This article summarizes some of the commands and parameters that are commonly used when adding or removing users and user groups from Linux. 1, build User: AddUser PHPQ//new PHPQ user passwd PHPQ//Set password for PHPQ user
2. Build Working Group Groupadd test//New test Workgroup
3. Create new user and add Workgroup useradd-g Test PHPQ//new PHPQ user and add to test workgroup
Note::-G belongs to the group-D home Directory-S used by the shell
4, to the existing users to increase the Working Group USERMOD-G groupname username
Or: Gpasswd-a user Group
5. Temporary shutdown: The second field (password) in the/etc/shadow file that belongs to the user is preceded by a *. To restore the user, remove the *.
Or, use the following command to close the user account: passwd peter–l
Re-release: passwd peter–u
6. Permanently delete user account Userdel Peter
Groupdel Peter
Usermod–g Peter Peter (Force delete all files and subdirectories in the user's home directory and home directory)
7. Remove user edits from the group/etc/group find GROUP1, delete A or use the command gpasswd-d a group
8. Display user Information ID users cat/etc/passwd
For more detailed explanations of users and user groups refer to Linux users and user groups for detailed explanations. This article focuses on the concepts of user and user groups (group) management in Linux systems, the enumeration of user and user groups (group)-related commands, and also for single-user multitasking , multi-user multitasking is also done with commentary.
This article is from the source of PHP Information link: http://www.phpq.net/linux/linux-add-delete-user-group.html
Overview of Linux User and user group management
, understanding of Linux Single-user multi-tasking, multi-user multi-tasking concept;
Linux is a multi-user, multi-tasking operating system, we should understand the single-user multi-tasking and multi-user multi-tasking concept;
1, Linux single-user multi -tasking, single-user multitasking; For example, we log into the system with Beinan, enter the system, I want to open gedit to write documents, but in the process of writing documents, I feel less music, so open xmms to some music, of course, listen to some music is not, MSN still have to open, want to know what a few brothers are doing now, so the same, I am using Beinan user login, the implementation of Gedit, XMMS and MSN, and of course, the input method fcitx; This is a bit simpler, a Beinan user, in order to complete the work, Several tasks have been performed; Of course Beinan this user, others can also log in remotely, but also can do other work.
2, Linux Multi-user, multi-tasking;
Sometimes it may be a lot of users at the same time with the same system, but not all users must do the same thing, so this has a multi-user multi-tasking said;
For example, such as the linuxsir.org server, which has FTP users, system administrators, Web users, regular users, and so on, at the same time, may have some brothers are visiting the forum, some may be uploading package management sub-station, such as Luma or yuking Brother in the management of their home system and FTP; At the same time, there may be a system administrator to maintain the system, browse the homepage is used by the nobody users, everyone with the same, and upload the package with the FTP user, the administrator of the system maintenance or review, May use a normal account or Superuser root account, different users have different permissions, to complete different tasks need different users , can also say that different users, may be completed work is not the same ;
Noteworthy is: Multi-user multi-tasking is not everyone at the same time squeezed to a machine in the keyboard and display to operate the machine, multi-user may be through remote login, such as remote control of the server, as long as there is user rights can be up to anyone to operate or access;
3, the role of users to distinguish;
Users in the system are sub-roles, in the Linux system, due to different roles, permissions and the tasks completed are different; it is noteworthy that the user's role is through UID and identification, especially UID; in system management, the system administrator must adhere to the unique characteristics of UID;
Root User: The system is unique, is real, can log on the system, the operating system can be any file and command, with the highest privileges; Virtual User: This kind of user is also called pseudo-user or false user, distinguish with real user, this kind of user does not have the ability to log on system, but it is the system running indispensable user, such as bin, daemon, ADM, FTP, mail, and so on, this kind of users are owned by the system, rather than added later, of course, we can also add virtual users, ordinary real users: such users can log on to the system, but only to operate their own home directory content; limited access ; This type of user is added by the system administrator himself;
4, the security of multi-user operating system;
Multi-user system is more convenient for system management from the fact. From the security point of view, multi-user management of the system more secure, such as Beinan users under a file do not want to let other users see, just set up the file permissions, only Beinan a user readable writable editable on the line, so that only Beinan a user can operate their private files , Linux in multi-user performance is the best, Linux can well protect the security of each user, but we also have to learn that Linux is a safe system, if there is no security-conscious administrator or management technology, such a system is not secure.
