Add/delete users and user groups in Linux

Source: Internet
Author: User
Tags ftp access
This article summarizes some common commands and parameters used to add or delete users and user groups in Linux.

This article summarizes some common commands and parameters used to add or delete users and user groups in Linux.
1. user creation:
Adduser phpq // Create a phpq user
Passwd phpq // set a password for the phpq user

2. create a working group
Groupadd test // create a test workgroup

3. create a user and add a working group
Useradd-g test phpq // Create a phpq user and add it to the test workgroup

Note: SHELL used by-g's group-d home directory-s


4. add a working group for existing users
Usermod-G groupname username

Or: gpasswd-a user group

5. temporarily close: add * before the Second Field (password) of the user's row in the/etc/shadow file. To restore the user, remove.

You can also use the following command to disable the user account:
Passwd peter-l

Release again:
Passwd peter-u

6. permanently delete user accounts
Userdel peter

Groupdel peter

Usermod-G peter (force delete all files and subdirectories in the user's home directory and home directory)

7. delete a user from the group
Edit/etc/group, locate the GROUP1 line, and delete
Or use the command
Gpasswd-d A GROUP

8. display user information
Id user
Cat/etc/passwd

For more information about users and user groups, see
Linux users and user groups
This document describes the concepts of user and group management in Linux, and lists commands related to user and group; it also provides explanations on single-user multi-task and multi-user multi-task.

Linux user and user group Management Overview

 

Understand the concept of single-user multitasking and multi-user multitasking in Linux;

Linux is a multi-user, multi-task operating system; we should understand the concept of single-user multi-task and multi-user multi-task;


1. single-user multitasking in Linux;

Multi-task for a single user. for example, when we log on to the system with beinan and enter the system, I want to open gedit to write the document. However, when writing the document, I feel less music, so I opened xmms to make some music again. of course, I couldn't even listen to some music, and MSN had to open it. I wanted to know what some of my colleagues are doing now. in this way, when I log on with the beinan user, run gedit, xmms, msn, and the fcitx input method. in this case, a beinan user executes several tasks to complete the work. of course, beinan is a user, others can log on remotely and do other work.


2. Linux multi-user and multi-task;

Sometimes many users use the same system at the same time, but not all users must do the same thing, so there are multiple users and multiple tasks;

For example, LinuxSir. the Org Server contains FTP users, system administrators, web users, and common users. at the same time, some may be visiting the forum, and some may be uploading software package management sites, for example, luma or Yuking is managing their home page system and FTP. at the same time, there may be system administrators who are maintaining the system. they use nobody users to browse the home page, the uploaded software package uses FTP users. the administrator's maintenance or viewing of the system may use a common account or a root account with super permissions;Different users have different permissions. different users are required to complete different tasks., You can also sayDifferent users may do different jobs.;

It is worth noting that multi-user multi-task operations are not performed by the keyboard and display of a single machine at the same time. multiple users may log on remotely, for example, remote control of the server, anyone with user permissions can perform operations or access on the website;


3. user role differentiation;

Users are divided into roles in the system. In Linux, permissions and tasks are different because of different roles; it is worth noting that the user's role is identified by UID, especially UID. in system management, the system administrator must stick to the unique characteristics of UID;

Root User: The system is unique and real. you can log on to the system, operate any files and commands in the system, and have the highest permissions;
Virtual Users: these users are also known as pseudo users or fake users. They are differentiated from real users. such users do not have the ability to log on to the system, but are indispensable users for system operation, for example, bin, daemon, adm, ftp, mail, etc. all these users are owned by the system rather than those added later. of course, we can also add virtual users;
Ordinary real users: These users can log on to the system, but can only operate the contents of their home directories; limited permissions; these users are added by the system administrator;


4. security of multi-user operating systems;

Multi-user systems are more convenient for system management. From a security perspective, the multi-user management system is more secure. for example, if a file under a beinan user does not want other users to see it, just set the file permissions, only one beinan user can read, write, and edit data. in this way, only one beinan user can operate on its private files. Linux is the best performing solution for multiple users, linux can protect the security of every user, but we also have to learn about Linux as a secure system. if there is no security-aware administrator or management technology, such a system is not secure.

