Ubuntu User Management operations

Source: Internet
Author: User
Tags root access

Linux is a system with a very strict user rights management, Ubuntu as the most popular desktop distribution, provides a simple and easy-to-use graphical interface tools to manage users, but command-line tools are often more powerful, the use of skilled words more efficient. User management commands are commonly used in the following sections:


Useradd This command is used to add users, compared to graphical interface tools, it can specify user folders, groups belonging to the group and so on. If execution useradd-d does not have any other parameters, bash returns the default option for the currently created user, and if additional parameters are attached, the command will update the default configuration of the new user to the current value. The-P option can set the password, the-S option can set the SHELL,-U option to set UID.

Userdel This command is used to delete the user, and if no additional parameters are added, the user is only deleted by default, and if the-r parameter is added, both the user directory and the user account are deleted.

passwd This command to modify the user password, or to modify the group password. Common additional parameters are as follows:
The-l effect is equivalent to Usermod-l, which disables the user account and requires root privileges.
The-u effect is equivalent to Usermod-u, which is used to reply to a disabled account and requires root access.
-G to modify the group password.
-D Turn off the user's password authentication feature so that it does not need to enter a password at logon and requires root privileges.

Usermod This command is used to change user properties,-S can change user shell,-u can change uid, if the user is logged in, you can not change the user properties.

Chsh This command is used to change the user's shell.

W This simple command returns the detailed status of the currently logged-on user of the system, if W username can return the status of a particular user.

AC This command can return the user the total connection time, it obtains the information from the/var/log/wtmp file, this command looks like Ubuntu does not have the own, need installs the Acct package.

Last this command gets the information from the/var/log/wtmp, which lists the login records that were created from the file for all users.

LASTB This command lists all log-in failures, which can be useful in terms of system security.

Ubuntu under the User Management command is basically so much, proficiency will be more efficient than the graphical interface.

Source: http://www.shunix.com/ubuntu-users-admin-681/

UBUNTU User and User group management

To create a group:

Java code
    1. $sudo AddGroup CCache

To create a user:

Java code
    1. $sudo Useradd ccache-g ccache-m

Innovate WFZ user and create home directory, specify user group as CCache

Java code
    1. $sudo Useradd wfz-g ccache-m

Increase existing user to specified group

Java code
    1. $sudo AddUser $USER CCache
    2. $sudo AddUser DBH CCache
    3. $sudo AddUser Paul CCache
    4. $sudo AddUser WFZ CCache

Display User ID and group information:

Java code
    1. ~$ ID
    2. uid=1001 (DBH) gid=1001 (DBH) groups= (admin),1001 (DBH)
    3. $ cat/etc/group
    4. Ccache:x:1002:DBH,PAUL,WFZ

1. Management of users and user groups:

The multi-user concept of Linux means that multiple users can use the system at the same time.

(1) User account file--passwd

PASSWD is a text file (each line identifies 1 users) and defines the system's user account, which is located in the "/etc" directory. The file contains a list of system accounts that contain useful information for each account, such as User ID, group ID, home directory, Shell, etc. (separated by ":"). Only the user account is defined, not the password (denoted by "X", if there is no sun:: It means no password). The real password in the shadow file, the ordinary user can not read, encrypted ciphertext can not read to improve the security of the user account.

For example:

Java code
    1. [Root@sun root]# head/etc/passwd

Root:x:0:0:root:/root:/bin/bash indicates that there are 7 fields: Login: Password: User id: Group ID: Account Note information: User home directory: User shell name at logon (Superuser has permission to modify)

(2) User password file--shadow

Each row defines a user information, in which the fields in the row are separated for further security, and the password file holds the password that the user has encrypted: *, special symbols

Java code
    1. [Root@sun root]# Head/etc/shadow

Login Name: encrypted password (denoted by * or other special characters): Number of days that the password was last changed from 1970.1.1: number of days after password change: Number of days that must be changed after a password change: The number of days to warn the user before the password expires: The number of days after the password has been blocked from the account: the number of hours that the account was sealed from 1970.1.1: Reserved.

(3) User group account file--group

User groups: A logical way to organize a collection of user accounts, where users are allowed to share files within their group, and each file in the system has a user and an attached user group. Use the Ls-l command to view the properties and groups for each file.

Java code
    1. [Root@sun root]# head/etc/group

Root:x:0:root,tom,mary (group name: Group Encryption Password: GID: Group member list (with, separated by each group user name))

(4) User group password file--gshadow

Used to define user group password, user group administrator information. This file can only be read by Superuser Root

Record information per line:

Java code
    1. [Root@sun root]# Head/etc/gshadow

User group: User group Encryption Password: Group Administrator account (Admin has the right to delete account): Group member List

2. Commands for user and user group account maintenance:

(1) Add user account: Useradd user name

The USERADD–G group name User name specifies the private group name that the user uses, and by default is a private group with the same name as the user account.

useradd–d [-G group][-b base][-s shell][-f inactive][-e expire] is used to display and set the default value used by the Useradd command.