From the server point of view, multi-user system security is also the most important, we commonly used Windows operating system, it can only be said that the ability to manage the rights management, there is no way to the Linux or Unix-like system compared;
( user) and user groups (group) concept , 1, the concept of users (user) , through the front of the understanding of Linux multi-user, we understand that Linux is a real multi-user operating system, So we can build several users in the Linux system. For example, our colleagues want to use my computer, but I do not want him to use my username login, because my user name has not wanted to let others see the information and information (that is, privacy content) then I can give him a new user name, let him use the user name I opened to toss, This is consistent with the operational rules from the point of view of computer security;
Of course the user's concept of understanding is not only this, in the Linux system there are also some users are used to accomplish specific tasks, such as nobody and FTP, we visit linuxsir.org Web program, is nobody users; when we visit FTP anonymously, User FTP or Nobody will be used, if you want to know some of the Linux system account, please check/etc/passwd;
2, user groups ( group) concept, user Group (group) is a user with the same characteristics of the collection body; For example, sometimes we want to have multiple users with the same permissions, such as viewing, modifying a file or executing a command, we need a user group, We define the user to the same user group, we can modify the permissions of the file or directory, let the user group have certain operation rights, so that the user under the user group has the same permissions to the file or directory, which we can define the group and modify the file permissions to achieve;
For example, in order for some users to have permission to view a document, such as a schedule, and the person who writes the timesheet has permission to read and write, we want some users to know the content of the timesheet without letting them modify it, so we can put these users into a group and then modify the permissions of the file. Make the user group readable so that each user under the user group is readable; the correspondence between the user and the user group is: one-to-one, many-to-one or one-to-many or many-to-many; a user can be the only member of a group; multiple users can be members of a unique group. Do not belong to other user groups, such as Beinan and Linuxsir two users only belong to the Beinan user group; one-to-many: a user can be a member of more than one user group, such as Beinan can be a member of the root group or a member of the Linuxsir user group. can also be ADM user group, many-to-many: multiple users corresponding to multiple user groups, and several users can be attributed to the same group, in fact, many-to-many relationship is the extension of the previous three, understand the above three, this article also can understand;
third, user and user groups (group) related configuration files, commands or directories; 1, the user and user groups (group) related configuration files;
1) User-related configuration files;
/ETC/PASSWD Note: User profile;/etc/shadow Note: User shadow password file;
2) configuration files related to user groups ( Group);/etc/group Note: User group profile;/etc/gshadow Note: Shadow files for user groups (group);
2. Tools or commands for managing users (user) and user groups (group); 1) tools or commands for managing users (user);
useradd Note: Add user adduser Note: Add user passwd Note: Set a password for the user usermod Note: Modify the user command, you can modify the login name, the user's home directory and so on by Usermod; pwcov Note: Synchronizing users from/etc/passwd to/etc/ Shadow pwck Note: Pwck is to verify the user profile/etc/passwd and/etc/shadow file contents are legitimate or complete; pwunconv Note: Is the pwcov of the reverse operation, is to create/etc/passwd from/etc/shadow and/etc/passwd, and then delete the/etc/shadow file; finger Note: View the user Information tool id Note: View the UID, GID, and user group belonging to the user chfn Note: Change the user Information tool su Note: User Switching tool sudo Note: sudo is executed by another user (execute a command as another user), SU is used to switch users, and then by switching to the user to complete the corresponding task, but sudo You can execute commands directly, such as sudo does not require root password to perform root assignment, only root can execute the corresponding command, but it has to be done by Visudo to edit/etc/sudoers; visudo Note: Visodo is the command to edit the/etc/sudoers, or you can use the VI to edit the/etc/sudoers effect is the same without this command; sudoedit Note: and sudo function is similar;
2) tools or commands for managing user groups (group);
groupadd 注:添加用户组; groupdel 注:删除用户组; groupmod 注:修改用户组信息 groups 注:显示用户所属的用户组 grpck grpconv 注:通过/etc/group和/etc/gshadow 的文件内容来同步或创建/etc/gshadow ,如果/etc/gshadow 不存在则创建; grpunconv 注:通过/etc/group 和/etc/gshadow 文件内容来同步或创建/etc/group ,然后删除gshadow文件;
3,/etc/skel directory; /etc/skel directory is usually a directory of user startup files, this directory is controlled by root permission, when we add users, the files in this directory are automatically copied to the newly added user's home directory;/etc/skel Files in the directory are hidden files, which is similar to. file format; We can provide users with a unified, standard, Default user environment by modifying, adding, and deleting files in the/etc/skel directory.