From the server point of view, the system security under multiple users is also the most important. for Windows operating systems that we commonly use, the system's capability of permission management can only be said to be general, there is no way to compare with Linux or Unix systems;


2. concepts of user and group;


1. user concept;

Based on our understanding of multiple users in Linux, we understand that Linux is a real multi-user operating system, so we can build several users in Linux ). For example, our colleague wants to use my computer, but I don't want him to log on with my user name, because my user name contains information and information (that is, private content) that he does not want others to see) in this case, I can create a new user name for him to use the user name I opened, which is in line with the operational rules from the computer security perspective;

Of course, the concept of user is not just that. in Linux, there are still some users who are used to complete specific tasks, such as nobody and ftp. we access LinuxSir. org's webpage program is a nobody user. ftp or nobody is used for anonymous ftp access. if you want to know some Linux accounts, see/etc/passwd;


2. concepts of user groups;

A user group is a collection of users with the same features. for example, sometimes we want to allow multiple users to have the same permissions, for example, to view or modify a file or execute a command, we need a user group. we define all users to the same user group. by modifying the permissions of files or directories, the user group has certain operation permissions, so that users under the user group have the same permissions on the file or directory. this is achieved by defining the group and modifying the file permissions;

For example, in order for some users to have the permission to view a document, such as a timetable, the person who writes the timetable must have the permission to read and write the document, we want some users to know the contents of this schedule without modifying them. Therefore, we can place these users into a group and modify the permissions of this file to make the user group readable, in this way, each user in the user group is readable;

The ing between users and user groups is one-to-one, multiple-to-one, one-to-many, or multiple-to-many;

One-to-one: a user can be a unique member of a group;
Multiple-to-one: multiple users can be members of a unique group and cannot belong to other user groups. for example, beinan and linuxsir users only belong to beinan user groups;
One-to-multiple: a user can be a member of multiple user groups. for example, beinan can be a member of the root member, linuxsir user group, or adm user group;
Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group. In fact, the many-to-many relationship is the expansion of the first three. I have understood the three above, this article can also be understood;


3. configuration files, commands, or directories related to users and user groups;


1. configuration files related to users and groups;


1) configuration files related to users;

/Etc/passwd note: user configuration file;
/Etc/shadow note: user shadow password file;


2) configuration files related to user groups;

/Etc/group Note: User group configuration file;
/Etc/gshadow note: shadow file of the user group;


2. tools or commands for managing users and groups;


1) tools or commands used to manage users;

Useradd note: add a user
Adduser note: add a user
Passwd note: set a password for the user
Usermod note: to modify user commands, you can use usermod to modify the logon name and user's home directory;
Pwcov note: synchronize users from/etc/passwd to/etc/shadow
Pwck note: pwck verifies whether the content of the user configuration file/etc/passwd and/etc/shadow is legal or complete;
Pwunconv note: it is the vertical reverse operation of pwcov. it is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file;
Finger note: Tools for viewing user information
Id note: view the UID, GID, and user group of the user.
Chfn note: change user information tool
Su note: User switching tool
Sudo note: sudo uses another user to execute commands (execute a command as another user), su is used to switch users, and then the user to complete the corresponding tasks through the switch, however, sudo can directly execute the following commands. for example, sudo can execute root authorization without the root password. only root can execute the corresponding commands; however, you must edit/etc/sudoers through mongodo;
Except do note: visodo is the command for editing/etc/sudoers. you can also use vi to edit/etc/sudoers;
Sudoedit note: similar to the sudo function;



2) tools or commands used to manage user groups;

