Java Programmer Rookie Advanced (15) Linux Basics Getting Started (iii) Linux user and group management __linux

We all know that to log on to the Linux operating system, we have to have a username and password. Each user is identified by a unique identity called the user ID. Each user in the system is also required to belong to at least one user group. Similarly, user groupings are identified by a unique identity called a user group ID (GID). Each user's permissions can be defined as universal or root, and ordinary users can only access files that they own or have permission to execute. Root users have access to all of the system's files and programs, and root users are often referred to as "super users" whose permissions are the largest in the system, You can perform any action. In this blog, we will learn about Linux for users and groups management.

do an advertisement: I participate in the csdn of the blog star selection, hope to get everyone's support.

Voting Address: point I vote

one. User and group files

 

1. User Information

All user information for the Linux operating system is stored in the/etc/passwd file, which is used to validate user logins when the user logs on. Encrypted password data entry, User ID (UID), Default user group ID (GID), user information, User Login subdirectory and the shell used after login. Each row of this file holds a user's data, and each data item of the user data is separated by a colon ":" and the contents of the file are as follows:

Field 1: The name of the user account

Field 2: User password string or password placeholder "x"

Field 3: The UID number of the user account

Field 4: The GID number of the base group account

Field 5: Full user name

Field 6: Host Directory

Field 7: Login Shell Information

2. User password information

Inux User password information is mainly stored in the /etc/shadow file, this file is also known as the user shadow file--shadow

Linux uses irreversible encryption algorithms such as DES to encrypt passwords, so hackers cannot get plaintext from ciphertext. Each line of the file is a 8-colon-delimited 9-domain, as follows:

Username:passwd:lastchg:min:max:warn:inactive:expire:flag

Explain:

Username: User Login name

passwd: Encrypted user password

LASTCHG: Indicates the number of days elapsed since January 1, 1970 to the last time the password was modified

Min: Represents at least the number of days between changes to a password two times

Max: The maximum number of days that the password will also be valid, and if 99999 means never expire

Warn: Indicates how many days before the password fails the system warns the user

Inactive: Indicates the number of days that the user name is not valid before logon

Expire: Indicates when the user is prevented from logging in

Flag: Reserved domain, not used temporarily

two. User management (Add, modify, and delete user commands Useradd/usermod/userdel)

1. Useradd Set up users
Useradd when creating users without any parameters, the system first reads add user profiles/etc/login.defs and/etc/default/useradd, adds users based on the rules defined in these two profiles, and then/etc/passwd and/etc /group files add user and user group records, while/etc/passwd and/etc/group corresponding encrypted files will automatically generate records, then the system will automatically set up in the/etc/default/useradd directory set up the user home directory, the last copy/ All the files in the Etc/skel directory to the new user's home directory, so a new user is built.

Example:

Add a user Caoshenghuan, specify the primary user group to be linuxgroup2, append the user group to Linuxgroup, and specify the user's default home directory as/opt/caoshenghuan

[Root@localhost ~]# useradd-g linuxgroup2-g linuxgroup-d/opt/caoshenghuan Caoshenghuan
[root@localhost ~]#-more/e Tc/passwd|grep Caoshenghuan
caoshenghuan:x:523:1030::/opt/caoshenghuan:/bin/bash
[root@localhost ~]# more /etc/group|grep Caoshenghuan
Linuxgroup:x:1020:caoshenghuan

2. Use syntax for Useradd
The general format for Useradd syntax is:
Useradd [-u uid [-O]] [g Group] [G Group,...]
[-D Home] [-s Shell] [-C Comment]
[F Inactive] [-e Expire] Name
The specific meanings of each option are as follows:
-u UID: That is, the user identification number, which must be unique.
-G Group: Specifies the default group to which the new user is logged on, or the primary group. This group must already exist.
-G Group: Specifies an additional group of new users that must already exist for this group. Additional groups are relative to the primary group, and when a user is a member of more than one group, the default composition of the login is the primary group, while the other groups are called additional groups.
-D Home: Specifies the default master directory for the new user, and if unspecified, the user home directory is created in the directory specified by the/etc/default/useradd file.
-s Shell: Specifies the default shell to be used by the new user, or, if not specified, the shell as the default shell for the new user as defined in the/etc/default/useradd file.
-c Comment: Descriptive information for the new user.
-f inactive: Specify how long the account expires and then permanently deactivate it. When the account is 0 o'clock, the right is immediately stopped. This feature is turned off when the value is-1, and the default is-1
-E expire: Specifies the user's account expiration time, with the specified format of the date as Mm/dd/yy.
name: Specifies the user name that needs to be created.

