Detailed Linux Add/remove users and user groups _linux

Source: Internet
Author: User
Tags readable file permissions

This article summarizes some of the commands and parameters that Linux uses when adding or removing users and groups of users. Don't say much nonsense, let's take a look at the following.

1, Build Users:

AddUser PHPQ//New PHPQ User
passwd PHPQ//Set Password to PHPQ user

2, the establishment of the Working Group

Groupadd test//New test Workgroup

3, new users to increase the team at the same time

USERADD-G test PHPQ//new PHPQ user and add to test workgroup

Note:: The shell used by the group-D home Directory-S for-G

4, to the existing user to increase the Working group

USERMOD-G groupname username

Or: Gpasswd-a user Group

5, temporary shutdown: In the/etc/shadow file belongs to the user's line of the second field (password) before adding * on it. To restore the user, remove the * can.

Or, use the following command to close the user account:
passwd peter–l

passwd Peter–u

6. Permanently delete user account

Userdel Peter

Groupdel Peter

Usermod–g Peter Peter (forcibly deletes all files and subdirectories under this user's home directory and home directory)

7, remove users from the group

Edit/etc/group Find GROUP1 line, delete A
or by command.
gpasswd-d A GROUP

8. Display user Information

ID User

This article focuses on the concept of user and user Group (group) management in Linux systems, the enumeration of user and user group related commands, as well as the single user multitasking and multi-user multitasking.

Linux User (user) and group Management overview

Linux is a multi-user, multitasking operating system; We should understand the concept of single user multitasking and multi-user multitasking;

1, Linux single user multitasking;

Single user multitasking; For example, we log in to the Beinan system, after entering the system, I want to open gedit to write the document, but in the process of writing the document, I feel less music, so open the Xmms to some music, of course, listen to some music not, MSN still have to open, want to know what a few brothers are doing now, In this way, I use Beinan user login, the implementation of the Gedit, XMMS and MSN, of course, and the input method fcitx; This is a bit simple, a Beinan user, in order to complete the work, carried out a number of tasks; Of course Beinan this user, Other people can also use remote logins to do other work.

2, Linux multi-user, multitasking;

Sometimes it is possible for many users to use the same system at the same time, but not all users must do the same thing, so there are many users of the task of saying;

For example, such as the server, which has FTP users, system administrators, Web users, regular ordinary users, and so on, at the same time, perhaps some brothers are visiting the forum, and some may be in the upload package management sub-station, such as Luma or yuking Brother in the management of their homepage system and FTP; At the same time, there may be a system administrator in the maintenance system; The home page is for nobody users, everyone uses the same one, and the upload package is for FTP users; Administrator's system maintenance or viewing, May use the ordinary account or the Super Authority root account, the different user has the authority to be different, must complete the different task to need different user, also may say different user, may complete the work also to be dissimilar;

It is noteworthy that: multi-user multitasking is not everyone at the same time squeezed into a machine in a keyboard and monitor to come to operate the machine, multi-user may be through remote logins, such as the remote control of the server, as long as the user has the right to operate or access anyone can go up;

3, the user's role distinction;

Users in the system is a role in the Linux system, due to different roles, permissions and the task accomplished are different; it is noteworthy that the user's role is through UID and recognition, especially the UID; in system management, the system administrator must stick to the unique characteristics of UID;

Root User: System only, is true, can login system, can the operating system any files and commands, with the highest authority;
Virtual User: This type of user is also known as a pseudo user or dummy user, in contrast to real users, this type of user does not have the ability to log on to the system, but it is an indispensable user for the system to run, such as bin, daemon, ADM, ftp, mail, etc., which are owned by the system and not later added, Of course, we can also add virtual users;
Ordinary real users: this type of user can log on to the system, but only the contents of their own home directory, limited permissions, such users are added by the system administrator;

4, the security of multi-user operating system;

Multi-user system is more convenient for system management from the fact. From a security perspective, a multi-user managed system is more secure, such as a file under the Beinan user does not want other users to see, just set the file permissions, only Beinan a user can read and write editable on the line, so that only Beinan a user can operate on their private files , Linux is the best performance under the Multi-User, Linux is very good to protect the security of each user, but we have to learn Linux is the security system, if there is no security awareness of the administrator or management technology, such a system is not safe.

