- On Linux there are 2 types of users:
- User system
- User user
- System user: used to execute necessary modules and scripts for the operating system.
- User users: are accounts for login using the operating system.
Among user accounts, the user root (super user) account is the most important:
- This account is automatically created when installing Linux.
- This account cannot be renamed or deleted.
- The root user is also called a super user because it has full rights on the system.
- Only work with the root user when trying to perform system administration, in other cases, should only work with normal users.
- Each user usually has the following characteristics:
- User account name is unique, can name lowercase, uppercase.
- Each user has a unique identifier (uid).
- Each user can belong to many groups.
- Super user account has uid = gid = 0.
1.1) File / etc / passwd
- A text file containing information about the user accounts on the machine.
- Any user can read this file, but only the root user can make changes.
- To view the file's content, use the command:
cat /etc/passwd
- The file structure consists of several rows, each of which is a user information. The first line of the file describes the information for the root user (with uid = 0), followed by other system accounts, and lastly the names of normal user accounts. Each row is divided into 7 columns separated by signs:
![](https://help.tino.org/wp-content/uploads/2019/10/yF07I26.png)
Meaning of columns in file:
- 1 - User name (login name)
- 2 - The group password is encrypted (because there is / etc / shadow file) so default here is x
- 3 - User ID (uid)
- 4 - Group ID (gid)
- 5 - Name describing the user (comment)
- 6 - User's home directory (usually / home / user_name)
- 7 - The shell type will work when the user logs in, usually / bin / bash
1.2) File / etc / shadow
- It is a text file containing information about the passwords of the user accounts stored on the computer.
- Only the root user can read this file.
- The root user has the right to reset the password of any user on the device.
- Each line in the file contains information about the user's password, the format of the row consists of columns, values, and commas are used to separate the columns.
![](https://help.tino.org/wp-content/uploads/2019/10/9N0aDM1.png)
Meaning of columns:
- 1 - User name, same as in / etc / passwd (login name)
- 2 - Password is encrypted
- Empty - no password
- * - account is suspended (disable)
- 3 - Number of days since the last time the password was changed (from 1/1/1970)
- 4 - Number of days before the password can be changed. Significant 0 values can be changed at any time.
- 5 - Number of days a password is valid. 99999 means that the password is valid indefinitely.
- 6 - Number of days to alert user before password expires
- 7 - Number of days after the password expires the account will be locked. Usually valid for 7 (1 week)
- 8 - Number of days since the account was locked (from 1/1/1970)
1.3) User management commands
1.3.1) useradd
- Is a command to create a user account.
useradd [options] [login_name]
- Options:
- -c: comment: create an alias
- -u: set user ID: default will get the next ID number to assign to the user (starting from 1000)
- -d: specify a home directory for the user
- -g: specify the primary group
- -G: specify a sub group (extended group)
- -s: specify shell for user to use
VD1:
Tạo user với tên Will và tên đầy đủ là Will Smiths :
useradd -c "Will Smiths" will
=> The created user will belong to the group will and the user's home directory / home / will be created automatically.
VD2:
Tạo user với tên justice và tên đầy đủ là Justice Smiths , user thuộc nhóm users và các nhóm wheel , sales :
useradd -g users -G wheel,sales -c "Justice Smiths" justice
1.3.2) passwd
- Is an order to set / change password for the user
passwd [login_name]
![](https://help.tino.org/wp-content/uploads/2019/10/TYEfRRE.png)
1.3.3) usermod
- Is the order to correct account information.
usermod [options] [login_name]
- Options:
- -c: comment: create aliases
- -d: change the home directory for the user
- -m: move content from old home directory to new home directory (only used with -d)
- -g: specify the primary group
- -G: specify a sub group (extended group)
- -s: specify shell for user to use
- -l: rename the account
- -L: lock the account
For example:
Đổi tên tài khoản will thành jaden ( Jaden Smiths ) với thư mục home của user là /home/jaden
usermod -l jaden -c "Jaden Smiths" -m -d /home/jaden will
1.3.4) userdel
- A command to delete a user account
userdel [options] [login_name]
- Options:
- -r: delete the user's home directory
- When deleting a user account using the userdel command, the corresponding description lines of the user in / etc / passwd and / etc / shadow are also deleted.
