1, user and user group files in Linux, user account, user password, user group information and user group password are stored in different configuration files. In a Linux system, the user account that is created and its associated information (except for passwords) are stored in the/etc/passwd configuration file. Because all users have read permissions to the passwd file, the password information is not stored in the file, but is saved in the/etc/shadow configuration file. In the passwd file, a row defines a user account, each row consists of several different fields, separated by a ":" In each field, each representing the information for that account. In the newly installed Linux system, the passwd profile already has a lot of account information, these accounts are automatically created by the system, they are the Linux process or part of the service program is required to use the account, the last field of these accounts the value is generally/sbin/nologin, Indicates that the account cannot be used to log on to the Linux system. In the passwd configuration file, the corresponding relationship of the fields from left to right and their meanings:
user account user password User ID user group ID user name User main directory &NBSP User's shell root x nbsp 0 0 root &NB Sp /root /bin/bash due to pass WD no longer saves password information, so it is represented by a placeholder x. to make a user account unable to log on to Linux, simply set the shell that the user is using as/sbin/nologin. For example, for FTP accounts, it is generally only allowed to log in and access the FTP server, not allowed to log on to the Linux operating system. To give a user no Telnet permission, which means that the user is not allowed to telnet to and access the Linux operating system with the login, the shell used by the user is set to/bin/true. To let users have no Telnet and FTP logon rights, you can set the user's shell to/bin/false. in the/etc/shells file, if there is no/bin/true or/bin/false, you need to add it manually: [[email protected] ~]# echo "/bin/false" >> /etc/shells[[email protected] ~]# echo "/bin/true" >>/etc/shells2, user password file for security reasons, The user's real password is encrypted with the MD5 encryption algorithm, which is saved in/etc/shadowFile, only the root user can read it. similar to passwd files, shadow files are also information about defining and saving an account per line. The first field is the user account name, and the second field is the password for the account. 3, user group account file user group account information is saved in the/etc/group configuration file, can be read by any user. The real password for the user group is saved in the/etc/gshadow configuration file. in group, the first field represents the name of the user group, the second is X, the third is the ID number of the user group, and the fourth is a list of user members for the user group, separated by commas between the user names. 4. Add user Create or add a new user using the Useradd command with the command: useradd [option] username the command has more option options, Commonly used mainly are: -c comment User set comment Description text -d home directory Specify to replace the default/home/ Username's home directory -m If the home directory does not exist, create it. -R and-m combination to create a home directory for the system account -m Do not create a home directory -e date Specifies the date on which the account expires. Date format is mm/dd/yy -f days account expires several days after the permanent stop right. If specified as-, the right to be stopped immediately, if 1, then turn this feature off -g user group Specify which user group the user is joined to, and that user group must have a list of user groups that the user is joined at the same time as the -g user group list. Groups with tease -n Do not create a private user group for users -s Shell Specify the shell that users use when they log on, The default is/bin/bash -r &NBSp Create a system account with a user ID of less than 500, default does not create the corresponding home directory -u user ID Manually specify the ID value of the new user, the value must be unique and greater than 499 -p password Specify the login password for the new user. The password here is the password value of the corresponding login password after MD5 encryption, false real password original, so in practical applications, this parameter option is less used, usually using the passwd command alone to set the user login password. Example: to create a user named Zhangjie, and as a member of the student user group, the action command is: [[email protected] ~]# useradd-g student zhangjie[ [email protected] ~]# tail-1/etc/passwdzhangjie:x:501:501::/home/zhangjie:/bin/bash When adding a user, If the user group is not specified with the-g parameter, a private user group with the same name as the user account is automatically created by default. If you do not need to create this private user group, you can choose the-n parameter. For example, add an account named Lijie, but do not specify a user