Linux user management day5

1. Basic user overview

1.1 what are users

Users refer to users who can log in to Linux or windows systems normally, or games, qq, wechat, etc

1.2 why users are required

Each process of the system needs a specific user to run the program;
We usually use ordinary user management server in the company, because the root user has too much authority, which is easy to cause failure;

What categories do users have

The system has an agreement for users. Generally, we abide by it (or not)

User UID	Meaning agreed in the system
0	Super administrator, highest authority
1-200	System user, used to run the system's own process. It is created by default
201-999	System users are used to run programs installed by users, so such users log in to the system disorderly
1000+	Ordinary users, who can log in to the system normally, have relatively small permissions and can perform limited tasks

1.3 id query user IDxxi

Use the id command to query the currently logged in user information

1.4 user related configuration files

When we create a new user, the system will store the user's information in / etc/passwd, while the password is stored separately in / etc/shadow. These two files are very important and should not be deleted or changed easily.

1.4.1 passwd file

/The explanation of the etc/passwd configuration file is shown in the figure below. Use the command man 5 shadow to get help

1.4.2 shadow file

/The explanation of the etc/shadow configuration file is shown in the figure below. Use the command man 5 shadow to get help

2. User related commands

2.1 add user command useradd

If you want to add ordinary users of the system, you can use the useradd command. After logging in with the root account, you can add ordinary users.

option	Function description
-u	Specifies the UID of the user to be created. Conflicts are not allowed
-g	Specify the base group to create the user
-G	Specify that you want to create user additional groups, separated by commas. You can add multiple additional groups
-s	Specify the bash shell to create the user
-c	Specify the user comment information to create
-M	Do not create home directory for users created
-r	Create system account, default home directory

2.1.1.1 add user example 1

. Create shunge user
. The basic group is klc and the additional group is bbc
. The comment information is 10000 yqyqy, log in to shell: / bin/bash``

[root@localhost ~]# groupadd klc
[root@localhost ~]# groupadd bbc
[root@localhost ~]# useradd -g klc -G bbc -c "10000 yqyqy" -s /bin/bash shunge
[root@localhost ~]# id shunge
uid=6971(shunge) gid=6974(klc) group=6974(klc),6975(bbc)

2.1.2 add user example 2

. Create a mmm system user [201-999]
. The user does not need a home directory
. The user does not need to log in

[root@localhost ~]# useradd -r mmm -M -s /sbin/nologin 
[root@localhost ~]# passwd mmm
 Change user mmm Your password.
New password:
Invalid password: password is less than 8 characters
 Re enter the new password:
passwd: All authentication tokens have been successfully updated.
[root@localhost ~]# id mmm
uid=997(mmm) gid=995(mmm) group=995(mmm)

/bin/bash can log in to the system
/sbin/nologin cannot log in to the system
Then we use the mmm user to log in to the xshell, which shows that we can't log in

2.2 modify user usermod

We can also log in as root user and use the usermod command to modify ordinary users of Linux system

option	Function description
-u	Specifies the UID of the modified user
-g	Specify the user base group to modify
-G	Specify the user attachment group to modify. Separate multiple attachment groups with commas to overwrite the original attachment group
-a	Must be used with - G to append to some groups
-d	Specify the user home directory to modify
-s	Specify the user comment information to modify
-l	Specify the login name of the user to modify
-L	Specify the user to lock
-U	Specify the user to unlock

2.2.1 modify user example 1

. Modify shunge user
. uid is 5008
. The basic group is network, and the additional groups are sa, sb and sc
. The comment information is new and the login name is new_shunge

[root@localhost ~]# usermod  shunge -u 5008 -g network -aG sa,sb,sc -c "new" -l new_shunge
[root@localhost ~]# id new_shunge
uid=5008(new_shunge) gid=6971(network) group=6971(network),6972(sa),6975(bbc),6976(sb),6977(sc)

2.2.2 modify user example 2

. Modify user new_shunge user
. Is new_shunge configure password
. Unlock the user and log in remotely again

# Set password and lock user
[root@localhost ~]# echo "123" |passwd --stdin new_shunge
 Change user new_shunge Your password.
passwd: All authentication tokens have been successfully updated.
[root@localhost ~]# usermod -L new_shunge

# Unlock user
[root@localhost ~]# usermod -U new_shunge

2.3 delete user userdel

If you want to delete users, you can also log in as root to delete ordinary users of the system

2.2.1 delete user example

. Delete new_shunge
. Delete with home directory (- r)

