There are two types of Linux user groups: 1. Basic group (private group); when creating an account, if the group to which the account belongs is not specified, the system will create a group with the same name as the user , this group is the basic group. 2. Additional groups (public groups) can accommodate multiple users, and users in the group have the rights owned by the group.
1. Users under Linux can be divided into 3 categories
Super user - the user name is root, which has all permissions. You can log in as a super user only for system maintenance (for example: creating users, etc.) or other necessary circumstances to avoid system security problems.
The user necessary for the normal operation of the Linux system is the pseudo user (system user). It is mainly established to meet the requirements of the corresponding system processes for file owners, such as bin, daemon, adm, lp and other users. System users cannot be used to log in.
Ordinary user - is established to allow users to use Linux system resources. Most of our users fall into this category.
2. There are two types of groups in Linux:
Basic group ( private group ) : When creating an account, if the group to which the account belongs is not specified, the system will create a group with the same name as the user name. This group is the basic group.
Additional Group ( public group ) : Can accommodate multiple users, and users in the group have the rights owned by the group.
3. Configuration files of user groups and users in Linux
In Linux, user accounts, passwords, user group information, and users Group passwords are stored in different configuration files.
(1) User account file——/etc/passwd
passwd is a text file used to define user accounts of the system, since all users have passwd has read permission, so only user accounts are defined in this file, and passwords are not saved.
# Each line defines a user account information, each line consists of 7 It consists of fields, and the fields are separated by ":" separated by:
Account Name : password :UID:GID: personal information : Main directory :Shell
/etc/passwd Field description in the file
Account name: User login Linux The name used by the system.
Password: This was where passwords were previously saved in encrypted format, now passwords are saved in /etc/shadow file, here is just the password holder "x" or "*" . If "x" , indicating that the password has passed shadow protection of.
UID : The user's identifier is a numerical value, which is used to distinguish different users. Each user has a UID Value:
of super user UID——0
System user’s UID——1 ~ 999
for ordinary users UID—— ≥ 1000
GID : The identifier of the basic group where the user is located is a numerical value, which is used to distinguish different groups. The same group has the same GID .
Personal information: You can record the user’s complete name, address, office phone number, home phone number and other personal information.
Home directory: similar Windows 's personal directory, usually /home/username ,here username is the username, user executes "cd ~ " command, the current directory will be switched to the personal home directory.
Shell : Define what is activated after the user logs in Shell , the default is Bash Shell
(2) User password file——/etc/shadow
#Each line A user information is defined. Each field in the row is separated by ":". The format is as follows:
Login name: Encrypted password: Last modification time: Minimum time interval: Maximum time interval: Warning time: No Active Time:Expiration Time:Flag The meanings of the 9 fields in each line of the
/etc/shadow file arefields
Login name: Login name
Encrypted password: Password encrypted using SHA-512/SHA-256/MD5 algorithm ($id$, id is 1 for md5, 5 for sha256, 6 for sha512), if it is empty, Indicates that the user can log in without a password. If it is "*", it means that the account cannot be used to log in to the system. If it is "!", it means that the account password has been locked.
Last modification Time: The date when the password was last changed, expressed as the number of days from January 1, 1970
Minimum time interval: How many days the password cannot be changed. The default value is 0, which means there is no limit.
Maximum time interval: how many days after which the password must be changed. The default value is 99999, which means no restriction.
Warning time: how many days in advance to warn the user that the password will expire. The default value is 7 days, 0 means no warning is provided
Inactivity time: How many days after the password expires to disable this user
Expiration time: Password expiration date, expressed in days from January 1, 1970, the default is Empty, means permanently available. Flag: reserved for future development.
View the date when the user last modified the root password
(3) User group account file -/etc/group
Each group in the system has a line record in the /etc/group file, and any user can Read the user group account information configuration file.
Field description
Groupname: The name of the group
Passwd: The encrypted password of the group
GID: It is the ID that the system uses to distinguish different groups. The GID field in the /etc/passwd domain uses this number to specify the user's basic group.
Userlist: It is the user name separated by ",", and the listed members have this group as an additional group.
Assignment:
1. Create user lockuser, and specify the home directory as /home/lock, and then lock the user
2. Unlock lockuser and set the password to be changed the next time you log in.
3. Create user testuser and set password , change the user name to normaluser
4. Create a file, query the acl of the file, set acl for the file. The user is testuser1 and the permission is rwx. Set the acl mask: permission for the file. For r-x
5, set suid, set suid for the file (two ways u s and nnnn)
6. Set sgid, the way to set sgid for files (two ways g s and nnnn)
7. Set sbit, the way to set sbit for directories (two ways o t and nnnn)
Through several examples using the Linux command line, I will show you step by step how to add users to the user group on Linux. Add users to user groups and how to add users and groups on Linux. These commands should work on any Linux distribution and have been tested on CentOS, Debian, and Ubuntu.
Add a new user to the user group
A Linux user can have a primary group and one or more secondary groups. These groups can be used as arguments to theadduser
command when creating a user.
All commands must be executed as theroot
user. On Ubuntu, prepend all commands withsudo
, or runsudo -s
to switch to theroot
user.
Add user groups
As a first step, I will add two new user groups,family
andfriends
:
groupadd family groupadd friends
Add a new user to a single user group
Below I will add a new usertom
and also add the user to the user group Groupfamily
. Thefamily
user group will be added as a subordinate group using the-G
parameter.
useradd -G family tom
Add new user to multiple user groups
tom
is now a user in thefamily
user group. Parameter-G
allows specifying multiple user groups, separated by commas between each user group. If you want to add usertom
to thefamily
andfriends
user groups, use the following command:
useradd -G family,friends tom
Set User Password
Please note that new Linux usertom
does not have a password yet, so cannot log in. To set the password for this user, you can execute the following command:
passwd tom
and enter the new password twice when the command requests it.
In the above example, we added usertom
to the secondary group. Theadduser
command automatically created a new primary group and assigned the group Main group.
Username: tom
Main group: tom
Affiliated group: family (or Use the second case to add two subsidiary groups, family and friends)
Set a new main group
Maybe you want to add ## When using #tom, set the main group to
family(instead of the
tomuser group created by default), and the subsidiary group to
friends, you can use this Command:
mancommand to get a detailed description of all command line options of the
useraddcommand:
Add an existing user to the user group
usermodcommand.
usermodThe command can modify various options of the user, including the user's group membership.
colleagues:
usingusermod
colleaguesuser group as an affiliate group to the user
tom:
-ameans
append, which can only be used in combination with the
-Goption (affiliated group). So in the end we added the
tomuser to the
colleaguesuser group, which is an affiliated group of the user.
如果想要修改tom
用户的主组为family
,可以使用命令:
usermod -g family tom
使用man
命令可以获取usermod
命令的所有命令行选项的详细说明:
man usermod
File function | File name |
##User account file | /etc/passwd
|
/etc/shadow | |
/etc/gruoup | |
/etc/gshadow |
The above is the detailed content of What are the types of linux user groups?. For more information, please follow other related articles on the PHP Chinese website!