Linux User and user group management commands

1. User Management Commands (1) User add command Useradd command format:useradd [options] Username option:-u UID: Manually specify the UID number of the user-D home directory: Manually specify the user's home directory-C user description: Manually specify the user's description-G Group Name: Manually specify the user's initial group-group name: Specify user's additional group-s shell: manually specified with User's login shell, default is/bin/bash
For example, simply add a user Xiaobao, then execute Useradd xiaobao. Now look at what happens when you add user xiaobao: ① through the grep command to see the changes of the 4 configuration files/etc/passwd,/etc/shadow,/etc/group,/etc/gshadow
You can see that a record with the user name Xiaobao appears in each file separately.

② See if home directories/home/xiaobao and mailboxes are generated/var/spool/mail/xiaobao

you can see that the user's home directory and mailbox have been generated by Xiaobao.
Of course we can also specify options to add users, such as: Create a user group first Dabao:groupadd dabao create a user dabao:useradd-u 550-g dabao-g root-d/home/dabao- C "Test user"-s/bin/bash Dabao

the/etc/passwd and/etc/group files are now viewed through the grep command:


③ Two files that define the user default setting value/etc/default/useradd and/etc/login.defs/etc/default/useradd File:

GROUP=100 # User Default group Home=/home # user home directory Inactive=-1 # password expiration Grace days (corresponds to 7th field of shadow file/etc/shadow) expire= # Password expiration time (corresponding to the 8th field of Shadow file/etc/shadow) Shell=/bin/bash #默认shellSKEL =/etc/skel #模板目录CREATE_MAIL_SPOOL =yes #是否建立邮箱
/etc/login.defs File:


/etc/login.defs file content is relatively large, the main content after removing comments is as follows:
Pass_max_days 99999 # password validity period (corresponding to the 5th field of shadow file/etc/shadow) pass_min_days 0 # Password modification interval (corresponding to the 4th field of shadow file/etc/shadow) Pass_min_len 5 # Secret Code minimum 5-bit (PAM) pass_warn_age 7 # Password Expiry warning (corresponds to the 6th field of shadow file/etc/shadow) uid_min 1000 # Minimum and maximum UID range Uid_max 60000gid_min 1000 # min and Max G ID range Gid_max 60000encrypt_method SHA512 # Encryption mode
(2) Modify user password passwdOnly the Useradd command to add the user, such a user is not normal use, but also to set a password for the user, which requires the use of the passwd command. command format:passwd [Options] User name option:-S to query the password status of the user's password. Root user onlyavailable. -L temporarily locks the user. Only the root user is available. -U unlocks the user. Only the root user is available. --stdin can be used to output data from a pipe character as a user's password.
① View password status:
The fields are as follows:User name
Password set time (2016-01-07)
Password modification interval time (0)
Password Expiration (99999)
Warning time before password modification expires (7)
Grace days after password expiration (-1: Indicates that the password will never expire)

② lock user and unlock User:Lock Sky Users: Passwd-l Sky
Looking at the/etc/shadow file, you can see that the lock has two exclamation points before the sky user's real password string, causing the original password to expire, thereby locking the sky user. Of course, manually modifying the user's password string in the/etc/shadow file can also lock the user. When you lock sky users and then log in to Sky users, you will see a login failure, showing a password validation error:
unlock Sky Users: Passwd-u Sky