[[email protected] beinan]# ls -la /etc/skel/ 总用量 92 drwxr-xr-x 3 root root 4096 8月 11 23:32 . drwxr-xr-x 115 root root 12288 10月 14 13:44 .. -rw-r--r-- 1 root root 24 5月 11 00:15 .bash_logout -rw-r--r-- 1 root root 191 5月 11 00:15 .bash_profile -rw-r--r-- 1 root root 124 5月 11 00:15 .bashrc -rw-r--r-- 1 root root 5619 2005-03-08 .canna -rw-r--r-- 1 root root 438 5月 18 15:23 .emacs -rw-r--r-- 1 root root 120 5月 23 05:18 .gtkrc drwxr-xr-x 3 root root 4096 8月 11 23:16 .kde -rw-r--r-- 1 root root 658 2005-01-17 .zshrc
/etc/skel directory files, generally we use the Useradd and AddUser command to add Users (user), the system automatically copied to the new Add users (user) in the home directory, if we modify the/etc/passwd to add users, We can create the user's home directory ourselves, and then copy the files under the/etc/skel to the user's home directory, then use Chown to change the owner of the new user's home directory, 4,/etc/login.defs configuration file; /etc/ Login.defs files are some planning when creating a user, such as when creating a user, whether the home directory, the UID and GID range, the user's deadline, and so on, can be defined by root;
such as Fedora's/etc/logins.defs file content;
# *required* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, Mail_dir takes precedence. # Qmail_dir is for QMAIL # #QMAIL_DIR Maildir mail_dir/var/spool/mail Note: When creating a user, create a user MA in the directory/var/spool/mail Il file; #MAIL_FILE. MAIL
# Password Aging CONTROLS: # # Pass_max_days Maximum number of days a Password could be used. # pass_min_days Minimum Number of days allowed between password changes. # Pass_min_len Minimum acceptable password length. # pass_warn_age number of days warning given before a password expires. # pass_max_days 99999 Note: The user's password is the maximum number of days Pass_min_days 0 Note: The minimum number of days between password modification; Pass_min_len 5 Note: Minimum password length; pass_w Arn_age 7 Note:
# # Min/max values for automatic uid selection in Useradd # Uid_min 500 Note: The minimum UID is 500, i.e. when adding a user, the UID is from 50 0 beginning; Uid_max 60000 Note: The maximum UID is 60000;
# # Min/max values for automatic gid selection in Groupadd # gid_min 500 Note: GID is starting from 500; Gid_max 60000
# # If defined, this command was run when removing a user. # It should remove any at/cron/print jobs etc owned by # The user to be removed (passed as the first argument). # #USERDEL_CMD/usr/sbin/userdel_local
# # If Useradd should create home directories for users by default # in RH systems, we do. This option was ORed with THE-M flag in # useradd command line. # Create_home Yes: whether to create a user home directory, the creation of requirements;
5,/etc/default/useradd documents;
The rule file when adding user through useradd;
# useradd defaults file GROUP=100 HOME=/home 注:把用户的家目录建在/home中; INACTIVE=-1 注:是否启用帐号过期停权,-1表示不启用; EXPIRE= 注:帐号终止日期,不设置表示不启用; SHELL=/bin/bash 注:所用SHELL的类型; SKEL=/etc/skel 注: 默认添加用户的目录默认文件存放位置;也就是说,当我们用adduser添加用户时,用户家目录下的文件,都是从这个目录中复制过去的;
Postscript:
About the user and user Group (group) management content is about this much, as long as the above mentioned content and grasp, the user (user) and group management is almost Because the user and user groups (group) are associated with file and directory permissions, the operation of file and directory permissions will be independently written to introduce to you;
Excerpted from HTTP://FEDORA.LINUXSIR.ORG/MAIN/?Q=NODE/91
Linux Add/Remove users and user groups