From the server point of view, the user's system security is the most important, our common Windows operating system, its ability to manage the system can only be said to be general, there is no way and Linux or Unix-like systems compared;

Users (user) and user groups (group) concepts;

1. The concept of users (user);

We understand that Linux is a multi-user operating system in the real sense, so we can build a few users in Linux. For example, our colleagues want to use my computer, but I don't want him to log in with my username because my user name has information and information (that is, private content) that I don't want to see. Then I can give him a new username, let him use the username I opened to toss, This is in accordance with the operating rules from the point of view of computer security;

Of course, the concept of users (user) Understanding is not only this, in the Linux system, there are some users are used to complete specific tasks, such as nobody and FTP, we visit the of the Web program, is nobody user; when we anonymously access FTP, Users can use FTP or nobody, if you want to know some of the Linux system account, please check the/etc/passwd;

(2) The concept of user groups (group);

User groups (group) are the collections of users (user) with the same characteristics; For example, sometimes we want to have multiple users have the same permissions, such as view, modify a file or execute a command, then we need a user group, we define the user to the same user group, we modify the file or directory permissions , so that the user group has certain operational rights, so that users under the user group for the file or directory have the same permissions, which we have to define the group and modify the file's permissions to achieve;

For example: In order for some users to have permission to view a document, for example, a schedule, and the people who write the timesheet to have read and write permission to execute, we want to let some users know the content of the schedule, and do not let them modify, so we can take these users to a group, and then modify the permissions of this file, Make the user group readable so that each user under the user group is readable;

The corresponding relationship between user and user group is: one-to-one, more than one or one pairs or more;

One-to-one: A user can be the only member of a group;
Multi-pair: Multiple users can be members of a unique group, not other user groups, such as Beinan and Linuxsir two users only belong to the Beinan user group;
One-to-many: A user can be a member of more than one user group, such as a beinan can be a member of the root group, a member of a Linuxsir user group, or an ADM user component;
Many-to-many: Multiple users correspond to multiple user groups, and several users can belong to the same group; in fact, the many-to-many relationship is the previous three expansion, understanding the above three, this is understandable;

A configuration file, command, or directory related to user and user groups (group);

1. Configuration files related to users (user) and user groups (group);

1 configuration files related to user (users);

/ETC/PASSWD Note: User's configuration file;
/etc/shadow Note: Users (user) shadow password file;

2 configuration files related to user groups (group);

/etc/group Note: User groups (group) configuration file;
/etc/gshadow Note: Shadow files for user groups (group);

2, the management user (user) and Users groups (group) of the relevant tools or commands;

1 Manage user's tools or commands;

Useradd Note: Add user
AddUser Note: Add user
passwd Note: Set password for user
Usermod Note: Modify the user command, you can modify the login by Usermod, user's home directory and so on;
Pwcov Note: Sync user from/etc/passwd to/etc/shadow
PWCK Note: Pwck is the validation of user profile/etc/passwd and/etc/shadow file content is legal or complete;
Pwunconv Note: Pwcov is the reverse operation, from/etc/shadow and/etc/passwd to create/etc/passwd, and then delete/etc/shadow files;
Finger Note: View user Information tool
ID Note: View the user's UID, GID, and the user group they belong to
CHFN Note: Change the user Information tool
SU Note: User Switching tool
sudo note: sudo executes commands through another user (execute a command as another user), Su is used to toggle the user, and then through the switch to the user to complete the corresponding task, but sudo can directly follow the command, such as Sudo Root can be executed without root password only root can execute the corresponding command, but it has to be visudo to edit the/etc/sudoers to achieve;
Visudo Note: Visodo is the editor of the/etc/sudoers command, you can not use this command, directly with VI to edit the/etc/sudoers effect is the same;
Sudoedit Note: Similar to the sudo function;

2 tools or commands for managing user groups (group);