Example:

Add a user Bzu, specify a UID of 686, the default shell is/BIN/CSH, let it belong to the user group Linuxgroup and linuxgroup2, and add a description of this user,

[Root@localhost ~]# Useradd-  u 686-s/bin/csh-  g linuxgroup,linuxgroup2-  C "This is test user" Bzu
[ Root@localhost ~]# more/etc/passwd|grep bzu
bzu:x:686:686:this is test user:/home/bzu:/bin/csh
[ Root@localhost ~]# more/etc/group|grep bzu  
linuxgroup2:x:1030:bzu linuxgroup:x:1020:caoshenghuan,bzu
bzu:x:686:

3. Use syntax for Usermod
Usermod is used to modify the user's account attribute information, using the following syntax:
Usermod [-u uid [-O]] [g Group] [-ggroup,...]
[-D home Directory [-M]] [-s Shell] [-C note] [New name of-l]
[F Expiration Date] [-e Expiration Date] [-l|-u] Name
Each option has the same specific meaning as above.

Example:

Modify the primary user group for the user Bzu for the newly created group Test_group1 while the Bzu additional group is linuxgroup and root, and the default login shell for the Bzu is finally modified/bin/bash

[Root@localhost ~]# groupadd test_group1  #添加一个新的用户组
[root@localhost ~]# more/etc/group|greptest_group1 # Displays information about the new user group
test_group1:x:1031:
[root@localhost ~]# usermod-g test_group1-g linuxgroup,root-s,/bin/bash bzu
[root@localhost ~]# more/etc/passwd|grep bzu  #从输出可知, the user's properties have changed                                        
bzu:x:686:1031:this is Test user:/home/ Bzu:/bin/bash
[root@localhost ~]# more/etc/group|grep bzu  #从输出可知, the properties of the user group also change synchronously   
Root:x:0:root,bzu
Linuxgroup:x:1020:caoshenghuan,bzu
bzu:x:686:

4. Use syntax for Userdel
Userdel is used to delete a user, specifying the "-r" parameter not only deletes the user, but also deletes the user's home directory and all files under the directory. The syntax format is:
Userdel [-r][user Account]

5. How to lock and unlock user password
The following sets the password for the Bzu and Caoshenghuan users first

[Root@localhost ~]# passwd  bzu
changing for user password.
New UNIX Password: 
Retype new UNIX password: 
passwd:all authentication tokens updated.
[Root@localhost ~]# passwd  Caoshenghuan
changing for user password.
New UNIX Password: 
Retype new UNIX password: 
passwd:all authentication tokens.

The following operation is to switch to the Caoshenghuan user through the SU command, and then to Caoshenghuan under the Bzu user, the switching user here is to illustrate a problem: switching from superuser root to ordinary users, is not required to enter the normal user password, The system also does not verify the password. However, switching between ordinary users requires a password verification.

[Root@localhost ~]# Su–caoshenghuan  #通过su命令切换到caoshenghuan用户下
[caoshenghuan@localhost ~] $whoami      # Use the WhoAmI command to view
the current user Caoshenghuan
[caoshenghuan@localhost ~]$ su-bzu  #这里是从caoshenghuan用户下切换到bzu用户下, you need to enter a password
Password: 
[Caoshenghuan@localhost ~] $whoami          #成功切换到bzu用户下
bzu

Next, under the root user to execute Usermod lock bzu password, test Bzu is still able to log in, from the following can be seen, password locked, the login failed.

