Linux User, Group management
Linux system is a multi-user multi-task time-sharing operating system. Any user who wants to use system resources must first request an account from the system administrator and then enter the system as the account. Each user account has a unique user name and a separate password. When a user types the correct user name and password at logon, they are able to enter the system and their home directory.
User account management, mainly in the following areas:
1, user classification, basic information, password policy
2, the user group management
3, user, group common management commands
User Category
Superuser: Has the highest administrative rights to the system and is the root user by default.
Normal User: Can only access and modify files in their own directory, with the permission to log on to the system.
Virtual User: Also known as "pseudo" user/system user, this type of user is the biggest feature is unable to log on the system, their existence is mainly to facilitate the system management, to meet the corresponding system process of the document owner requirements. As a general-run Web service, the default is
The nobody user is used, but the nobody user cannot log on to the system.
User uid:0-65535;
admin: 0;
Normal users: 1-60000;
System users:
CENTOS6 series: 1-499;
CENTOS7 series: 1-999;
User-related profile information
/ETC/PASSWD: User name, UID, basic group and other information
/ETC/PASSWD:
Name:password:UID:GID:GECOS:directory:shell
The corresponding parsing
Login name: x:uid:gid:comment: Home directory: User default Shell
such as: Root:x:0:0:root:/root:/bin/bash
/etc/shadow: User password and related attributes;
Login name:encrypted password:date of last password change:minimum password age:maximum password Age:password warning Peri Od:password Inactivity Period:account
Expiration date:reserved Field
The corresponding parsing
Login: Encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time: Flag
such as: gentoo:!! : 16672:0:99999:7:::
Complexity policy for user passwords:
--use of at least three of the four categories of numbers, lowercase letters, capitals, and special characters;
-long enough to suggest more than 8 people;
--use random passwords;
--Regular replacement;
Management of Groups
Group Category: Administrators group: id=0; Normal group: id= (CENTSO6 series 1-499, CENTOS7 series 1-999) additional group: id= (CENTSO6 series, CENTOS7 series 1000+)
Related configuration files for the group:
/etc/group: Group name, GID, user included in the group;
such as: root:x:0:
/etc/gshadow: the password and related attributes of the group;
such as: gentoo:!::
User, group common management commands
User-related commands: Useradd, Usermod, passwd, Userdel
Group-related commands: Groupadd, Groupmod, GPASSWD, Groupdel
Other commands: Chage, CHSH, CHFN--Learn
Useradd: Create User
Syntax: useradd [Options] LOGIN
useradd-d [Options]
Common parameter Options
-r: Create a System user
-U uid: Specifies uid;
-G GID: Specifies the base group to which the user belongs, which must exist beforehand
-C ' COMMENT ': An Annotated description
-d/path/to/somewhere: Specifies the user's home directory path; The location cannot exist beforehand, otherwise its user-related profile will be copied;
-S Shell: Sets the user's default shell;
-G GID,... : Specifies the additional group to which it belongs;
-M: Do not create home directory for users;
Example: Creating a User Oracle, an additional group belonging to database and Sql,id number 3000, home directory/home/database
[Email protected] ~]# useradd-u 3000-g database,sql-d/home/database Oracle
View create information with ID
[[email protected] ~]# ID Oracle
uid=3000 (Oracle) gid=3000 (Oracle) group =3000 (Oracle), (database), 501 (SQL)
Userdel: Deleting users
Syntax: Userdel [-R] USERNAME
Common parameter Options
-R: Delete the user's home directory at the same time;
Example: viewing a user and deleting a user
[[email protected] ~]# ID CentOS
uid=3001 (CentOS) gid=3001 (CentOS) group =3001 (CentOS)
[Email protected] ~]# Userdel CentOS
[[email protected] ~]# ID CentOS
Id:centos: No such user
Usermod: User Property modification
Syntax: Usermod [OPTION] ... LOGIN
Common parameter Options
-U UID
-G GID
-G Gid[,gid,...] : Modify the additional groups that the user belongs to, and use the-a option;
-S SHELL
-C ' COMMENT '
-D Home: When the user's home directory is modified to a new location, the user's original file is not moved to the new home; the-m option allows it to be moved to a new home directory at the same time;
