Ubuntu user and User Group Management

Create group:
$ Sudo addgroup ccache

Create a user:
$ Sudo useradd ccache-G ccache-m

Create a new wfz user and create the home directory. Specify the user group as ccache.
$ Sudo useradd wfz-G ccache-m

Add existing users to a specified group
$ Sudo adduser $ user ccache

$ Sudo adduser DBH ccache
$ Sudo adduser Paul ccache
$ Sudo adduser wfz ccache

Display the user ID and group information:
~ $ ID
Uid = 1001 (DBH) gid = 1001 (DBH) groups = 115 (Admin), 1001 (DBH)
$ CAT/etc/group
Ccache: X: 1002: DBH, Paul, wfz

1. Management of users and user groups:

The concept of multiple users in Linux means that multiple users can use the system at the same time.

(1) User Account file-passwd

Passwd is a text file (each line identifies one user) that defines the user account of the system. The file is located in the "/etc" directory. The file contains a list of system accounts that store some useful information for each account, such as the user ID, group ID, home directory, and shell (separated ). Only the user account is defined, and the password is not saved ("X" indicates that, if there is no sun: indicates that there is no password ). The real password is stored in the shadow file, which cannot be read by common users. Encrypted ciphertext cannot be read to improve the security of the user account.

For example:

[Root @ sun root] # Head/etc/passwd

Root: X: 0: 0: Root:/root:/bin/bash indicates that there are 7 fields: Logon Name: password or not: User ID: Group ID: account remarks: user home directory: name of the User Shell at login (the super user has the permission to modify)

(2) User Password File-shadow

Each line defines a user information, and each field in the line is separated. To further improve security, the password file stores the user's encrypted password: *, special symbol

[Root @ sun root] # Head/etc/shadow

Login Name: encrypted password (expressed by * or other special characters): number of days from the last password change to 1970.1.1: Number of days that cannot be changed after the password change: the number of days after the password is changed (validity period): Number of days before the password expires to warn the user: the number of days after the password is expired, and the number of days after the account is blocked: the number of days before the account is blocked: reserved unused.

(3) user group account file-group

User Group: a collection of user accounts in a logical organization. Users are allowed to share files in the group. Each file in the system has a user and a affiliated user group. Use the "ls-L" command to view the attributes and groups of each file.

[Root @ sun root] # Head/etc/group

Root: X: 0: Root, Tom, Mary (group name: group encryption password: GID: group member list (used, separated by each group username ))

(4) user group password file-gshadow

Defines user group passwords and User Group Administrator information. This file can only be read by the root user.

Record information per line:

[Root @ sun root] # Head/etc/gshadow

User Group: User Group encryption password: Group Administrator Account (the Administrator has the right to add or delete accounts): group member list

2. User and user group account maintenance commands:

(1) Add a user account: useradd Username

Useradd-G group name username specifies the private group name used by the user. By default, it is a private group with the same name as the user account.

Useradd-d [-G group] [-B Base] [-s shell] [-F inactive] [-e expire] is used to display and set the default value used by the useradd command.

Example: # useradd sun // create a user account

# Tail-L/etc/passwd // query the information of the User Account Added in passwd

# Tail-L/etc/shadow

# Ls/home // view the Home Directory of the created account

(2) modifying user account attributes: usermod [-lu] [-C] [-D] [-E] [-F] [-G] [-G] [-L] [-S] [-u] [User Account]

(3) Delete a user account: userdel [-R] [User Account] // if no parameter is added, only the user account is deleted, and files are not deleted. Otherwise, both accounts are deleted.

Userdel [-R] [User Account] //-R is used to delete all files in the Account Logon directory and directory.

Example: # grep sun/etc/passwd // query whether the user account sun exists

# Userdel sun // Delete the user account sun

# Grep sun/etc/passwd // re-query whether the user account sun exists

# Ll-D/home // query whether the user's sun home directory exists

# Userdel-r sun // Delete the user's home directory while deleting the user

(4) Add a user group account: groupadd [-R] [group account]

[Note] the account ID is unique. The value cannot be negative. The default minimum value cannot be less than 500. Each added account ID increases by 1. The-R parameter is used to create a system account. 0 ~ 499 is for the system account.

Example: # groupadd magicsun // create a group account magicsun

# Grep magicsun/etc/group // query whether the magicsun group account is created in the group file

# Groupadd-r syswang // create a system group account syswang

# Grep syswang/etc/group // query whether the syswang system group account is created in the group file

(5) modify the group account: groupmod [-G] [-N] [group name]

-O indicates that the Group ID is reused.

(6) Delete A group account: groupdel [group name]

Note: You must delete the users in the group before deleting the group.

(7) password maintenance: passwd [-S] [-L] [-u] [-D] [user name] Super Users can set a password for each new user, common users can only use passwd commands without parameters to modify their own passwords. Here, the parameter-S is used to query the status of the specified user account,-l the password of the account locked by the user,-u to unlock the account password, and-D to delete the password of the specified account.

(8) Maintenance of group user Members: add an account to the group, delete an account from the group, and set an account as the Group Administrator.

Add User to group: gpasswd-a user account name group account name

Remove a user from the group: gpasswd-D user account name group account name

Set the user as the Group Administrator: gpasswd-group A administrator user list User Group

(9) user and group status commands:

Id [Option] [user name] is used to display the user's current uid, GID, and group list

[Options] parameters include:

-G: displays the ID of the group to which the user belongs.

-G: displays the ID of the additional group to which the user belongs.

-N: displays the name of the user group or additional group.

-R: displays the actual ID.

-U: displays the user ID.

Whoami is used to display the Creator's own name (= ID-UN)

Su [-flmp] [-] [-C] [-S] [User Account] // It is used to convert the current user to another user identity and temporarily change its login identity, log on to the system as another user. The premise is that you must know the password of the other party. The-C parameter indicates that the original identity is restored after the specified command is executed. -F is applicable to CSH and Tsch, so that the shell does not need to read the Startup File. -The working directory, home, Shell, user, and LOGNAME are also changed when the identity is changed. In addition, the PATH environment variable is also changed. -M and-P do not change environment variables when changing identities. -S specifies the shell to be executed. If the user account to be changed is not specified, the default value is root Super User.

Groups [user name] is used to display the group to which the specified user belongs. If no user is specified, the group to which the current user belongs is displayed.

Tip: http://my.oschina.net/zhangqingcai/blog/32094