Users and user groups
All the information for the Linux user group is stored in the/etc/group file. A user group is a collection of users with a common feature. The user group profile mainly has/etc/group and/etc/gshadow, where/etc/gshadow is the/etc/group encrypted information file.
Grouping users is a means of managing and controlling access to users in a Linux system. Each user belongs to a group of users, a group can have multiple users, and a user can belong to a different group. When a user is a member of more than one group at the same time, the primary group that the user belongs to is recorded in the/etc/passwd file, which is the default group to which the login belongs, and the other groups are called additional groups.
All the information for the user group is stored in the/etc/group file. The format of this file is separated by a colon (:) several fields, these fields are as follows: Group name: password: Group ID: List of users in group
Specific explanations:
Group name: The group name is the name of the user group, consisting of letters or numbers. As with logins in/etc/passwd, group names should not be duplicated.
Password : The password field holds the password word after the user group is encrypted. The user groups in the General Linux system do not have a password, that is, the field is generally empty or *.
Group Identification number: The group identification number is similar to the user identification number and is an integer that is used internally by the system to identify the group. Alias Gid.
List of users in the group: a list of all users belonging to this group, separated by commas (,) between different users. This user group may be the user's primary group, or it may be an additional group.
For example, Root:x:0:root,linuxsir, user group root,x is a password segment, indicating that no password is set, GID is 0,root user group, including root, Linuxsir, and GID 0 of other users.
Group Management1) Groupadd is used to add a user group. Format:Groupadd [-g-o GID] GROUPWhere: Group: is the name of the groups to be added-G: Used to specify GID, by default, using the current largest GID plus 1-o is generally used in conjunction with the-G option, which indicates that the GID of the new user group can be the same as the GID of the user group already in the system. Example: 1. Add a new group leader# Groupadd leader# grep Leader/etc/groupleader:x:504:# grep Leader/etc/gshadowleader:!:: 2) Groupmod is used to modify the user group properties that the system already exists. Format:groupmod [options] GROUPWhere: Group: For groups to be modified the account name is commonly used option:-G GID: Reassign gid-n new_group: Change the name of New_group example: 1. Rename the leader group to leaders# GROUPMOD-N leaders leader# grep Leader/etc/groupLeaders:x:504:2. Change the GID of the leaders group to 3000# GROUPMOD-G Leaders# grep Leader/etc/groupLeaders:x:3000:3) Groupdel is used to delete a group account that already exists on the system. Format:Groupdel GROUPWhere: Group is the account name to be deleted for example: Delete leaders Group# Groupdel Leaders# grep Leaders/etc/group# grep Leaders/etc/gshadow 4) NEWGRP is used to switch user groups. If a user belongs to more than one user group at the same time, the user can switch between groups of users in order to have permissions for other user groups, and NEWGRP is primarily used to switch between multiple groups of users .The syntax format is:newgrp < user groups >For example, to switch the current user to the root user group, if the root user group is really the user's primary or additional group.# NEWGRP Root
User Management1) Useradd is used to add user accounts or settings to add default information that users use. The format is as follows: Format 1:useradd [options] LOGINFormat 2:useradd-dFormat 3:useradd-d [Options]Description: Format 1: For adding user accounts,Login log in to user accountFormat 2: Used to display the default information used by the Add User Format 3: Used to set the Add user's default information to add user options:-u uid Specifies the UID of the new user, default to the current maximum UID plus 1, this value must be a unique ID value unless the-o option is used.the-G group specifies the default group to which the new user is logged on, or the
primary group . This group must already exist. - G group1[,group2,... [, GROUPN]] Specify
additional groups for new users-D home_dir Specifies the login directory of the new user-s shell specifies the shell used by the new user, defaults to Bash-m to create a new user's home directory, and the default-M does not create a new user's home directory
Examples of use:1. Create a new user NewUser while creating the user home directory# useradd NewUser2. Create a new user, Tom, and join
in the attached group# USERADD-G Staff Tom# useradd-s/bin/sh-g group–g adm,root gem3. Create a new user webmaster, do not create the user home directory, specify the login directory/www, and join the Apache additional group# useradd-d/www-m-g Apache webmaster2) Usermod is used to modify the existing group accounts of the system. The format is as follows:usermod [options] LOGINWhere: LOGIN: For the user account name to be modified options: Common options include
-c, -d, -m, -M, -g, -G, -s, -u以及-o等
, the meaning of these options is the same as
useradd
command, you can specify a new resource value for the user. Added the following options:-A for Append, which is to add users to the new user group without leaving the original other user groups. However, you need to use the-G option with-l New_login Modify the user account to New_login.