[Root@localhost ~]# usermod-l bzu  #锁定bzu用户的密码
[root@localhost ~]#] Su-caoshenghuan  
[ Caoshenghuan@localhost ~]$ whoami
Caoshenghuan
[caoshenghuan@localhost ~]$ su-bzu  #这里输入的密码是正确的, However, the hint password is incorrect because the password is locked
Password: 
su:incorrect Password
[caoshenghuan@localhost ~]$ whoami
Caoshenghuan

Finally to Bzu unlock the password, log on normally.

[Root@localhost ~]# usermod-u bzu  #解除密码锁定 [root@localhost ~]# Su–caoshenghuan
[caoshenghuan@localhost
~] $ whoami
Caoshenghuan
[caoshenghuan@localhost ~]$ su-bzu Password
: 
[bzu@localhost ~]$-WhoAmI  # After the password lockout is released, the Bzu user can log on to the system
Bzu

Two User group Management (add, toggle, delete groupadd/newgrp/groupdel)
1. Groupadd command
Used to create a new user group. The syntax format is:
Groupadd [-g-o] GID Group
The specific meanings of each option are as follows:
-G: Specifies the GID number of the new user group, which must be unique and cannot be duplicated with the GID number of other user groups.
-O: Typically used concurrently with the-G option, which means that the GID for the new user group is the same as the GID for the system already has a user group.
For example:
Create a Linuxgroup user group and a linuxgroup2 user group, with GID 1020 and 1030 respectively

[~]# groupadd-g 1020 Linuxgroup
[root@localhost ~]# groupadd-g 1030 linuxgroup2 root@localhost
[root@localhost ~]# more/etc/group|grep  linuxgroup
linuxgroup:x:1020 root@localhost:
[~]#  More/etc/group|grep Linuxgroup2
linuxgroup2:x:1030:

2. NEWGRP command
If a user belongs to more than one user group, the user can switch between user groups so that they have permissions from other groups of users, and NEWGRP is primarily used to switch between multiple user groups, in the form of:
Newgrp < user group >

Example: The following is an example that describes the use of NEWGRP:
First, 3 user groups group1, group2 and Group3 were established.

[Root@localhost ~]# groupadd group1
[root@localhost ~]# groupadd group2
[root@localhost ~]# Groupadd] Group3

The following creates a user User1 and specifies that the primary user group for the User1 is group1, and that the additional user group is group2 and Group3

[Root@localhost ~]# useradd-g group1-g group2,group3 user1
[root@localhost ~]# more/etc/group|grep user1
Group 2:x:501:user1
Group3:x:502:user1

The following is a password set for the user User1

[Root@localhost ~]# passwd user1
changing for user password.
New UNIX Password: 
Retype new UNIX password: 
passwd:all authentication tokens updated.

The following is a switch to the User1 user, through the NEWGRP Switch User group for a series of operations, from which can be seen newgrp role.

[Root@localhost ~]# su-user1
[user1@localhost ~]$ whoami
user1
[user1@localhost ~]$
mkdir] User1_doc [User1@localhost ~]$ newgrp group2
[user1@localhost ~]$ mkdir user2_doc
[user1@localhost ~]$ newgrp] group3< C13/>[user1@localhost ~]$ mkdir user3_doc
[User1@localhost ~]$ ll

Total 12

Drwxr-xr-x  2 user1 group1 4096 Oct 01:18 user1_doc drwxr-xr-x  2 user1 group2 4096 Oct 01:18 user2_doc
  drwxr-xr-x  2 user1 group3 4096 Oct 01:19 user3_doc
[User1@localhost ~]$

3. Groupdel command
Represents the deletion of a user group, which is in the following syntax format:
Groupdel [group name]
When you need to delete a user group from your system, you can do this by using the Groupdel directive. If some users are still included in the user group, you must delete the users before you can delete the user group.
For example: Delete linuxgroup this user group
[Root@localhost ~]# Groupdel Linuxgroup

attached: User and group other related commands

Set/change user password:

Format: passwd user name

ID command

Purpose: Query user identity

Format: ID [user name]

Users, W, who orders

Purpose: Query user information that is logged on to the host

SU command

Purpose: Switch User identity

Format: Su-user name