Linux User Management

User Management Add Users

Useradd or AddUser. Actually AddUser is a soft connection of useradd. Take Useradd as an example, with the usage of useradd [option] USERNAME

[email protected] ~]# ll ' which AddUser ' lrwxrwxrwx. 1 root root 7 May  14:21/usr/sbin/adduser-Useradd

-u Specifies the UID of the newly added user, but as a rule, the UID of the ordinary user must be greater than 499 and cannot be duplicated with the existing UID.

[Email protected] ~]# useradd-u 1010 user1[[email protected] ~]# tail-1/etc/passwduser1:x:1010:1010::/home/user1:/bin /bash

-g Specifies the base group for the newly added user, which can also be used to indicate the base group with the group name (you can use the ID command to view the user information)

[[email protected] ~]# useradd-g root user2[[email protected] ~]# ID user2uid=1011 (user2) gid=0 (root) group =0 (Root)

-g Specifies additional groups for newly added users, additional groups can have multiple, and multiple additional groups are separated by commas.

[[email protected] ~]# useradd-g user1,root user3[[email protected] ~]# ID user3uid=1012 (user3) gid=1012 (user3) group =1012 (US ER3), 0 (Root), 1010 (user1)

-d Specifies the home directory for newly added users, which is the directory with the same name as the user name under/House, by default.

-M does not create a home directory for new users.

-s Specifies the default shell for newly added users. (There is a nologin shell in the system that can prohibit an account from logging in)

[[email protected] ~]# useradd-s/sbin/nologin user4[[email protected] ~]# su user4this account was currently not availabl E.

You can use the Echo $SHELL to view the SHELL of the current user

-R Add a new user as a system user, the UID of the system user is between 1-499, generally cannot log in, no home directory.

Note: The command adds some default parameters for the user (such as the user's default shell) in the/etc/default/useradd file.

View user Information

Use the ID command to view the user information, usage: ID [option] [USERNAME], the default user is the current user when the user name is not specified.

-U View UID

-G view GID for basic group

-G view gio for all groups

-N is used in combination with the above options for displaying names instead of ID numbers

[[email protected] ~]# id-u user11010[[email protected] ~]# id-un user1user1[[email protected] ~]# id-g user31012 0 101 0[[email protected] ~]# id-gn User3user3 Root user1

Finger command can also view user-related information

[email protected] ~]# finger user1login:user1                      name:directory:/home/user1                  Shell:/bin/bashnever logged in. No Mail. No Plan.

Delete User

Use the Userdel command to remove users, but it is worth noting that the Userdel command does not delete the user's home directory by default.

Userdel usage: userdel [option] USERNAME

-R Deletes the user's home directory at the same time.

[Email protected] ~]# ls/homeboost  compute easydrcom libpcap lost+found user1  user2  User3  user4[[email protected] ~]# userdel User1userdel: Group "user1" is not removed because it contains other members. [Email protected] ~]# userdel-r user2[[email protected] ~]# ls/homeboost  compute  easydrcom  libpcap  lost+found  user1  user3  user4

Fix the user information

Use Usermod to modify the user's account information, using the same useradd. The concrete examples are as follows:

[[email protected] ~]# ID user3uid=1012 (user3) gid=1012 (user3) group =1012 (User3), 0 (Root), 1010 (user1) [[email protected] ~]# Usermod-u 505 User3[[email protected] ~]# ID user3uid=505 (user3) gid=1012 (user3) group =1012 (User3), 0 (Root), 1010 (user1) [[ Email protected] ~]# finger user3login:user3                      name:directory:/home/user3                  Shell:/bin/bashnever logged in. No Mail. No Plan. [Email protected] ~]# usermod-g 0-s/bin/tcsh user3 #这里该的基本组必须事先存在 [[email protected] ~]#!idid user3uid=505 (user3) gid= 0 (Root) group =0 (Root), 1010 (user1) [[email protected] ~]#!fingfinger user3login:user3                      name:directory:/home/user3                  Shell:/bin/tcshnever logged in. No Mail. No Plan.

The-l parameter is used to modify the user name

[[email protected] ~]# usermod-l U3 user3[[email protected] ~]# ID u3uid=505 (U3) gid=0 (root) group =0 (Root), 1010 (user1)

Note: If you use-G to modify additional groups for the user, the existing additional groups are overwritten by default, and if you only want to append new additional groups you can use-ag where a is appended. When using the-D to modify the user's home directory, it is best to use the "-M", which means to modify the home directory at the same time the original home directory files copied to the destination home directory.

You can also use the CHSH (change shell) command to modify the user's login shell. Its usage is CHSH USERNAME

You can use PWCK to check the integrity of your user account.

Modify User Password

Use the passwd command to modify the user's password, usage: passwd [USERNAME]

For a normal user, you can only use the passwd command to modify your password. For administrators, not only can you use passwd to modify your password, but you can also use the passwd USERNAME command to modify someone else's password.

passwd can use the--stdin parameter to indicate that a password is obtained from standard input.