-F Expiration Date number of days after the expiry of permanently disabled.
-e expiration date increases or modifies the expiration time of the user account.
-L LOCKS the user password to invalidate the password.
-U unlocks the password.
Example:1. Add Newuser2 to the group staff# USERMOD-G Staff Newuser22. Modify the NewUser user name to Newuser1# usermod-l Newuser1 newuser3. To increase the user cnzhx to the Apache group, you can use the following instructions# USERMOD-A-G Apache Cnzhx# ID CNZHX4. If you want to change the CNZHX Primary user group to Apache at the same time, use the-G option directly# usermod-g Apache Chzhx# ID CHZHX5. Lock Account Newuser1# usermod-l Newuser16. Remove the lock on the Newuser1# usermod-u Newuser1 3) Userdel is used to delete a group account that already exists in the system. Format:Userdel [-R] LOGINWhere: Login: For the user account name to be deleted-R: Also delete the user's home directory and mail spool files for example: 1. Delete User Webmaster# Userdel Webmaster2. Delete User Newuser1 and delete their home directory# userdel-r Newuser14) passwd Modify user password. Format: passwd [option] login can use the option:-L LOCK the password, that is, disable the account. -u password to unlock. -D make the account no password. -F forces the user to modify the password the next time they log on. If the default user name, the password for the current user is modified. User Management Tools
1) tools or commands for managing users (user)
useradd Note: Add user
adduser Note: Add user
passwd Note: Set the password for the user
Usermod Note: Modify the user command, you can modify the login name through Usermod, the user's home directory, etc.
Pwcov NOTE: Synchronizing users from/etc/ passwd to/etc/shadow
Pwck NOTE: PWCK is verifying that the contents of the user profile/etc/passwd and/etc/shadow files are legitimate or complete;
Pwunconv NOTE: It is pwcov to create a/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file;
Finger Note: View the user Information tool
ID NOTE: View the UID, GID, and user group to which the user belongs
Chfn NOTE: Change user information tool
Su NOTE: User switch tool
sudo NOTE: sudo is executed by another user (execute a command as another user), Su is used to cut Change the user, and then the user to complete the task by switching to, but Sudo can execute the command directly, such as sudo does not require root password to perform root execution only root can execute the corresponding command; but it has to be edited by Visudo/etc/ Sudoers to implement;
Visudo NOTE: Visodo is the command to edit/etc/sudoers, or you can edit/etc/sudoers directly with vi without this command;
Sudoedit Note: similar to sudo function;
2) tools or commands to manage user groups (group)
groupadd 注:添加用户组;
groupdel 注:删除用户组;
groupmod 注:修改用户组信息
groups 注:显示用户所属的用户组
grpck
grpconv 注:通过/etc/group和/etc/gshadow 的文件内容来同步或创建/etc/gshadow ,如果/etc/gshadow 不存在则创建;
grpunconv 注:通过/etc/group 和/etc/gshadow 文件内容来同步或创建/etc/group ,然后删除gshadow文件;
Reference
- http://cnzhx.net/blog/linux-add-user-to-group/
- http://blog.csdn.net/ithomer/article/details/9971003
[Linux] Account Management command Useradd, Groupadd