Example: #useradd Sun//Create user account

#tail-L/etc/passwd//query information for user accounts added in passwd

#tail –l/etc/shadow

#ls/home//View the main directory of the account you have created

(2) Modify user account properties:usermod [-lu][-c][-d][-e][-f][-g][-g][-l][-s][-u][user Account]

(3) Delete user account: Userdel [-r][user Account]//If you do not add parameters, only delete the user account, do not delete the file, or both are deleted.

Userdel [-r][user account]//-r used to delete all files from the login directory and directory of the account

Example: #grep sun/etc/passwd//query user account whether Sun exists

#userdel Sun/delete user account Sun

#grep SUN/ETC/PASSWD//re-query the user account whether Sun exists

#ll –d/home//Querying the presence of the user's Sun home directory

#userdel –r Sun//delete users, delete their working home directory

(4) Add user group account number: Groupadd [-r][Group account]

"Note" The account ID is unique, the value cannot be negative, the default minimum value must not be less than 500, and each additional, the group account ID is incremented by 1. Where the-r parameter is used to set up the system account. 0~499 is prepared for the system account.

Example: #groupadd Magicsun//Set up a group account Magicsun

#grep Magicsun/etc/group//Querying the group file for Magicsun set account creation

#groupadd –r Syswang//Set up System group account Syswang

#grep Syswang/etc/group//query group file Syswang System group account is established

(5) Modify group account number: Groupmod [-G][-n][Group name]

Where-o indicates repeated use of the group ID

(6) Delete group account: Groupdel [group name]

Note You must delete a user in the group before you can delete the group

(7) Password maintenance: passwd [-s][-l][-u][-d][user name] Superuser can set a password for each new user, the normal user can only use the passwd command without parameters to modify their own password. Where the parameter-s is used to query the status of the specified user account,-l user Lock account password,-u unlock account password,-d delete the password of the specified account.

(8) Group User maintenance: Add an account to a group, or delete an account from a group, and set an account as a group administrator.

Add user to group: Gpasswd–a user account name group account name

Remove a user from a group: Gpasswd–d user account name group account name

Set user as group administrator: Gpasswd–a Group Administrator user List User group

(9) Status commands for users and groups:

ID [options] [user name] is used to display the list of groups that the user currently Uid,gid and which group they belong to

The [options] parameters are:

-G: Displays the ID of the group to which the user belongs

-G: Displays the ID of the additional group to which the user belongs

-N: Displays the name of the group or additional group to which the user belongs

-R: Show actual ID

-U: Show user ID

WHOAMI is used to display the name of the person who is the login (=id-un)

su [-FLMP] [-][-c][-s][user Account]//used to convert the current user to another user identity, temporarily change their login identity, with the identity of other people to log on to the system. The premise is that you must know the other person's password. Where parameter-C indicates that the original identity was restored after executing the specified instruction. -F for CSH and Tsch, so that the shell does not have to read the boot file. -Changes the working directory while changing the identity, as well as the home,shell,user,logname, and also changes the PATH environment variable. -m,-p change the identity without changing the environment variables. -s Specifies the shell to execute. If you do not specify a user account to change, then the default is root Superuser.

Groups [user name] is used to display the group to which the specified user belongs, and displays the group to which the current user belongs if no user is specified

Source: http://my.oschina.net/zhangqingcai/blog/32094

MORE: https://help.ubuntu.com/13.04/serverguide/user-management.html

RunLevel

To see the current runlevel, Ubuntu desktop defaults to 2.

RunLevel

Ubuntu system Operating level:

0        system shutdown status 1        single user or system maintenance status 2~5      Multi-user state 6        reboot S

To switch the run level, execute the command:

init [0123456Ss]

That is, after the init command followed by a parameter, this parameter is the run level code to switch to the run level, such as: Shutdown with the init 0 command, restart with the init 6 command.

Whois
Feature Description: Find and display user information.
Syntax: whois [account name]
Note: The WHOIS directive will go to find and display user-related information for the specified account, because it is located in the WHOIS database of network Solutions, so the account name must be registered on the above to be found, and the name is not the case difference.


---------------------------------------------------------


WhoAmI

Function Description: The user name appears first.
Syntax: WhoAmI [--help][--version]
Supplemental Note: Displays the user name of itself, this instruction is equivalent to execute "id-un" instruction.
Parameters
--help online Help.
--version Displays version information.


---------------------------------------------------

W.H.O.

