Linux user and group management, Linux User Management

Linux user and group management, Linux User Management

I. Overview:

1. Three types of users in Linux:

(1) Super User (root) has all permissions of the operating system. The UID value is 0.

(2) general users have limited operating system permissions. UID value: 500 ~ 6000

(3) the pseudo-user is designed to facilitate system management and meet the requirements of the corresponding system process file owner. The pseudo-user cannot log on, and the UID value is 1 ~ 499

 

Ii. User account files

1. Password File:/etc/passwd

2. shadow password file:/etc/shadow

Only the root user has the modification permission for the above files

 

Iii. User Account Management

1. Create an account

Format: useradd [<option>] <User Name>

Example: useradd-gstuff-e 8/31/2005 pp

Useradd Command Options

-Uuid: Specify the uid of the new user. By default, the current maximum UID is used to add 1.

-Ggroup: Specifies the group (private group) of the new user. This group must exist.

-Ggroup: specify an additional group for the new user.

-Ddir: Specifies the directory of the new user.

-Sshell: Specifies the Shell used by new users. The default value is bash.

-Ccomment: Additional information about a new user, such as the full name.

-Eexpire: Specifies the user's logon expiration time (08/31/2005)

-M: Create a new user's own directory

2. Create user account command useradd/adduser

In Red Hat Linux, no matter whether the adduser or useradd command is executed, it actually points to the file/usr/sbin/useradd. Therefore, you only need to select a command to execute it:

Useraddpp: Create a pp account

Passwd pp: Set the password

 

3. Create and delete user accounts

Create an account:

Useradd-g stuff-e 08/31/2005 pp

Passwd pp

Set a password for pp to create a user pp belonging to the stuff group. The logon expiration time is

Delete an existing user account

Userdel-r pp

The DELETE command userdel parameter-r is used to delete all user information (including the home directory)

 

4. Disable, restore, and delete accounts

Disable

Usermod-L username Disabled Account

Passwd-l username Password Disabled

Restore

Usermod-U username resume Disabled Account

Passwd-u username resume disabled Password

Delete

Userdel-r u1: delete account U1 and Home Directory

-R: Delete the home directory.

Note: The command usermod is not the same as passwd in the function of disabling and recovering accounts.

 

5. Disable and delete user accounts

Disabling an account means that users are not allowed to log on to the system for the moment, and their data must be retained. You can edit the/etc/passwd file and mark the row of the account to be stopped.

 

Iv. Group Management

1. Component

(1) private group (g)

When creating a new user, if no group is specified, RedHat creates a private group with the same name as the user.

(2) Standard Workgroup (G)

A standard group can accommodate multiple users. If you use a standard group, you should specify the group to which a new user belongs when creating a new user.

(3) group files

/Etc/group

 

2. Create, delete, and modify a group

Groupadd-g 888 group2: Create a group group2 with a GID of 888

Groupdel group2: Delete Group group2

Groupmod-n group22 group2: Modify group2 group name group22

3. id command

Function: view the UID and GID of a user.

Format: id [Option] User Name

Parameters:

-G: only the GID of the user group is displayed.

-G: only the GID of the user's affiliated group is displayed.

-U: displays UID only.

 

4. finger command

You can view user information, including the user's own directory, startup shell, and user name.

Format: finger [Option] account

-L is displayed in long cells. The default option is

-S is displayed in short Cells

 

5. chfn and chsh

(1). chfn function: Change User Information

Format: chfn account

Chfnpp: Change pp user information

(2). chsh function: Change the startup shell

Format: shell modified by chsh-s

[Pp @ linuxpp] # chsh-s/bin/bash change the shell of pp to/bin/bash

Permission management for linux users and groups

First, you need to understand the linux permission mechanism. I feel that your understanding of this permission and your command skills are insufficient.
First, the file permissions in linux are for users. Whether a file can be read and written depends on the type of permissions that the user currently uses for the file belongs to, the owner, the group, or other permissions. This is critical. That is, the UGO permission system. You need to know about these settings first. In addition, specify that the user or group command to which a file belongs is chown instead of chmod. As for your question. In fact, there are many implementation methods. For example, for special permissions, it is better to implement the access control list facl. I hope you can understand this problem and solve it yourself.

Permission management for linux users and groups

Below is my copy
You can view the command details on Baidu chmod and then use it.
I have never thought about merging a group, but you can modify the parameters. Then, each created user group can be set to the group name you edited. This is too bad. I have never done it seriously.

Change the owner and group of the directory/tmp/sco to sawn and the group net chown-R sawn: net/tmp/sco chmod to modify the file and folder read/write execution attribute 1. Put hh. the c file is changed to writable and readable. the chmod 777 hh can be executed. c. Modify the attributes of all files in a directory to writable and readable. Run chmod 777 *. * replace the folder name with the suffix. Similarly, if you want to modify the attributes of all htm files, chmod 777 *. htm 2. Change the directory/tmp/sco to writable and readable. Execute chmod 777/tmp/sco to modify all folder attributes in a directory to writable and execute chmod 777 * use the folder name * you can modify all the files and folders in/tmp/sco and Their subfolders to be writable and readable. You can execute chmod-R 777/tmp/sco to write w = 4 readable r. = 2 executable x = 1 777 means you have full permissions. Users and group permissions can be freely combined as needed