1.3.5) chage
- Used to set the policy for the user
chage [options] [login_name]
- Options:
- -l: view the policy of 1 user
- -E: set an expiration date for the account
- -I: set the date to be locked after password expires (the date format is YYYY-MM-DD)
- -m: set the minimum number of days allowed to change the password
- -M: set the maximum number of days allowed to change the password
- -W: set the number of days to alert before the password expires
VD1:
Xem policy của user :
chage -l jaden
![](https://help.tino.org/wp-content/uploads/2019/10/r8kFK64.png)
VD2:
Thiết lập policy cơ bản :
chage -E 2019-08-30 -m 5 -M 90 -I 30 -W 14 jaden
=> The above command will set the password to expire on April 30, 2019. Additionally, the minimum / maximum number of days between password changes is between 5 and 90. Accounts will be locked after 30 days after the expiration date, and a warning message will be sent out 14 days before the expiry of the password.
![](https://help.tino.org/wp-content/uploads/2019/10/w9cNWQx.png)
VD3:
Thiết lập tắt chính sách hết hạn mật khẩu :
chage -I -1 -m 0 -M 99999 -E -1 jaden
=> The above command will set "Password inactive" -> never (no password expiration) (parameter -1); the minimum / maximum number of days between password changes is infinite (0 -> 99999); Account never expires ("Account expires" -> never) (parameter -1) => THIS IS DEFAULT SETTING
VD4:
Thiết lập bắt buộc user đổi mật khẩu trong lần đầu đăng nhập :
chage -d 0 jaden
=> The above command will set "Last Password Change" to "Password must be changed" and user must change password at first login.
![](https://help.tino.org/wp-content/uploads/2019/10/Efghpbn.png)
![](https://help.tino.org/wp-content/uploads/2019/10/MDnOG46.png)
1.3.6) id
- View current user information.
![](https://help.tino.org/wp-content/uploads/2019/10/Ff82soj.png)
1.3.7) su
- Convert working user from terminal.
- The user root switches to other users without entering a password.
- If another user switches to the root user, then the password of the root user must be entered.
su -l [login_name]
![](https://help.tino.org/wp-content/uploads/2019/10/wTRBMzA.png)
2) Group Administration
- Group is a collection of many users.
- Each group has a unique name and a unique identifier (gid).
- When creating a user (not using the -g option), by default a group named user is created.
2.1) File / etc / group
- A text file containing information about groups on the computer.
- All users have the right to read this file, but only the root user has the right to change.
- Each file line contains information about a group on the machine, the format of the row includes many columns of values, the: is used to separate the columns.
![](https://help.tino.org/wp-content/uploads/2019/10/B0BCYZG.png)
- Meaning of columns:
- 1 - Group name
- 2 - The group password is encrypted (because there is / etc / gshadow file) so default here is x
- 3 - Group code (gid)
- 4 - List of users in the group
2.2) File / etc / gshadow
- Contains group password information.
![](https://help.tino.org/wp-content/uploads/2019/10/Vt6E9jd.png)
- Meaning of columns:
- 1 - Group name
- 2 - The group password has been encrypted
- Empty - no password
- 3 - List of users with admin rights on this group
- 4 - List of users in the group
2.3) Group management commands
2.3.1) groupadd
- Is the command to create a group.
groupadd [options] [group_name]
- Options:
- -g [gid] : group definition with group code (gid) -g [gid] : group definition with group code (gid)
2.3.2) gpasswd
- Create a password for the group.
gpasswd [group_name]
2.3.3) groupmod
- Is the command to edit group information.
groupmod [options] [group_name]
- Options:
- -g [gid] : edit group code (gid)
- -n [group_name] : edit the group name
2.3.4) groupdel
- Use to delete a group.
groupdel [group_name]
Change the default parameters
- When using the useradd or groupadd command, if we do not list all the necessary parameters, the system will take the default value has been defined.
- We can change the definition of these values in the following files:
- /etc/login.defs: file contains default parameters when creating a user or creating a group.
![](https://help.tino.org/wp-content/uploads/2019/10/eXfWfkP.png)
- / etc / skel /: all files and subdirectories in these will be copied to the home directory of the newly created user.
![](https://help.tino.org/wp-content/uploads/2019/10/XmDQICQ.png)
0 Comments