group with the following result: [[email protected] ~]# useradd lijie[[email protected] ~]# tail-1/etc/ Passwdlijie:x:502:502::/home/lijie:/bin/bash[[email protected] ~]# tail-2/etc/groupstudent:x:501:lijie:x : 502: #系统自动创建了名为lijie的用户组, ID number 502 When you create a user account, the user's home directory is automatically created, which is placed by default in the/ In the home directory, to change the location, you can specify with the-d parameter, and for the shell used when the user logs in, the default is/bin/bash, which is specified with the-s parameter to change. For example, to create an account named Vodup, place the home directory under the/var directory, and specify that the login shell is/sbin/nologin, the action command is: [[Email protected] ~]# useradd-d/var/vodup-s/sbin/nologin vodup[[email protected] ~]# tail-1/etc/passwdvodu P:x:503:503::/var/vodup:/sbin/nologin[[email protected] ~]# tail-1/etc/groupvodup:x:503:5, set account attributes For created users, you can use the Usermod command to modify and set the properties of the account, including the login name, home directory, user group, login shell, and so on, which is used as: usermod [option] Username partial option (1) Changing the user account name is implemented using the-l parameter, the command usage is: usermod-l new username original username For example, to rename a user Lijie to Lijunjie, the action command is:[[email Protected] ~]# usermod-l Lijunjie lijie[[email protected] ~]# tail-1/etc/passwdlijunjie:x:502:502::/home/lijie :/bin/bash is visible from the output and the user name has been changed to Lijunjie. The home directory is still the original/home/lijie, and if you want to change to/home/lijunjie, you can do this by executing the following command [[email protected] ~]# usermod-d/home/lijunjie Lijunjie[[email protected] ~]# tail-1/etc/passwdlijunjie:x:502:502::/home/lijunjie:/bin/bash[[email Protected] ~]# Mv/home/lijie/home/lijunjie (2) lock account to temporarily prevent users from logging in, you can lock the user account. The lock account can be implemented by using the-l parameter, which uses the following command: usermod-l the account to be locked linux lock the user, by adding "in front of the password field shadow the password file"! "To identify that the user is locked out. (3) Unlock account  &NTo unlock the account, you can use the Usermod command with the-u parameter to implement 6, delete the account to delete the account, you can use the Userdel command, which uses the following: userdel [-r] Account name -r is optional, if you take this parameter, delete the account's home directory while deleting it. to set the time at which all user account passwords expire, you can modify the value of the Pass_max_days configuration entry in the/etc/login.defs configuration file to the default value of 99999, which means that the user account password never expires. Where the Pass_min_len configuration item is used to specify the minimum length of the account password, which defaults to 5 characters. 7, set the user login password use the passwd command to set, its command usage is: passwd [account name] if the account name is specified, set the login password for the specified account, the original password is automatically overwritten. Only the root user has permission to set the password for the specified account. General users can only set or modify their own account password (without parameters). For example, to set the login password for a Lijunjie account, the action command is: [[email protected] ~]# passwd Lijunjie Change the password of the user Lijunjie. New Password: Re-enter the new password: passwd: All authentication tokens have been successfully updated. Account login Password is set, the account can log into the system. Press the CTRL+ALT+F2 key to select the 2nd Virtual Console (Tty2) and log in with the Lijunjie account to verify that you can log in. 8, lock/Unlock account password in Linux, in addition to the user account can be locked out, the account password can also be locked, either party is locked, will not be able to log on the system. Only the root user has permission to execute the command, and the lock account password uses the passwd command with the-L-vegetable, which uses the following: passwd-l account name passwd-u account name #解锁账户密码9, query password status to query whether the password for the current account is locked, you can use the passwd command with the-s parameter, using the following: passwd-s account name such as [[email protected] etc]# passwd-s LijunjielijUnjie LK 2011-03-25 0 99999 7-1 (password has been locked.) ) [[email protected] etc]# passwd-u Lijunjie unlock the password of the user Lijunjie. PASSWD: Operation successful [[email protected] etc]# passwd-s Lijunjielijunjie PS 2011-03-25 0 99999 7-1 (password is set, use SHA512 encryption.) ) 10, delete the account password if you want to delete the password of the account, using the passwd command with the-d parameter, the command is only allowed to execute with the root user, which is used: passwd-d account name After the account password is deleted, you will not be able to log on to the system unless you reset the password. 