after expiration, – 1 means it will not expire, affecting the seventh field of / etc / shadow
Exit: password expiration date, affecting the 8th field of / etc / shadow
Shell: the default shell, affecting the seventh field of / etc / passwd
Skel: creating a home directory is the initial content of the reference, that is, when creating a home directory, the contents of the directory will be copied to the home directory
CREATE_ MAIL_ Spool: whether to create the corresponding mailbox directory. Yes / No. when yes, a directory with the same name as the account name will be created in the / var / spool / mail / directory to store the mail of the account
2. What do you think of the file / etc / login.defs
MAIL_ Dir: the base directory of the mail directory, usually / var / spool / mail
PASS_ MAX_ Days: the number of days from the date of password creation to expiration, affecting the fifth field of / etc / shadow
PASS_ MIN_ Days: the number of days after the password is created that cannot be changed, affecting the fourth field of / etc / shadow
PASS_ MIN_ Len: set the minimum length allowed by the password. It is enabled and replaced by the PAM module
PASS_ WARN_ Age: the number of days to start sending warning messages before the password expires, affecting the sixth field of / etc / shadow
UID_ Min: UIDs smaller than this number are system account numbers, which are set to 500 by default. When useradd is used and the – R option is not added, the account uid added is greater than this value
UID_ Max: the system supports the maximum uid value
GID_ Min: and UID_ The function of Min is similar to that of GID
GID_ Max: and UID_ The max function is similar, affecting GID
CREATE_ Home: create home directory by default, yes / No
Umask: the inverse code of the default permission of the home directory, that is, when the value is 077, the permission of the home directory is 700
USERGROUPS_ Enab: set whether to delete the group if there are no other member accounts under the initial group when the user del command is used to delete the account. yes/no
ENCRYPT_ Method: encryption algorithm, such as SHA512