[[email protected] ~]# passwd user3 change user user3 password. New Password: invalid password: password not checked by dictionary-simplistic/systematic re-entry of new password: passwd: All authentication tokens have been successfully updated. [Email protected] ~]# echo "123456789" | passwd user3--stdin Change the password for the user User3. PASSWD: All the authentication tokens have been successfully updated.

The-d parameter can remove the user's password.

Creation of group management groups

Group creation using the Groupadd command, you can use-G to specify gid,-r to indicate that the reorganization is a system group. Similar to Useradd, the following usage of the action commands for groups can refer to the use of commands for user actions.

Group Information Modification

The GROUPMOD command modifies group information,-G modifies gid,-n to modify the group name.

Deletion of groups

Groupdel command to delete a group

Group Add password

Use the GPASSWD command to modify the group password. The group password is primarily used to temporarily change the group to which the user belongs.

For example, in the following code, the User3 user temporarily used the USER4 group to create a b.txt file

[[email protected] ~]# usermod-l user3 u3[[email protected] ~]# gpasswd user4 Modifying the password for the USER4 group New password: Please re-enter the new password: [[ Email protected] ~]# Su-user3 last Login: 57 months 06:29:18 CST 2017pts/1 on [[email protected] ~]$ Touch A.TXT[[EMAIL&N Bsp;protected] ~]$ iduid=505 (User3) gid=0 (root) group =0 (Root), 1010 (User1) environment =unconfined_u:unconfined_r:unconfined_t: S0-s0:c0.c1023[[email protected] ~]$ ll total dosage 0-rw-r--r--. 1 user3 root 0 July 06:30 a.txt[[email protected] ~]$ newgrp user4 password: [[email protected] ~]$ Touch b.txt[[email  protected] ~]$ iduid=505 (user3) gid=1013 (user4) group =1013 (USER4), 0 (Root), 1010 (User1) Environment =unconfined_u:unconfined_ R:unconfined_t:s0-s0:c0.c1023[[email protected] ~]$ ll total dosage 0-rw-r--r--. 1 user3 root 0 July 06:30 a.txt-rw-r--r--. 1 user3 user4 0 July 06:31 b.txt[[email protected] ~]$ exitexit[[email protected] ~]$ iduid=505 (user3) gid=0 (r oot) group =0 (Root), 1010 (user1) environment =unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023[[email protected] ~]$ exitlogout[[email protected] ~]# 

Note: The above newgrp is used to temporarily switch the base group and use the Exit command when the temporary group is exhausted to exit.

Usermod Example – Adding an existing user to an existing user group¶

Add an existing user Cnzhx to an existing user group Apache, which makes this user an additional user group for that user, and can use instructions with the-a parameter usermod . -A represents append, which means that users are added to the new user group without having to leave the original other user group. However, you need to use the-G option with:

# USERMOD-A-G Apache CNZHX

If you want to change the CNZHX Primary user group to Apache at the same time, use the-G option directly:

# usermod-g Apache Cnzhx

If you want to remove a user from a group,

gpasswd-d User Group

But this time you need to make sure that group is not the user's primary group.

Create a user manually

This section needs to know several configuration files for Linux save users.

/etc/passwd--Account File

/etc/shadow--Password file

/etc/group--Group Information file

/etc/gshadow--Group Password file

/etc/skel--backup files for user default home directory

[Email protected] demo]# tail-1/etc/passwduser3:x:505:0::/home/user3:/bin/tcsh

The configuration rules in the passwd file are as follows:

User name: Password placeholder: User id: Group ID: General Information: Home directory: Default login Shell

[Email protected] demo]# tail-1/etc/passwduser3:x:505:0::/home/user3:/bin/tcsh

The configuration rules for the shadow file are as follows:

Account

Encrypted password, note the first three characters &6& the encryption method that represents the password, will be used later.

The date of the last password change, which is the number of days from January 1, 1970 to the last password modification, 0 indicates the user needs to change the password the next time login, blank indicates that the Password age feature is disabled.

Password minimum age, 0 or blank indicates no minimum age.

Password maximum age, blank indicates no password maximum age. Passwords exceeding the maximum age of the password will enter the password warning period.

The password warning period, which prompts the user to modify the password, 0 or blank indicates that no password warning period is exceeded, and the password is disabled for the time period of the password warning.

Password Disable period, this phase will force the user to change the password, without modification will not be able to log in. Blank indicates that there is no period of disabling, exceeding the expiration period of the account.

The account expiration period, after the account expires, the account will not be able to log in, this bit and the above password to disable the period is different, the password disabled period exceeds after the user can only change the password after the login, and the account expiration will never be able to log in, unless the administrator unlocks.

Reserved bit, this field remains unused.