Feature Description: Displays the user information currently logged into the system.
Syntax: Who [-himqsw][--help][--version][am i][record file]
Additional note: The implementation of this directive will be informed that there are currently users logged into the system, the individual implementation of the WHO command would list the login account, the terminal used, login time and from where to log in or use which x monitor.
Parameters
-H or--heading displays the header information column for each field.
-I or-u or--idle displays idle time, and if the user has performed any action within the first minute, it will be marked as "." If the user has not had any action for more than 24 hours, the "old" string is marked.
-M The effect of this parameter is the same as specifying the "Am I" string.
-Q or--count only displays the account name and total number of logged-in systems.
-S This parameter ignores non-processing and is only responsible for resolving compatibility issues with other versions of the WHO directive.
-W or-t or--MESG or--message or--writable displays the user's information status bar.
--help online Help.
--version Displays version information.

----------------------------------------------------


W

Feature Description: Displays the user information currently logged into the system.
Syntax: w [-fhlsuv][user name]
Additional note: The implementation of this directive will be known to users who are currently logged into the system, as well as the programs they are executing. Execute W separately
The command displays all users, and you can specify the user name to display only information about a user.
Parameters
-F turn on or off to show where users are logged into the system.
-H does not display the header information column for each field.
-L uses a detailed format list, which is a preset value.
-S uses a concise format list, which does not show the CPU time consumed by user login times, terminal stage jobs, and programs.
-U ignores the name of the executing program and the information that the program consumes CPU time.
-V Displays version information.


-----------------------------------------------------

Finger command

The function of the finger command is to query the user's information, which usually displays the user name, home directory, time of stagnation, logon time, login shell, etc. of a user in the system. If you want to query the user information on the remote computer, you need to follow the user name "@ hostname", the [username @ hostname] format, but to query the network host needs to run the finger daemon.

The general format of the command is:
finger [options] [users] [user @ host]
The meanings of the options in the command are as follows:
-S displays information such as the user's registered name, actual name, terminal name, write status, stall time, logon time, and so on.
-L In addition to the information displayed with the-s option, it also displays information such as the user's home directory, login shell, message status, and the contents of the. Plan,. Project, and. Forward files in the user's home directory.
-P is the same as the-l option except that the. plan file and the. project file are not displayed.


[Example] use the finger command on the local machine.

Java code
    1. $ finger XXQ
    2. LOGIN:XXQ Name:
    3. Directory:/home/xxq Shell:/bin/bash
    4. Last login Thu Jan 1 : +(CST) on tty1
    5. No Mail.
    6. No Plan.
    7. $ finger
    8. Login Name Tty Idle Login Time Office Office Phone
    9. Root root *1 Nov :


......

------------------------------------------------------------------

/etc/group file contains all groups
All user names exist for/etc/shadow and/etc/passwd systems

To modify the method of the group to which the current user belongs
Usermod or you can modify the/etc/paaawd file directly

----------------------------------------------------------------

Vlock (Virtual Console lock)
Function Description: Lock the virtual terminal.
Syntax: Vlock [-ACHV]
Additional Note: Execute Vlock instruction can lock virtual terminal, avoid others to use.
Parameters
-A or--all locks all end-stage jobs, and if you use this parameter in a full-screen terminal, the keyboard
The function of switching terminals is closed.
-C or--current locks the current terminal stage job, which is a preset value.
-H or--help online Help.
-V or--version displays version information.


--------------------------------------------------------

1, ID tool: Query the user's corresponding UID and GID and GID corresponding to the user group;

ID tool is used to query user information, such as user groups belonging to the user, UID and GID, etc.; ID usage is very simple; let's give an example;语法格式: id [参数] [用户名]

As for the parameters, check the ID--help or man ID yourself, if the ID is not followed by any parameters and any user, the user name of the current operation user, the user group, UID and GID are displayed by default;

Example one: Without any parameters and user name;

Java code
    1. [Beinan@localhost ~]$ ID
    2. Uid= (Beinan) gid= (Beinan) groups=(Beinan)

Note: in the absence of any parameters, the query is the user name of the current operation user, UID, GID and the main user group and the attached user group, in this case, the username is Beinan,uid is 500, the main user group belongs to Beinan,gid is 500;


Example two: ID followed by user name;

If we want to query the system User UID and GID corresponding content, you can directly connect to the user name, but the user name must be real, can be found in the/etc/passwd;

Java code
    1. [Beinan@localhost ~]$ ID linuxsir
    2. uid=505 (Linuxsir) gid=502 (Linuxsir) groups=502 (linuxsir),0 (Root),(Beinan)

Note: query user linuxsir information, user Linuxsir, UID is 505, the main user group belongs to Linuxsir, the primary user group GID is 502, while linuxsir the user is also a GID 0 root user group members, Also the GID is a member of the 500 user group Beinan;

This example and instance one are different in the user group, we have mentioned in the Linux user and user Group Management overview, the corresponding relationship between user and user group, can be a pair of one or one-to-many, many-to-one, or many-to-many cross-relationship, please refer to; Also you need to master the A detailed description of the user and user group configuration files;

Ubuntu User Management operations

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.