[root@localhost ~]# userdel -r new_shunge

2.2.1 delete user example 2

. Previously created useless users in the batch system
. Extract useless user names using awk
. Delete user's command using sed splice
. Call the userdel command and delete it together with the home directory

#Create some users in batch first
[root@localhost ~]# cat chuangjian.sh 
#!/bin/bash
for i in {1..100}
do
	useradd shunge-$i
	echo "shunge-$i is create ok"
done

[root@localhost ~]# awk -F ':' '$3>1000{print $1}' /etc/passwd |sed -r 's#(.*)#userdel -r \1#g' |bash
#First, use awk to remove ordinary users with uid greater than 1000 in the third column, print their names, then use sed to add a delete command before them, and then hand it over to bash for execution

2.4 setting password passwd

After creating a user, if you need to log in to the system remotely, you need to set a password for the user, and set the password to use passwd
. Ordinary users can only change their own passwords and cannot change others' passwords, and the password length must be 8 characters
. The administrator (root) user is allowed to change anyone's password, no matter how long or short the password is

2.4.2 interactive password setting

. Setting passwords for users interactively

[root@localhost ~]# passwd           #Change password for current user

[root@localhost ~]# passwd root           #Change password for root user

[root@localhost ~]# passwd shunge           #Change the password for shunge users. Ordinary users can only change the password for themselves

2.4.2 non interactive password setting

Set simple password through non interaction

[root@localhost ~]# echo ""123" |passwd --stdin shunge

Non interactive setting random password

root@localhost ~]#  echo $(mkpasswd -l 10 -d -2 -c 2 -c 2 -s 4) |tee pass.txt |passwd --stdin new_shunge

#!/bin/bash
for i in s1 s2 s3
do
        pass=$(mkpasswd -l 10 -d 2 -c 2 -C 2 -s 4)
        useradd $i
        echo "$pass" | passwd --stdin $i &> /dev/nell
        echo "user: $i pass: $pass" 
        echo "user: $i pass: $pass" >> user_pass.txt
done

[root@localhost ~]# sh /useradd_new.sh 
user: s1 pass: .kXN#9q'4"
user: s2 pass: LP:a47d!}#
user: s3 pass: =9f-"eW:5Y
#Displays the randomly generated password and user name

2.5 system user creation process

. When creating a user, the system will refer to the following two configuration files:
/etc/login.defs
/etc/default/useradd
If a parameter is specified when creating a user, the system default configuration will be overwritten. If no parameter is specified, the user will be established according to the default configuration;

2.5.1 /etc/login.defs

/etc/login.defs mainly defines user UID division rules, password encryption type, whether to create home directory, etc;

[root@localhost ~]# grep -Ev "^#|^$" /etc/login.defs 
MAIL_DIR	/var/spool/mail
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7
UID_MIN                  1000
UID_MAX                 60000
SYS_UID_MIN               201
SYS_UID_MAX               999
GID_MIN                  1000
GID_MAX                 60000
SYS_GID_MIN               201
SYS_GID_MAX               999
CREATE_HOME	yes
UMASK           077
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

2.5.2 /etc/default/useradd

/Main definitions of / etc/default/useradd
Create home directory location;
shell type of default user;
The default location from which to copy environment variables;
Whether to create a mailbox with the same user name, etc

[root@localhost ~]# grep -Ev "^#|^$" /etc/login.defs 
MAIL_DIR	/var/spool/mail
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7
UID_MIN                  1000
UID_MAX                 60000
SYS_UID_MIN               201
SYS_UID_MAX               999
GID_MIN                  1000
GID_MAX                 60000
SYS_GID_MIN               201
SYS_GID_MAX               999
CREATE_HOME	yes
UMASK           077
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

2.5.3 loss cases of user environment variables

When we accidentally execute rm -rf in the current user's home directory, * and log in to the system again, we will find that the command prompt changes to - bash-4.1 $because we delete the current user's environment variables. We can restore it through the following steps

-bash-4.2$ cp -a /etc/skel/.bash* ./
-bash-4.2$ exit

By default, linux creates a user and copies the corresponding environment variables from the / etc/skel directory, which are defined by the / etc/defaults/useradd configuration file. Therefore, you only need to copy the corresponding environment variables from this directory to recover the fault

3. Basic overview of user group

3.1 what is a user group

. Group is a logical definition
. Logically, it is to summarize multiple users into a group. When we operate on a group, it is actually equivalent to operating all users in the group

Keywords: Linux

Added by cbrknight on Wed, 19 Jan 2022 07:44:17 +0200

Programming VIP