Linux User and user group management command example, linux User Group

Linux User and user group management command example, linux User Group
Linux User and User Group Management

Linux is a multi-user multi-task time-sharing operating system. any user who wants to use system resources must first apply for an account from the system administrator and then enter the system as the account.

User Accounts can help system administrators track users who use the system and control their access to system resources. They can also help users organize files and provide security protection for users.

Each user account has a unique user name and password.

After you enter the correct user name and password during logon, you can access the system and your home directory.

To manage user accounts, you must do the following:

Add, delete, and modify user accounts. User Password Management. User Group Management. I. User Account Management in Linux

The management of user accounts mainly involves adding, modifying, and deleting user accounts.

To add a user account is to create a new account in the system, and allocate resources such as user numbers, user groups, home directories, and logon shells to the new account. The newly added account is locked and cannot be used.

1. Add a new user account and use the useradd command. The syntax is as follows:

Useradd option Username

Option

Option	Description
-C <remarks>	Add remarks. The remarks are saved in the remarks field of passwd;
-D <logon directory>	Specify the start directory when the user logs in;
-D	Change the default value;
-E <validity period>	The validity period of the specified account;
-F <buffer days>	Specifies how many days after the password expires to close the account;
-G <group>	The group to which the user belongs;
-G <group>	Specify the additional group to which the user belongs;
-M	Automatically create a user's logon directory;
-M	Do not automatically create user login directories;
-N	Cancel the creation of a group named by the user name;
-R	Create a system account;
-S \	Specifies the shell used after the user logs on;
-U \	Specify the user ID.

Instance 1

Userdel option Username

Option

Option	Description
-F	Force delete a user, even if the user is currently logged on;
-R	Delete all user-related files.

Note: Do not use the-r option easily. It will delete all files and directories of the user while deleting the user. Remember to back up important files in the user directory before deletion.

In fact, there is also the simplest way, but this method is a bit insecure, that is, you can directly Delete the user's records in/etc/passwd; but it is best not to do this, /etc/passwd is an extremely important file. You may accidentally make mistakes.

3. Modify an account

Modifying a user account is to change the user's attributes, such as the user ID, main directory, user group, and logon Shell.

Use the usermod command to modify existing user information. The format is as follows:

Usermod option Username

Option

Option	Description
-C <remarks>	Modify the remarks of a user account;
-D <logon directory>	Modify the user's logon directory;
-E <validity period>	Modifies the validity period of an account;
-F <buffer days>	If the password expires, the account will be closed for several days;
-G <group>	Modify the group to which the user belongs;
-G <group>: modifies the additional group to which the user belongs;
-L <Account Name>	Modify the user account name;
-L	Lock the user password to make the password invalid;
-S \	Modify the shell used after the user logs in;
-U \	Modify the user ID;
-U	Unlock the password.

Instance

Modify newuser's username to newuser1:

usermod -l newuser1 newuser

4. User Password Management

An important part of user management is the management of user passwords. A user account has no password when it was created, but is locked by the system and cannot be used. It can only be used after a password is specified, even if it is null.

The Shell command used to specify and modify the user password is passwd. Super Users can specify passwords for themselves and other users. Common users can only use them to modify their own passwords. Command Format:

Passwd option User Name

Option

Option	Description
-D	Delete the password, which can only be used by system administrators;
-F	Force Execution;
-K	The password can be updated only when it expires;
-L	Lock the password;
-S	List password-related information, which can only be used by system administrators;
-U	Unlock a locked account.

Instance

If a common user executes passwd, only the user's password can be changed. If you want to create a password for a new user after creating a new user, use the passwd user name. Be sure to create the password with the root user permission.

Groupadd option User Group

Option

Option	Description
-G	Id of the created workgroup;
-R	Create a system workgroup with a group ID less than 500;
-K	Overwrite the configuration file "/ect/login. defs ";
-O	You can add a workgroup with a unique ID.

Instance

Create a new group and set the group ID to the system:

groupadd -g 344 linuxde

In this case, a group ID (GID) of 344 is generated in the/etc/passwd file.

2. to delete an existing user group, run the groupdel command in the following format:

Groupdel User Group

Instance

# groupdel group1

This command deletes group group1.

3. Run The groupmod command to modify the attributes of a user group. The syntax is as follows:

Groupmod option User Group

Option

Option	Description
-G <group ID>	Set the group ID to be used;
-O	Reuse the group ID;
-N <New Group Name>	Set the name of the group to be used.

