Use of Linux User management commands

Use of Linux User management commands

The first year of unix is January 1 ,.

Most of the current versions of Windows and linux follow the 3A user and permission management mechanism (Authencattion identity authentication mechanism, Authorzation authorization, and Accounting audit)

After the user enters the user name and password, the system finds the UID, GID, and group information in the passwd file to confirm whether the user exists. If so, log on to the account, perform the operation. If not, log on again.

[Root @ test1 ~] # Cat/etc/passwd

Root: x: 0: 0: root:/bin/bash

The above content is the relevant root Information in passwd, Which is username, password, uid, gid, GECOS, homefile, shell from left to right.

You don't need to say much about username. You basically know that different usernames are used according to the role and permissions.

The encrypted password file information is md5 in Centos5.x and below, but it seems that sha512 is used for encryption in Centos6 and above, and save it to the/etc/shadow file.

The ID number of the UID user. The machine uses the ID number to check whether your username and password are correct. The number is 0 -.

Common users: 1-60000

System User:

CentOS6: 1-499

CentOS7: 1-999

Login User:

CentOS6: 500 +

CentOS7: 1000 +

The GID GroupName group ID is used to assign permissions and roles to users. Its main configuration files are/etc/gshadow and/etc/group, in some companies, the mail system basically uses this to differentiate functions. In linux, the group configuration is as follows:

Administrator group: 0

Common group:

Centos 6.x: 1-499

Centos 7.x: 1-999

Login User:

Centos6.X: 500 +

Centos7.X: 1000 +

GECOS user details

HOMEFILE Home Directory, which stores files of users with personal roles

SHELL default shell

Note: The/etc/shadow file manages the user's password information, which is a unidirectional irreversible file, as shown in the following code file:

The format is:

Login name: encrypted password: date of last password change: minimum password age: maximum password age: password warning period: password inactivity period: account expiration date: reserved field

The data is separated by ":" or "$ ".

Commands related to user and group management:

Useradd, usermod, passwd, userdel

Groupadd, groupmod, gpasswd, groupdel

Chage, chsh, chfn

Id, w, who, whoami

Su

Useradd: create a user

Useradd [options] LOGIN

Useradd-D [options]

-R: Create a system user

-U UID: indicates the UID;

-G GID: specifies the basic group to which the user belongs. This group must exist beforehand.

-C 'comment ':

-D/PATH/TO/SOMEWHERE: Specifies the PATH of the user's main directory. This location cannot exist in advance; otherwise, the user-related configuration file will be copied;/etc/skel

-S SHELL: Set the user's default shell;

Cat/etc/shells

-G gid,...: Specify the additional group;

-M: do not create a home directory for the user;

Groupadd: Creates a group.

Groupadd [OPTIONS] GROUPNAME

-G GID: Specifies the group ID;

-R: Create a system group;

[Root @ test1 ~] # Groupadd database

[Root @ test1 ~] # Groupadd SQL

Id: view User-related id information;

Id [OPTION]... [USER]

-U: UID

-G: GID

-G: Groups

-N: NAME

[Root @ test1 ~] # Id-G Oracle

3000 501 502

Su: switch user, switch user or execute command as another user;

Switch Mode:

Su USERNAME: incomplete switchover; non-Logon switchover

Su-USERNAME or su-l USERNAME: full switch; logon Switch

Run the specified command only as the specified user:

Su-USERNAME-c 'command'

Usermod: User Attribute Modification

Usermod [OPTION]... LOGIN

-U UID

-G GID

-G gid [, GID,...]: Modify the additional group to which the user belongs. Use the-a option at the same time;

-S SHELL

-C 'comment'

-D HOME: when the user's HOME directory is changed to a new location, the user's original file will not be moved to the new HOME;-m option can be used to simultaneously migrate it to the new HOME directory;

-L LOGIN:

-L: lock user

-U: unlock user

[Root @ test1 ~] # Useradd nicai

[Root @ test1 ~] # Usermod-l Oralce nicai

[Root @ test1 ~] # Cat/etc/passwd

Oracle: x: 3000: 3000:/home/database:/bin/bash

Oralce: x: 3001: 3001:/home/nicai:/bin/bash

Passwd: Add a password to the user

Passwd [OPTION] [UserName]

-L: lock user

-U: unlock user

-N mindays: minimum service life;

-X maxdays: 99999 days by default;

-W warndays:

-I inactivedays:

-- Stdin: receives the user password from the standard output;

Echo 'centoss' | passwd -- stdin centos

Userdel: delete a user

Userdel [-r] USERNAME

-R: delete a user's home directory while deleting the user;

Groupmod: group Attribute Modification

Groupmod [OPTION] GROUPNAME

-N GROUP_NAME

-G GID

Gpasswd: Set the group password

Newgrp: Switch the basic group to the specified group.

Groupdel: deletes a group.

Chage: modifying the attributes of user accounts and passwords

Chage [OPTION]... LOGIN

Other commands: chfn, chsh, finger, whoami, who

For example:

Create an additional database and SQL group for the Oracle user. The ID number is 3000, and the home directory is/home/database;

[Root @ test1 ~] # Useradd Oracle-G database, SQL-u 3000-d/home/database