The configuration rules for the group file are as follows:

[Email protected] demo]# tail-1/etc/groupuser4:x:1013:

Group name: Password placeholder: Group ID: Group user with this group as an additional group

With these basics in hand, you will now officially start adding users manually

To add an account first:

[[email protected] demo]# echo "User5:x:5000:5000::/home/user5:/bin/bash" >>/etc/passwd[[email protected] Demo] # TAIL-1! $tail-1/etc/passwduser5:x:5000:5000::/home/user5:/bin/bash

Add account password (different Linux distribution system uses different password encryption method, the way to view the encryption method is shown in the red font above, on my computer for 6th number encryption means SHA-512 encryption):

So far I have not found the encryption tool that can encrypt sha512 (with salt), so I wrote an encryption program with C.

#define _xopen_source#include <unistd.h> #include <stdio.h> #include <string.h>int main () {        Char SALT[20]={0};        Char key[100]={0};        Char tmp[20];        int id;        int length=0;        printf ("Please choose the Encrypt algorithm:\n");        printf ("1:md5\n" "5:sha-256\n" "               6:sha-512\n");        scanf ("%d", &id);        Salt[0]= ' $ ';        Salt[2]= ' $ ';        salt[1]=id+ ' 0 ';        printf ("Please input salt (no more than 8 characters):");        scanf ("%s", TMP);        Length=strlen (TMP);        strcpy (SALT+3, TMP);        Salt[3+length]= ' $ ';        printf ("Please input the key:");        scanf ("%s", key);        printf ("%s\n", Crypt (key, salt));        return 0;}

Compile command:

[Email protected] demo]# gcc encrypt.c-o encrypt-lcrypt

Note: The above encrypt.c is the source file, encrypt is the output program,-lcrypt is used for the encryption library.

Now you can use this program to generate a password.

[Email protected] demo]#/encrypt Choose the Encrypt algorithm:: md5:sha-256:sha-512please input Salt (no more t Han 8 characters): 1234abcdplease input the key:password$6$1234abcd$rq0et4pxyf990f./ ljncinztanef5mw0gsa0ftwdykzeviukdnf9bm/pallngusv91l/9bwbkfbqm4os8cmyk/

Here we use our own encryption tool to generate a salt of 1234ABCD, the password is password with SHA-512 encrypted encryption password $6$1234abcd$rq0et4pxyf990f./ ljncinztanef5mw0gsa0ftwdykzeviukdnf9bm/pallngusv91l/9bwbkfbqm4os8cmyk/.

[Email protected] demo]# echo ' user5:$6$1234abcd$rq0et4pxyf990f./ljncinztanef5mw0gsa0ftwdykzeviukdnf9bm/ Pallngusv91l/9bwbkfbqm4os8cmyk/:17374:0:99999:7::: ' >>/etc/shadow[[email protected] demo]# tail-1! $tail-1/ etc/shadowuser5:$6$1234abcd$rq0et4pxyf990f./ljncinztanef5mw0gsa0ftwdykzeviukdnf9bm/pallngusv91l/ 9bwbkfbqm4os8cmyk/:17374:0:99999:7:::

So far, add a password This step has been done.

Adding its base group to the group

[Email protected] demo]# echo "user5:x:5000:" >>/etc/group[[email protected] demo]# tail-1/etc/groupuser5:x:500 0:

Finally add the group information in the Gshadow (for the sake of convenience, we do not add a group password temporarily, interested students can add their own, add the same way and add the user password is the same, the password replaced after encryption! Can):

[[email protected] demo]# echo "user5:!::" >>/etc/gshadow-bash::: Unrecognized history modifier[[email protected] demo]# Echo ' user5:!:: ' >>/etc/gshadow[[email protected] demo]# tail-1/etc/gshadowuser5:!::

Note: Above can see I use echo "user5:!::" >>/etc/gshadow command times is wrong, because bash supports command expansion, and! is an expanded modifier prefix, so bash tries to: expand, here we'll change the double quotation mark to single quotation marks, because the single quotation mark is a strong reference and explicitly tells bash not to need to expand the contents of the string.

The last step, copy home directory:

[[email protected] demo]# cp-r/etc/skel/home/user5[[email protected] demo]# ll/home/total usage 496drwx------.  3 User3   root      4096 July  06:31 user3drwx------.  3 user4   user4     4096 July  00:29 user4drwxr-xr-x.  3 root    root      4096 July  01:48 user5[[email protected] demo]# chown-r User5:user5/home/user5[[email Protect Ed] demo]# chmod-r--reference=/home/user4/home/user5[[email protected] demo]# ll/home/total dosage 496drwx------.  3 User3   root      4096 July  06:31 user3drwx------.  3 user4   user4     4096 July  00:29 user4drwx------.  3 User5   user5     4096 July  01:48 user5

So far, the USER5 user has finished adding, now can be logged in with the USER5 user, the password is just set the password

[[email protected] demo]# su-l user5 Last Login: Day July 01:53:57 CST 2017pts/1 [[email protected] ~]$ Touch Hello.c[[email Pro Tected] ~]$ ll total dosage 0-rw-rw-r--. 1 user5 user5 0 July  01:54 hello.c[[email protected] ~]$ Pwd/home/user5

Linux User Management