User

  • Each user in the system has a unique user identifier (UID).

(UID 0 is the identifier of user root.)

  • All user names and user identifiers are stored in the /etc/passwd file.

  • The passwd file also contains the home directory of each user, as well as the first program that the user executes after logging in (usually a shell, or bash by default on many Linux systems).

  • You cannot read, write, or execute other users’ files without corresponding permissions.

  • Passwd file: /etc/passwd User information Database: stores user information

Exp: x: 500:500: Example_User: /home/exp: /bin/bash User name: Password No: UID (user ID) : GID (owning group ID) : Comment Information: Home directory: The first program to be executed after startupCopy the code

About the second field: if it is x, the user must use a password to log in to Linux. If it is empty, the user does not need to provide a password to log in to Linux.

  • Shadow file:/etc/shadowUser password database: store user passwords

⚠️ Common users are not allowed to access /etc/shadow

The contents of the/etc/shadow: um participant | exp: $1 $wg... W4:14561:9999-7:0:9: : | user name: password: : : : : :Copy the code

About the second field: The second column is the password, which is encrypted by the MD5 encryption algorithm.

  • If the column begins with $1$, the user has set a password. (including manually removing the “x” from passwd to allow you to log in without a password)

  • If the column starts with!! Start indicates that the user has not set a password. (Passwd -s shows Password locked. The user cannot log in.)

The user action

su: Switching users

$su [-] Specifies the user nameCopy the code

  • – + – to restart shell, reload $PATH (environment variable), PWD switch to user name $HOME (HOME directory); If no, the environment variable (directory for retrieving commands) and PWD remain unchanged

  • User name: This parameter is optional. The default value is root

[me@Example~]$su - root Password: [root@Example~]# whoami root [root@Example~]# exit logout [me@Example~]$whoami meCopy the code

passwd: Change password

1 retail ️ Ordinary users:

$passwd Changes the password of the current userCopy the code

Press enter several more times to cancel the exit

The password of root “too short” can also be reentered successfully

2 ⃣ ️ root:

# passwd username Change the password of a user # passwd -s username Check the password statusCopy the code

Create or delete a user

  1. Useradd: Creates a user.# useradd new_user_name
[root@CDFMLR ~]# **useradd** newone [root@CDFMLR ~]# passwd -s newone newone LK [2018-08-180 99999-1]() (password has been locked.) [root@CDFMLR ~]# passwd newone Changes the password of user newone. New password: # Try to type a weak password invalid password: oversimplification/systematization # Prompt password is too simple but does not prevent re-entering a new password: # Still enter that weak password and it will work because it is root passwd: all authentication tokens have been successfully updated. If you are a common user, the weak password cannot be entered. [root@CDFMLR ~]# passwd -s newone newone PS [2018-08-180 999997-1]() (the password has been set, using SHA512 encryption.Copy the code
  1. Userdel: Deletes a user:userdel [-r] [-f] user_name
  • -r: Deletes the user’s home directory
    • There is no-rThe home directory will not be deleted
  • -f: Forcibly delete the system, even if the user is logged in. This option is dangerous and can cause the system to enter an inconsistent state
[root@Example ~]# userdel -r newone userdel: [root@Example ~]# userdel-fr newone # delete userdel with -f currently used by process 3848: User newone is currently used by process 3848 currently, the user is currently logged in, and the command itself has been successfully deleted. Cannot be login again after log out -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [newone @ Example ~] $# exit out of the user logout -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- / root @ Example ~ # userdel -r Userdel: user 'newone' does not exist [root@Example ~]# ls /home c lost+found # Home directory has been deleted by -rCopy the code

Reference:

www.linuxidc.com/Linux/2016-…

Group

  • Linux Group features:

  • In Linux, each user must belong to at least one group, and each group has a group identifier (GID).

  • All groups and their corresponding Gids are stored in the /etc/group file.

  • When creating a user, the Linux system creates a group with the same name for each user and adds the user to the group. That is, each user can join at least one group with the same name and can also join other groups. The purpose of joining another group is to gain proper access to a particular resource.

  • If a file belongs to a group, all users in that group can access the file.

The group file

/etc/group Stores group information. Sample content:

Foobar: x: 503: foo,bar Group name: password No: gid: group memberCopy the code

The second field x indicates that this group must use a password to log in to Linux.

Gshadow file

/etc/gshadow stores group information.

⚠️ Common users are not allowed to access /etc/gshadow

# more /etc/gshadow root:::root # In gshadow, each group takes a line. Bin ::root,bin,daemon...... foo:! :: bar:! :: Group name: Encrypted password ::Copy the code