Groupadd note: add a user group;
Groupdel note: delete a user group;
Groupmod note: modify user group information
Groups note: displays the user group to which the user belongs.
Grpck
Note: Use the/etc/group and/etc/gshadow file content to synchronize or create/etc/gshadow. if/etc/gshadow does not exist, create it;
Grpunconv note: use the/etc/group and/etc/gshadow file content to synchronize or create/etc/group, and then delete the gshadow file;

 


3./etc/skel directory;

The/etc/skel directory is generally the directory for storing user startup files, which is controlled by the root permission. when we add users, files in this directory are automatically copied to the home directory of the newly added user. files in the/etc/skel directory are hidden files, which are similar. file Format. you can modify, add, or delete files in the/etc/skel directory to provide users with a unified, standard, and default user environment;

[Root @ localhost beinan] # ls-la/etc/skel/
Total usage 92
Drwxr-xr-x 3 root 4096 August 11 23:32.
Drwxr-xr-x 115 root 12288 October 14 13:44 ..
-Rw-r -- 1 root 24 00:15. bash_logout May 11
-Rw-r -- 1 root 191 May 11 00:15. bash_profile
-Rw-r -- 1 root 124 May 11 00:15. bashrc
-Rw-r -- 1 root 5619. canna
-Rw-r -- 1 root 438 May 18 15:23. emacs
-Rw-r -- 1 root 120 May 23 05:18. gtkrc
Drwxr-xr-x 3 root 4096 August 11 23:16. kde
-Rw-r -- 1 root 658 2005-01-17. zshrc

 

Files in the/etc/skel directory are generally copied to the home directory of the newly added user when we use the useradd and adduser commands to add a user; if we add a user by modifying/etc/passwd, we can create the user's home directory and copy the files under/etc/skel to the user's home directory, then, chown is used to change the owner of the new user's home directory;

4./etc/login. defs configuration file;

/Etc/login. the defs file is a plan for creating a user, such as whether to use the home directory, the UID and GID range, and the user's validity period when creating a user, this file can be defined by root;

For example, the/etc/logins. defs file content of Fedora;

# * REQUIRED *
# Directory where mailboxes reside, _ or _ name of file, relative to
# Home directory. If you _ do _ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
# QMAIL_DIR Maildir
MAIL_DIR/var/spool/mail Note: When creating a user, you must create a user mail file in the/var/spool/mail directory;
# MAIL_FILE. mail

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999 note: the maximum number of days for a user's password to expire;
PASS_MIN_DAYS 0 Note: the minimum number of days between password changes;
PASS_MIN_LEN 5 Note: minimum password length;
PASS_WARN_AGE 7 note:

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500 Note: The minimum UID is 500, that is, when a user is added, the UID starts from 500;
UID_MAX 60000 note: The maximum UID is 60000;

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500 Note: GID starts from 500;
GID_MAX 60000

#
# If defined, this command is run when removing a user.
# It shoshould remove any at/cron/print jobs etc. owned
# The user to be removed (passed as the first argument ).
#
# USERDEL_CMD/usr/sbin/userdel_local

#
# If useradd shoshould create home directories for users by default
# On RH systems, we do. This option is ORed with the-m flag on
# Useradd command line.
#
CREATE_HOME yes note: whether to create the user's home directory requires creation;

 


5./etc/default/useradd file;

The rule file when adding a user through useradd;

# Useradd defaults file
GROUP = 100
HOME =/home Note: create the home directory of the user in/HOME;
INACTIVE =-1 Note: whether to enable account expiration and suspension,-1 indicates not to enable;
EXPIRE = Note: The end date of the account. If this parameter is not set, the account is not enabled;
SHELL =/bin/bash note: SHELL type used;
SKEL =/etc/skel note: By default, the default file storage location of the user's directory is added. that is to say, when adduser is used to add users, the files in the user's home directory are, all of them are copied from this directory;

 


Postscript:

There are so many management contents about users and groups) management is almost the same. because users and user groups are associated with file and directory permissions, therefore, operations on the file and directory permissions will be written into an independent document;

From http://fedora.linuxsir.org/main? Q = node/91

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.