Instance 1:

＃ cat /etc/passwdroot:x:0:0:Superuser:/:daemon:x:1:1:System daemons:/etc:bin:x:2:2:Owner of system commands:/bin:sys:x:3:3:Owner of system files:/usr/sys:adm:x:4:4:System accounting:/usr/adm:uucp:x:5:5:UUCP administrator:/usr/lib/uucp:auth:x:7:21:Authentication administrator:/tcb/files/auth:cron:x:9:16:Cron daemon:/usr/spool/cron:listen:x:37:4:Network daemon:/usr/net/nls:lp:x:71:18:Printer administrator:/usr/spool/lp:sam:x:200:50:Sam san:/usr/sam:/bin/sh

From the above example, we can see that a row of records in/etc/passwd corresponds to a user, and each row of records is separated by a colon (:) into seven fields. Its format and meaning are as follows:

User name: Password: User ID: Group ID: annotation Description: main directory: logon Shell

1) "User Name" is a string representing the user account.

Generally, it cannot exceed 8 characters and may consist of uppercase/lowercase letters and/or numbers. The login name cannot contain a colon (:), because the colon is a separator here.

For the sake of compatibility, it is recommended that the login name do not contain periods (.), and do not use hyphens (-) or plus signs (+) to start.

2) The encrypted user password is stored in some systems.

Although this field only stores the encrypted string of the user's password, it is still a security risk because the/etc/passwd file can be read by all users. Therefore, many Linux systems (such as SVR4) now use the shadow technology to store the encrypted user password in the/etc/shadow file, in the/etc/passwd file, only one special character is stored in the password field, for example, "x" or "*".

3) The "User ID" is an integer used internally to identify users.

Generally, it corresponds to the user name one by one. If several user names correspond to the same user ID, the system regards them as the same user, but they can have different passwords, different home directories, and different logon shells.

Generally, the user ID number ranges from 0 ~ 65 535. 0 is the identification number of the Super User root, 1 ~ 99 is retained by the system and used as the management account. The identification number of a common user starts from 100. In Linux, this limit is 500.

4) the "Group ID" field records the user's user group.

It corresponds to a record in the/etc/group file.

5) The "annotation description" field records users' personal information.

For example, the user's real name, phone number, address, and so on, this field has no practical purpose. In different Linux systems, the format of this field is not uniform. In many Linux systems, this field stores any comments of the description text and is used as the output of the finger command.

6) "main directory", that is, the user's initial working directory.

It is the directory where the user logs on to the system. In most systems, the main directories of users are organized in the same specific directory, and the name of the main directories is the user's login name. Each user has the read, write, and execute (Search) permissions on his/her home directory. Other users have the permission to access this directory based on the actual situation.

7) after a user logs on, a process is started to pass user operations to the kernel. This process is a command interpreter or a specific program that the user logs on to the system and runs, that is, Shell.

Shell is the interface between users and Linux systems. There are many types of Linux Shell, each of which has different characteristics. Common examples include sh (Bourne Shell), csh (C Shell), ksh (Korn Shell), tcsh (TENEX/TOPS-20 type C Shell), and bash (Bourne Again Shell).

The system administrator can specify a Shell for the user based on the system conditions and user habits. If no Shell is specified, the system uses sh as the default logon Shell, that is, the value of this field is/bin/sh.

The user's logon Shell can also be specified as a specific program (this program is not a command interpreter ).

With this feature, we can restrict the user to run only the specified application. After the application is running, the user automatically exits the system. In some Linux systems, only programs registered in the system can appear in this field.

(8) one type of users in the system is called psuedo users ).

These users also have a record in the/etc/passwd file, but cannot log on because their logon Shell is empty. They are mainly used to facilitate system management and meet the file owner requirements of the corresponding system processes.

Common pseudo-users are as follows:

Pseudo User-Defined bin has executable USER command file sys has System File adm has account file uucp UUCP use lp or lpd subsystem use nobody NFS use

Owned account file

1. In addition to the pseudo outdoor applications listed above, there are also many standard pseudo users, such as audit, cron, mail, and usenet, they are also required for related processes and files.

Since the/etc/passwd file can be read by all users, if the user's password is too simple or regular, a common computer can easily crack it, therefore, Linux systems with high security requirements separate encrypted passwords and store them separately in a file. The file is a/etc/shadow file. A super user has the permission to read the file, which ensures the security of the user's password.

2. The record lines in/etc/shadow correspond one to one with those in/etc/passwd, which are automatically generated by the pwconv command based on the data in/etc/passwd.

