Let’s get to know the privilege management of Linux. What we recognize is not your user name and password, but your uid and GID. To put it bluntly, it’s your user ID and group ID
The code is as follows:
<p>root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
The top 0 is the user ID, and the group ID is also 0. Of course, it’s my current user root
When a user logs in, he or she will go to / etc / passwd according to your user name, such as my root. If he or she doesn’t have this user, he or she will go to / etc / shadow to find the corresponding uid password, and finally log in
The code is as follows:
Root # user name
X # represents the password, which is now stored in / etc / shadow
0 # user’s UID</p>
Root # user information column description
/Root home directory
/Bin / bash # supports shell</p>
>cat /etc/shadow
root:$6$5SjcaJAS$EH0r0LsApaWsmpoz5Zoz4iSavI7nr./VVmUi5GnFYLsScVS7fTWz9JK7E8..bNajM7jV2qBBn9fck5oiGzx0N1:16147:0:99999:7::: </p>
$…… It’s very long. That’s the code
16147? Date of password change
0 # the date when the password can be changed is the change date of the last 16147, and 0 is the change date at any time
99999 # number of days for password change
7 # password warning, that is, the password is about to expire. Windows users should have seen it
The seventh has no value. This is the password expiration date
The eighth field is the account expiration date
Field 9? Reserved
General Command
Useradd – G user secondary group
The code is as follows:
>grep xiaowei /etc/shadow /etc/passwd /etc/group
/etc/shadow:xiaowei:!:16147:0:99999:7:::
/etc/passwd:xiaowei:x:1001:1001::/home/xiaowei:/bin/sh
/etc/group:users:x:100:xiaowei
/etc/group:xiaowei:x:1001:
Groups supported by groups
The code is as follows:
root xiaowei
Newgrp switch group
The code is as follows:
>id
uid=0(root) gid=1001(xiaowei) groups=0(root),1001(xiaowei)
Useradd add add account
Useradd [- U uid] [- G initial group] [- G secondary group] [- mm] [- C Description column] [- D home directory absolute path] [- s shell] user account name
Options and parameters:
-U: followed by uid, a set of numbers. Directly specify a specific uid to this account;
-G: the following group name is the initial group we mentioned above
The GID of this group will be placed in the fourth field of / etc / passwd.
-G: the group name that follows is the group that the account can also join.
This option and parameter will modify the related data in / etc / group!
-M: compulsory! Do not create user home directory! (default value of system account)
-M: compulsory! To create user home directory! (default value of general account)
-C: This is the description in the fifth column of / etc / passwd
-D: specify a directory to be a home directory instead of using the default value. Be sure to use absolute path!
-R: create a system account with a limited uid (refer to / etc/ login.defs )
-S: followed by a shell. If not specified, the default is / bin / bash
-E: followed by a date in the format of “yyyy-mm-dd”. This item can be written into the eighth field of shadow,
That is, the configuration items of the account expiration date;
-F: it is followed by the seventh field of shadow to specify whether the password will be invalid. 0 means immediate failure,
– 1 is never invalid (the password will only expire and it is forced to be reconfigured at login. )
The code is as follows:
> useradd -u 800 -g 1001 -m -c test -d /root/test -s /sbin/nologin widuuweb
> grep widuuweb /etc/passwd
widuuweb:x:800:1001:test:/root/test:/sbin/nologin
Passwd change password
Passwd [- l] [- u] [– stdin] [- S] [- N days] [- X days] [- W days] [- I date] account < = = root function
Options and parameters:
–Stdin: the data from the previous pipeline can be used as password input, which is helpful for shell script!
-L: lock means to add! To the front of the second column of / etc / shadow to invalidate the password;
-U: opposite to – L, it means unlock!
-S: List password related parameters, that is, most of the information in the shadow file.
-N: followed by the number of days, the fourth field of shadow, how long can not modify the password days
-X: followed by the number of days, the fifth field of shadow, how long must the password be changed
-W: followed by days, field 6 of shadow, warning days before password expiration
-I: followed by “date”, field 7 of shadow, password expiration date
>Passwd – L Xiaowei ᦇ at this time, you can’t log in
>Passwd – U Xiaowei? Unlock and log in
>Passwd Xiaowei enter password change password
#Chage with the same function as passwd – S
Options and parameters:
-l: List the detailed password parameters of the account;
-d: After the date, modify the third field of shadow (the date of the last password change), format yyyy-mm-dd
-E: After the date, modify the eighth field of shadow (account expiration date), format yyyy-mm-dd
-1: After that, modify the seventh field of shadow (password expiration date)
-m: Next to the number of days, modify the fourth field of shadow (minimum password retention days)
-M: After that, modify the fifth field of shadow (how long does the password need to be changed)
-W: After that, modify the sixth field of shadow (warning date before password expiration)
Usermod modify user parameters
-C: followed by the account description, that is, the Description column in the fifth column of / etc / passwd, you can add some account descriptions.
-D: followed by the home directory of the account, that is, modify the sixth column of / etc / passwd;
-E: followed by date, the format is yyyy-mm-dd, which is the eighth field data in / etc / shadow!
-F: followed by the number of days, which is the seventh field of shadow.
-G: followed by the initial group, modify the fourth field of / etc / passwd, which is the GID field!
-G: next to the secondary group, modify the group that the user can support, and modify the / etc / group ~
-A: combined with – G, you can “add secondary group support” instead of “configuration”!
-L: followed by the account name. That is to change the account name, the first column of / etc / passwd!
-S: followed by the actual SHELL file, such as / bin / bash or / bin / CSH, etc.
-U: it’s followed by uid! That is the data in the third column of / etc / passwd;
-L: temporarily freeze the user’s password so that he can’t log in. In fact, only change the password bar of / etc / shadow.
-U: remove the! In the / etc / Shadow Password bar and unfreeze it!
The code is as follows:
xiaowei:x :1001:1001:nihao:/home/xiaowei:/bin/sh</p>
>su xiaowei
#Unable to sign in
Cannot execute /sbin/nologin: No such file or directory
Userdel delete user
The code is as follows:
id
I used it in the front
The code is as follows:
uid=1001(xiaowei) gid=1001(xiaowei) groups=1001(xiaowei),100(users)
Groupadd add add group
The code is as follows:
>groupadd widuuweb
> grep widuuweb /etc/group
#widuuweb:x:1003:
Groupmod modify group information
The code is as follows:
>groupmod -g 201 -n widuu xiaowei
Groupdel delete group
The code is as follows:
Gpasswd group management
Options and parameters:
: if there are no parameters, it means giving groupname a password (/ etc / gshadow)
-A: give the control of groupname to the subsequent user (the administrator of the group)
-M: add some accounts to this group!
-R: remove the password of groupname
-R: disable the password bar of groupname
The code is as follows:
>Gpasswd widuu # set password
>Gpasswd widuu xiaowei1 join group