11, create user groups users and user groups are many-to-many relationships, one user can belong to multiple user groups at the same time, one user group can contain multiple different users create user groups using the groupadd command with command usage of: groupadd [-r] User group name if the command has the-r parameter, create a system user group with a GID value of less than 500, and if you do not have the-r parameter, create a normal user group, When the GID value is greater than or equal to 500.12, modify the user group Properties user group creation and, if necessary, modify the relevant properties of the user group. The modification of user group properties is primarily to modify the name of the user group and the GID value of the user group. (1) Change the name of the user group to rename a user group, use the Groupmod command with the-n parameter, which uses the: groupmod-n new user group name Original user group name Renaming a user group does not change its GID value For example, to rename a student user group to a teacher user group, the action command is: [[email protected] ~]# tail-3/etc/group student:x:501: lijie:x:502: vodup:x:503: [[email protected] ~]# groupmod-n teacher student [[email protected] ~]# tail-3/etc/group lijie:x:502: vodup:x:503: teacher:x:501: (2) The GID value of the gid user group of the Reset user group can be re-set and modified, but cannot be duplicated with the GID value of the existing user group. Changes to the GID do not change the name of the user name. to modify the GID for a user group, you can use the Groupmod command with the-G parameter, using the following: Groupmod-g new_gid user group name for example, to change the GID of the teacher group to 504, the action command is: [[email protected] ~]# tail-3/etc/grouplijie:x:502:vodup:x:503:teacher:x:501:[[email protected] ~]# groupmod-g 504 teacher[[email protected] ~]# tail-3/etc/grouplijie:x:502:vodup:x:503:teacher:x:504:13, deleting user groups The Delete user group is implemented using the Groupdel command, which uses the following: groupdel user group name when deleting a user group, the deleted user group cannot be a private user group for an account, or it cannot be deleted, to be deleted, You should delete the account that references the private user group before you delete the user group. [[email protected] ~]# Groupdel teachergroupdel:cannot Remove the primary group of user ' Zhangjie ' [[Email prot Ected] ~]# userdel-r zhangjie[[email protected] ~]# groupdEl teacher[[email protected] ~]# grep teacher/etc/group #没有输出, description Teacher user group does not exist, delete succeeded 14, add user to specified group/ Remove a user from a specified group can add a user to a specified group so that it becomes a member of the group. The implementation command is: GPASSWD-A user account user group name to remove a user from a user group, the implementation command is: gpasswd-d user account user group name for example, Now add the Lijunjie user created above to the Vodup user group [[email protected] ~]# groups lijunjielijunjie:lijie[[email protected] ~]# Gpasswd-a Lijunjie vodup #添加用户到指定的用户组Adding user Lijunjie to group vodup[[email protected] ~]# groups Lijunjie Lijunjie:lijie vodup[[email protected] ~]# gpasswd-d Lijunjie vodup #从指定的用户组中移除用户Removing user Lijunjie from Group vodup[[email protected] ~]# groups Lijunjie #查看用户所属的组lijunjie: lijie15, setting up user Group Admins Adding a user to a group and removing a user from a group can be performed by the user group Administrator, in addition to the root user's ability to perform the operation. to designate a user as an administrator for a user group, use the following command:   GPASSWD-A user Group command function to manage user accounts set the specified user as the user administrator for the specified user group. User administrators can only administer user groups for authorized users (add users to groups or remove users from a group) and do not have permission to manage other user groups. [[email protected] ~]# gpasswd-a Lijunjie vodup[[email protecteD] ~]# useradd fen[[email protected] ~]# gpasswd-a Fen vodupadding user fen to group vodup[[email protected] ~] # groups Fenfen:fen vodup[[email protected] ~]# gpasswd-d Fen vodupremoving user fen from group vodup[[email Protected] root]$ gpasswd-d Fen fen #试图将fen用户从fen用户组中移除gpasswd: Permission denied. #操作被拒绝, stating that you do not have permission to manage other user groups in addition, Linux provides commands such as Id,whoami and groups to view the status of users and groups. The ID command is used to display the current user's uid,gid and the list of user groups to which the whoami is used to query the name of the current user; Groups is used to produce the user groups to which the specified user belongs. at the same time, we can use the graphical interface to manage users and user groups, System---> Management---> Users and Groups can open the appropriate configuration interface.
Detailed description of Linux users and user groups
