Common CentOS user management commands

User management commands!

1. user name and password

In linux management, a very important part is to manage users. Not everyone can log on to the server. If someone wants to log on to the server, they must apply for relevant permissions, you can log on to the server only with the Administrator's permission. Although we entered the user name and password when logging on to the server, but the linux host does not know your user name and password, he only knows the ID number, it is actually a set of numbers (we call it UID). Because computers only know 0 and 1, the host has a concept of numbers. As for the user name, it is just to make people easy to remember. Your ID corresponds to the user name in/etc/passwd. Let's talk about/etc/passwd.

2./etc/passwd file

123456 [root @ drbd1 boot] # cat/etc/passwd | head-5 root: x: 0: 0: root:/bin/bashbin: x: 1: 1: bin:/sbin/nologindaemon: x: 2: 2: daemon:/sbin/nologinadm: x: 3: 4: adm: /var/adm:/sbin/nologinlp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin

There are five lines of code above. I can see each line, with seven or seven segments separated by:. Let's talk about the meaning of each segment! They are username, password, UID, GID, user description information, home directory, and default shell. Let's talk about the details here!

• User name: the account we usually use to log on to the system. The user name corresponds to the UID.

• Password: Needless to say, but here is an X, which prevents theft and is stored in another file/etc/shadow.

• UID: corresponds to our user name. The host can identify our user name through this

• GID: As we mentioned in the previous blog, each user corresponds to a user group. The GID identifies the group name and/etc/group in another file.

• User Description: There is no important purpose, just to explain the meaning of this account

• Home Directory: the user's home directory. For example, the root home directory is in the/root directory, so after the root login, it will immediately run to the/root directory.

• Default shell: After a user logs on to the system, a Shell is obtained to communicate with the core of the system for user operation tasks.

3./etc/shadow file

As we have mentioned above, the/etc/shadow file is mainly stored with a password. Let's take a look at it in detail.

123456 [root @ drbd1 boot] # cat/etc/shadow | head-5 root: $1 $ GErxq. OA $ jxK. VBTpJkbr. XTIYnZR6/: 15783: 0: 99999: 7: bin: *: 15783: 0: 99999: 7: daemon: *: 15783: 0: 99999: 7 ::: adm: *: 15783: 0: 99999: 7: lp: *: 15783: 0: 99999: 7 :::

From the code above, we can see that the shadow field is also separated by:. There are 9 segments in total. Let's talk about the meaning of each segment.

• User name: no more

• Password: Encrypted to improve security

• Date of last password change: Date of the day when the password is changed

• The password cannot be changed for 20 days.

• Number of days for the password to be changed again: to force the user to change the password, this field can specify the number of days after the last password change to change the password.

• Warning days before the password expires: in the preceding example, the system will warn the user of the seven days before the password expires.

• Number of days after the password expires: After the password expires, the user still does not upgrade the password, and the password will expire. Although the password expires, this account can still be used for other work, including logging on to the system to obtain bash

• Account Expiration date: This account cannot be used again after the specified date in this field

• Retained: The last field is retained. Check whether new functions are added later.

4./etc/group file

As we have mentioned above, the user name and password are stored in files. Let's talk about the storage of Group Names below.

123456 [root @ drbd1 boot] # cat/etc/group | head-5 root: x: 0: rootbin: x: 1: root, bin, daemondaemon: x: 2: root, bin, daemonsys: x: 3: root, bin, admadm: x: 4: root, adm, daemon

As you can see, there are four fields separated by:, so let's talk about the specific meaning.

• Group Name: no more

• Group password: This configuration is usually used by Group administrators and rarely stored in/etc/gshadow using the same password.

• GID: The group name corresponding to the GID used in the fourth field of/etc/passwd.

• Other users supported by this group: If you know that a user can join multiple groups, enter this field when an account wants to join this group.

5. commands related to user management

As we have mentioned above, the configuration files related to users and groups are/etc/passwd,/etc/shadow/,/etc/group. Let's talk about them below, commands for managing users and groups

• Manage Users: useradd, passwd, usermod, userdel

• Management Group: groupadd, groupmod, groupdel

Let's talk one by one:

(1). useradd command

123456789101112 useradd [-u UID] [-g initial group] [-mM] [-c description bar] [-d home directory absolute path] [-s shell] user account name Option and parameters: -u: UID followed by a group of numbers. Directly specify a specific UID to the account-g: The group name followed by the group name. The group's GID will be placed in the fourth field of/etc/passwd-G: the group name that follows is the group that this account can join. This option and parameter will modify the related data in/etc/group-M: mandatory, do not create a user's home directory! (Default system account)-m: mandatory. You need to create a user's home directory! (General account default value)-c: This is the description in the Fifth Column of/etc/passwd. You can configure-d as needed to specify a directory as the home directory, do not use the default value. Be sure to use absolute path-r: Create a system account. The UID of this account is limited (refer to/etc/login. defs)-s: Followed by a shell. If not specified, the default value is/bin/bash ~ -E: Followed by a date in the format of YYYY-MM-DD. This project can be written to the eighth field of shadow, that is, the configuration of the Account expiration time-f: followed by the project in the seventh field of shadow, specifying whether the password will be invalid. 0 indicates that the password will expire immediately, and-1 indicates that the password will never expire (the password will only expire and be forced to be reconfigured upon login)

(2) passwd command

12345678910 passwd [-l] [-u] [-- stdin] [-S] [-n days] [-x days] [-w days] [-I date] account <= root function options and parameters: -- stdin: data from the previous pipeline can be input as a password. It is helpful to shell script-l: It means Lock, the front of the second column of/etc/shadow will be added! Invalidate password-u: opposite to-l, it is the meaning of Unlock-S: List password-related parameters, that is, most of the information in the shadow file-n: followed by the number of days, in the shadow field 4th, the password days cannot be modified-x: followed by days, the shadow field 5th, and the password must be changed-w: followed by days, and the shadow field 6th, warning days before password expiration-I: followed by date, shadow field 7th, password expiration date example: echo "123456" | passwd -- stdintest

(3). usermod command

12345678910111213 usermod [-c d e g G l s u l u] username option and parameter:-c: The description of the following account, that is, the description column in the Fifth Column of/etc/passwd, you can add some account description-d: the home directory followed by the account, that is, modify the sixth column of/etc/passwd-e: followed by the date, the format is YYYY-MM-DD, that is, the eighth field data in/etc/shadow-f: followed by the number of days, for the seventh field of shadow-g: followed by the initial group, modify the fourth field of/etc/passwd, that is, the GID field-G: next to the secondary group, modify the group that the user can support, /etc/group-a: used with-G. Support for secondary groups can be added instead of configuration-l: followed by the account name. That is, to modify the account name, the first column of/etc/passwd-s: the actual file followed by Shell, such as/bin/bash or/bin/csh ...... -U: followed by the UID number, that is, the data in the third column of/etc/passwd-L: temporarily freeze the user's password, making it impossible to log on. In fact, only change the/etc/shadow password column-U: Change the/etc/shadow password column! Remove and unfreeze

(4). userdel command

12 userdel [-r] username option and parameter:-r: delete together with the user's home directory

(5). groupadd command

123 groupadd [-g gid] [-r] group name options and parameters:-g: a specific GID is followed by a specific GID, which is used to directly give a gid-r: create a system group and/etc/login. GID_MIN in defs

(6). groupmod command

123 groupmod [-g gid] [-n group_name] group name options and parameters:-g: Modify the existing GID number-n: Modify the existing group name

(7). groupdel command

12 groupdel [groupname] example: groupdel mygroup

The above explains the basic commands for user and group management. Will you? Below we will expand some commands!

6. Other commands

(1). id command

1234id [username] example: idroot [root @ drbd1 ~] # Id rootuid = 0 (root) gid = 0 (root) groups = 0 (root), 1 (bin), 2 (daemon), 3 (sys ), 4 (adm), 6 (disk), 10 (wheel)

(2). finger command

1234567891011121314 finger [-s] username options and parameters:-s: only list the user's account, full name, Terminal code and logon time, etc.-m: list the users who are the same with the subsequent account, instead of using partial comparison (including full name), for example: [root @ drbd1 ~] # Finger-s rootLogin Name Tty Idle Login Time Office Phoneroot root pts/0May 23 (192.168.18.138) [root @ drbd1 ~] # Finger-m rootLogin: root Name: rootDirectory:/rootShell:/bin/bashOn since Thu May 23 09:29 (CST) on pts/0 from 192.168.18.138New mail received Thu May 23 2013 (CST) Unread since Wed May 15 2013 (CST) No Plan.

Summary:

At this point, our user management is basically finished. As for advanced applications (such as ACL applications and SU applications) managed by users, I will explain this in my post blog! Next, let's talk about Linux time and date management!

This article is from "Share your knowledge ..." Blog, please be sure to keep this source http://freeloda.blog.51cto.com/2033581/1207525