Configuration Management Guide for users and groups under the Linux operating system _unix Linux

User management, the main task is to establish a legitimate user account, set up and manage the user's password, modify the properties of the user account and, if necessary, delete the user account that has been discarded.


1. Add a new user

In a Linux system, only the root user can create a new user, as the following command creates a new user with a login name of user1.

# Useradd User1

However, the user is not able to log in because it has not been set to the initial password, and the user without the password is not able to log on to the system. By default, a user's home directory with the same user name will be created in the/home directory. If you need to specify a separate household directory, you can use the following command:

# useradd-d/HOME/XF User1

At the same time, the user will get a shell program when logged in:/bin/bash, and if you do not want the user to log in, you can specify that the user's shell program is:/bin/false, so that the user even log in, can not execute Linux commands:

# useradd-s/bin/false User1

In Linux, adding a user creates a new group that has the same name as the user who is a member of the group. If you want new users to belong to a group that already exists, you can use the following command:

# useradd-g User User1

This allows the user to be part of the Users group. And if you just want it to belong to a group again, you should use:

# useradd-g User User1

Once you have done this, you should also use the passwd command to set an initial password for it.


2. Delete a user

To remove a user, simply use a simple command "Userdel user name". However, it is best to delete the files it left on the system, and you can use the "Userdel-r username" to do this.


3. Modify User Properties

In the front we saw how to specify its user home directory when creating a new user, how to specify its shell, how to set the group it belongs to ... Wait a minute. A command is provided in Linux to implement:

USERMOD-G Group name-G group name-D user home directory-S user shell

There is also a direct way to modify the/etc/passwd file, in which each user occupies one row, and its contents are:

User name: Password: User id: Group ID: User full Name: User-headed directory: Users Shell

It's worth noting, however, that the password is usually replaced with a * number, which you can't see.


4. Add a group

Remember that Linux files can set different access rights for people who are in the same group, or for people who are not in the same group? We can create groups of users according to their needs:

Groupadd Group Name


5. Delete a group

Similarly, we sometimes need to delete a group whose command is the Groupdel group name.


6. Modify Group members

If we need to add a user to a group, simply edit the/etc/group file and write the user name to the back of the group name. For example, to add a newuser user to the Softdevelop group, just find the Softdevelop line:

Softdevelop:x:506:user1,user2

Then add NewUser in the back, forming:

Softdevelop:x:506:user1,user2,newuser

In addition, Red Hat Linux also provides a graphical user management tool: userconf, which enables more direct user management.


Two important documents: passwd and Group


In the Linux security mechanism,/etc/passwd and/etc/group these two files occupy a very important position. They control some important settings for Linux users and groups.

/etc/passwd file description (for setting the user's properties)

Available VI/ETC/PASSWD View


In the passwd file, each row is divided into 7 sections by a colon (":"), respectively:


[User name]:[password]:[uid]:[gid]:[identity description]:[home directory]:[login Shell]


which


[UID] Although the system is used to flag file ownership, determine the various permissions of the flag, but the content of this area does not require unique. A more common and security-related example is a user account with multiple UID and GID 0. Note that a user imnotroot with a UID and GID of 0 on the last line of the file, although it claims to be not root, has exactly the same permissions as root because the system is not based on the [user name] but on the UID and GID to divide the user's power. So, this situation is no doubt the system buried a safe bomb. However, when imnorroot do a lock screen, and so on, if its password is not the same as root, it will not unlock, because the system only found the first UID 0 (naturally, root) after the user is not looking down-it is the UID is unique.


[GID] User default group ID, which can be found in the file/etc/group the corresponding group name.

< note >:[uid] and [GID] less than 500 are generally reserved by the system themselves, do not make the identity of ordinary users and groups, so the new additions to users and groups are generally UID and GID greater than 500.


/etc/group File Description

Vi/etc/group View its contents


It is divided into four parts:

[Group name]:[password domain]:[gid]:[member Case table]