When unlocked, the first two exclamation points of the sky user's password have disappeared, and the sky user can resume landing.
③ Use a string as the user's password:echo "< string >" | passwd--stdin < user name >
(3) Modify user information UsermodUseradd is set up while adding a new user, and Usermod is modifying the user information that already exists. command format:usermod [options] Username option:-u uid: Modify user's UID number-C User description: Modify user's description information-group G name: Modify User's additional group-L: Temporary lock User (lock)-u: Unlock user lock (Unlock)
For example:Modify the description of the existing user sky as test user, modify Sky's UID to 1024, and view the user sky information by adding sky to the root group:
to modify with the Usermod command:
By viewing the/etc/passwd and/etc/group files, you can see that the user information was successfully modified.
Using the Usermod-L and-U options to lock and unlock the user is the same as the passwd command:
It can be seen that the Usermod command and the passwd command, the former added an exclamation point before the cipher string, and the latter in the cipher string money added two exclamation points, but the role is the same.
(4) Modify user password status Chage command format:chage [Options] User name options:-L: Lists the user's detailed password status-d date: Change Password last change date (corresponding to/etc/shadow 3rd field)-m number of days: two password modification interval (corresponds to the 4th field of/etc/shadow)-M days: Password has Validity period (corresponds to the 5th field in/etc/shadow)-W days: Number of days before password expires (corresponds to/etc/shadow 6th field)-I days: number of days after password expires (corresponds to 7th field of/etc/shadow)-E Date: Account expiration time (corresponding to/ The 8th field of Etc/shadow)
Take a look at the-l option:
The information displayed is the relevant information in/etc/shadow. The above command to modify the information can be modified in the/etc/shadow file with VI, but there is an important command to explain:chage-d 0 < user name >This command is actually the password modification date 0, so that the user a login to change the password, change the password after the password modification date is no longer 0, the next time you can normally login.
after this command is executed on the user sky, the third field of user sky in the/etc/shadow file becomes 0. The user is asked to change the password when landing the sky:
after changing the password, the password modification period is no longer 0:

Therefore, the next time you log in the user Sky input modified password can be normal landing.
(5) Delete user Userdel command format:Userdel [-r] User name option:-R Delete User's home directory while deleting users
Of course, you can also delete the user manually: delete /etc/passwd,/etc/shadow,/etc/group,/etc/gshadow 4 configuration files to delete a user's row, delete the message /var/spool/mail/< User name > and home directory to delete /home/< user name > to delete . Manually delete the user to determine whether the user has been deleted, can be determined by Useradd < to delete the user name > command to determine, if the presence of the user indicates that the manual deletion is unsuccessful, if no hint indicates that manual deletion is complete.
(6) View User ID ID command format: ID < user name >Displays the user ID , initial group ID, and ID of the owning group (including the initial group ID)

(7) Switch user identity su command format:su [options] Username option:-: Option to use only "-" to represent the environment of the uservariables to switch together-C command: Executes only one command at a time without switching user identities
Su Root # can only get root execution permission, cannot get environment variablesu-root # Switch to root and get root environment variables and Execute permissions the above two commands can omit root because the SU command switches to root by default. Note: Some commands, even if you use SU root to switch to the root user, still cannot execute, so when switching to root, we recommend using Su-root.
su-root-c "Useradd user1"# do not switch to root, but execute useradd command to add User1 user
2. User Group Management commands (1) Add user group Groupadd command format: groupadd [options] Group nameOption:-G GID: Specify user group ID
(2) Modify user group Groupmod command format: groupmod [options] Group nameOption:-G GID: Modify user group ID
-N New group name: Modify Group namesuch as:Groupmod-n NEWG OLDG # Change the group name Oldg to NEWG
(3) Delete user group Groupdel command format:Groupdel Group Name
Note:If there is an initial user in the user group, the user group cannot be deleted, and the additional user is not affected by the user group deletion. such as:
Add a user group Baobao, add a user bao1 and specify Baobao as its initial group, add a user Bao2, and specify Baobao as its additional group. At this time the user group Baobao contains the initial user Bao1 and the additional user Bao2, so the deletion Baobao failed. After deleting the user bao1, the Baobao contains only the additional user Bao2, and the deletion Baobao successful.
(4) Add the user to the group or remove the GPASSWD from the group command format:GPASSWD [Options] Group name
Option:-A user name: the user (as an additional userJoin the group-D user name: Remove the user from the group
such as:
Add a user group test, view the/etc/group file to see that there are no additional users in the test group, and add Xiaobao and Bao2 two users to the test group with the GPASSWD-A command. Re-viewing the/etc/group file found that the test group already has more Xiaobao and Bao2, adding user success. You can also use the gpasswd-d command to delete user actions:

Linux User and user group management commands