Its file format is similar to/etc/passwd and consists of several fields separated. These fields are:

Login Name: encrypted password: last modification time: minimum interval: maximum interval: warning time: inactive time: expiration time: Flag

The "Login Name" is the same as the login name in the/etc/passwd file. The "password" Field of the user account stores the encrypted user password, which is 13 characters in length. If it is blank, the corresponding user has no password and no password is required for Logon. If it contains characters not in the {./0-9A-Za-z} collection, the corresponding user cannot log on. The "last modification time" indicates the number of days from a certain time point to the last password change. The start time may be different for different systems. For example, in SCO Linux, the start time is January 1, January 1, 1970. The "minimum interval" refers to the minimum number of days required between two password changes. The "maximum interval" indicates the maximum number of days for password persistence. The "warning time" field indicates the number of days from the system's warning of the user to the official expiration of the user's password. "No activity time" indicates the maximum number of days for a user to log on without logon activity but the account remains valid. The "expiration time" field shows an absolute number of days. If this field is used, the validity period of the corresponding account is given. After expiration, this account is no longer a legal account and cannot be used for logon.

The following is an example of/etc/shadow:

＃ cat /etc/shadowroot:Dnakfw28zf38w:8764:0:168:7:::daemon:*::0:0::::bin:*::0:0::::sys:*::0:0::::adm:*::0:0::::uucp:*::0:0::::nuucp:*::0:0::::auth:*::0:0::::cron:*::0:0::::listen:*::0:0::::lp:*::0:0::::sam:EkdiSECLWPdSa:9740:0:0::::

3. All user group information is stored in the/etc/group file.

Grouping users is a way to manage users and control access permissions in Linux.

Each user belongs to a user group. A group can contain multiple users, and a user can belong to different groups.

When a user is a member of multiple groups at the same time, the main group to which the user belongs is recorded in the/etc/passwd file, that is, the default group to which the user belongs during logon, other groups are called additional groups.

To access files in an additional group, you must first use the newgrp command to make yourself a member of the group to be accessed.

All user group information is stored in the/etc/group file. The format of this file is also similar to the/etc/passwd file. Several fields are separated by colons (:). These fields include:

Group Name: Password: Group ID: group user list

The group name is the name of the user group, which consists of letters or numbers. Same as the login name in/etc/passwd, the group name should not be repeated. The "password" field stores the encrypted password of the user group. Generally, users in Linux do not have a password, that is, this field is generally blank, or *. The "group ID" is similar to the user ID and is also an integer used to identify a group. The "group user list" is the list of all users in this group/B]. Different users are separated by commas. This user group may be the user's primary group or an additional group.

An example of the/etc/group file is as follows:

root::0:rootbin::2:root,binsys::3:root,uucpadm::4:root,admdaemon::5:root,daemonlp::7:root,lpusers::20:root,sam

4. Add batch users

Adding and Deleting Users is a breeze for every Linux system administrator. the tricky thing is that if you want to add dozens, hundreds, or even thousands of users, we are unlikely to add useradd one by one, so we must find a simple method to create a large number of users. Linux provides a tool to create a large number of users, allowing you to create a large number of users immediately, as follows:

(1) edit a text user file first.

Each column is written in the format of the/etc/passwd password file. Note that the user name, UID, and home directory of each user cannot be the same, the password column can be left blank or enter the x number. The content of user.txt in a sample file is as follows:

user001::600:100:user:/home/user001:/bin/bashuser002::601:100:user:/home/user002:/bin/bashuser003::602:100:user:/home/user003:/bin/bashuser004::603:100:user:/home/user004:/bin/bashuser005::604:100:user:/home/user005:/bin/bashuser006::605:100:user:/home/user006:/bin/bash

(2) run the command/usr/sbin/newusers as root to import data from the user.txt file of the created user and create the user:

User001: Password user002: Password user003: Password user004: Password user005: Password user006: Password

(5) run the command/usr/sbin/chpasswd as the root user.

Create a user password. chpasswd writes the password encoded by the/usr/bin/passwd command to the/etc/passwd password column.

# Chpasswd <passwd.txt # The chpasswd command is a tool used to update user passwords in batches. It is used to add the content of a file to/etc/shadow.

(6) confirm the password written to the/etc/passwd password column by encoding.

Run/usr/sbin/pwconv to encode the password as shadow password and write the result to/etc/shadow.

# Pwconv # The pwconv command is used to enable the user's projection password. The user and group passwords in Linux are stored in files named passwd and group respectively. These two files are located in the/etc directory. Anyone can read the system as needed, resulting in security flaws. The projection password changes the password in the file to the shadow and gshadow files in the/etc directory. Only the system administrator can read the password and replace it with the character "x, this effectively enhances system security.

In this way, a large number of users are created. Then, you can go to/home to check whether the permission settings of these users in the home directory are correct, and log on to verify that the user password is correct.