Groupadd Note: Add user group;
Groupdel Note: delete user group;
Groupmod Note: Modify user group information
Groups Note: Displays the user group to which the user belongs
GRPCONV Note: Synchronizes or creates/etc/gshadow through the contents of/etc/group and/etc/gshadow files, if/etc/gshadow does not exist;
Grpunconv Note: Synchronize or create/etc/group through/etc/group and/etc/gshadow file contents, then delete gshadow file;

3,/etc/skel directory;


/etc/skel directory is typically the directory where user startup files are stored, which is controlled by root, and when we add users, the files in this directory are automatically copied to the newly added user's home directory; the files in the/etc/skel directory are hidden files. Which is similar to the. file format, we can provide users with a uniform, standard, Default user environment by modifying, adding, and deleting files in the/etc/skel directory;

[root@localhost beinan]# ls-la/etc/skel/
Total dosage of
drwxr-xr-x    3 root root  4096  August 11 23:32.
drwxr-xr-x  12288 October 14 13:44.
-rw-r--r--    1 root root    24  May 00:15. Bash_logout
-rw-r--r-- & nbsp;  1 root root   191  May 00:15 bash_profile
-rw-r--r--    1 root root    124  May 00:15 bashrc
-rw-r--r--    1 root root  5619.2005-03-08 
- rw-r--r--    1 root root   438  May 15:23. emacs
-rw-r--r--    1 root R oot   120  May 05:18 GTKRC
drwxr-xr-x    3 root root  4096  August 23:16. KD E
-rw-r--r--    1 root root   658 2005-01-17 . ZSHRC

Files in the/etc/skel directory, typically when we add users (user) with the Useradd and AddUser commands, the system is automatically copied to the newly added user's home directory, and if we add the user by modifying the/etc/passwd, We can create our own user's home directory, and then copy the files under/etc/skel to the user's home directory, and then use Chown to change the owner of the new user's home directory;

4,/etc/login.defs configuration file;

/etc/login.defs files are some of the planning for creating users, such as the need for home directories, UID and GID ranges when creating users, and the duration of the user, which can be defined by root;

For example, Fedora/etc/logins.defs file content;

# *required*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, Mail_dir takes precedence.
# Qmail_dir is for QMAIL
#QMAIL_DIR Maildir
Mail_dir/var/spool/mail Note: To create a user, create a user mail file in the directory/var/spool/mail;

# Password Aging Controls:
#       pass_max_days   Maximum number Days a password could be used.
#       pass_min_days   Minimum number of days allowed between password Changes.
#       pass_min_len    Minimum acceptable password length.
#       pass_warn_age   Number of days warning given before a password Expir Es.
pass_max_days   99999   Note: The number of days for which the user's password is not maximum;
pass_min_days   0        Note: The minimum number of days between password modifications;
pass_min_len    5       Note: Minimum password length;
pass_warn_age   7       Note:

# Min/max values for automatic uid selection in Useradd
Uid_min 500 Note: The minimum UID is 500, which means that when adding a user, the UID starts at 500;
Uid_max 60000 Note: maximum UID is 60000;

# Min/max values for automatic gid selection in Groupadd
Gid_min 500 Note: The GID is starting from 500;
Gid_max 60000

# If defined, this command was run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# The user to be removed (passed as the "the"-argument).

# If Useradd should create home directories for users by default
# on RH systems, we do. This option is ORed with THE-M flag on
# useradd command line.
Create_home Yes Note: whether to create a user home directory, request creation;

5,/etc/default/useradd documents;

Rule file when adding a user through useradd;

# useradd defaults file
Home=/home Note: The user's home directory is built in the/home;
Inactive=-1 Note: Enable account expiration stop, 1 means not enabled;
Expire= Note: The account expiration date, does not set the indication not to enable;
Shell=/bin/bash Note: The type of shell used;
Skel=/etc/skel Note: By default, add the user's directory default file location; That is, when we add users with AddUser, the files in the user's home directory are copied from the directory;



about user and user groups (group) management content is about so much; as long as the above is understood and mastered, user and group management is about the same. Because users (user) and user groups (group) are associated with file and directory permissions, the operation of file and directory permissions is also written separately for you to introduce;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.