-L LOGIN: Modify account Name
-l:lock user lock password to invalidate password
-u:unlock User Unlock Password
Example: Modifying the CentOS user name to RHL
[Email protected] ~]# usermod-l RHL CentOS
[[email protected] ~]# ID CentOS
Id:centos: No such user
[[email protected] ~]# ID RHL
uid=3001 (RHL) gid=3001 (CentOS) group =3001 (CentOS)
passwd: Set or change password
Syntax: passwd [OPTION] [UserName]
Common parameter Options
-l:lock User Lock
-u:unlock User Unlock
-N mindays: Minimum period of use;
-X maxdays: Default is 99,999 days;
-W Warndays: The number of days to remind users to change the password, only the root permission to operate;
-I inactivedays: The number of days after the password expires, the user is banned, only the root operation;
--stdin: Receive user password from standard output;
Example: Setting up a CentOS user password for CentOS
[Email protected] ~]# echo ' CentOS ' | passwd--stdin CentOS
Groupadd, Groupdel: Creating groups, deleting groups
Syntax: Groupadd, Groupdel [OPTIONS] GROUPNAME
Common parameter Options
-G GID: Indicates the group ID;
-r: Create a system group;
Example: Create a system group webserver, notice what the UID has to do with the normal group UID
[Email protected] ~]# Groupadd-r webserver
[Email protected] ~]# Cat/etc/group
webserver:x:989:
[[email protected] ~]# Groupdel webserver/delete the system group
Groupmod: Group Property Modification
Syntax: Groupmod [OPTION] GROUPNAME
Common parameter Options
-N group_name Group name
-G GID
Example: Change the LINUXSO group named Linuxos
[Email protected] ~]# Groupadd linuxso
[Email protected] ~]# tail-1/etc/group
LINUXSO:X:3001:
[Email protected] ~]# groupmod-n Linuxos linuxso
[Email protected] ~]# tail-1/etc/group
LINUXOS:X:3001:
GPASSWD: Set, modify group password
Syntax: gpasswd[-a user][-d user][-a user,...] [-M user,...] [-R] [-r]groupname
Common parameter options:
-A: Adding users to Groups
-D: Remove a user from a group
-A: Specify administrator
-M: Specifies that the group member and-a use almost
-R: Remove password
-r: Restrict user login group, only members in group can join the group with NEWGRP
Example: Set up a centos group password, such as the system has a CentOS account, the account itself is not a member of the CentOS group, use NEWGRP need to enter a password to allow users to temporarily join the group members, then the CentOS-built file group will also
It's CentOS. So this way you can temporarily let CentOS build files using other groups instead of the same group as the CentOS itself.
So using gpasswd CentOS to set a password is to let people who know the group password temporarily switch to the CentOS group function.
Note: newgrp: Toggles the base group to the specified group
[[email protected] ~]# ID CENTOS
uid=3003 (CentOS) gid=3003 (CentOS) group =3003 (CentOS)
[Email protected] ~]# tail-1/etc/group
CENTOS:X:3001:
[[email protected] ~]# gpasswd CentOS//Set Group password
Changing the password for group CentOS
New Password:
Re-enter new password:
[[email protected] ~]# su-centos Switch User
[[email protected] ~]$ ID
uid=3003 (CentOS) gid=3003 (CentOS) group =3003 (CentOS)
[[email protected] ~]$ newgrp CentOS Switch Group
Password:
[[email protected] ~]$ ID
uid=3003 (CentOS) gid=3001 (CentOS) group =3001 (CentOS), 3003 (CentOS)
Other commands chage, Chsh, finger, simply understand that some commands need to be installed to use
Chage: Modify the expiration date of your account and password
Syntax: chage[-l][-m mindays][-m maxdays][-i inactive][-e expiredate][-w warndays][-d lastdays]username
Common parameter options:
-L: Lists the user's and password expiration dates
-M: Minimum number of days to change password
-M: Maximum number of days to change passwords
-I: Number of days to lock account after password expires
-D: Specify the date the password was last modified
-e: Valid, 0 means immediate expiration, 1 means never expires
-W: Start warning days before password expires
CHSH: Replace the shell used when logging into the system
Syntax: Chsh[-luv][-s][username]
Common parameter options:
-S: Changes the system preset shell environment.
-L: Lists the shell manifests available for the current system.
Finger: Find and display user information
Grammar:
Common parameter Options
-L: Lists the user's account name, real name, user-specific directory, log in to the shell used
-M: Excludes finding the real name of the user.
-S: Lists the user's account name, real name, login terminal, idle time
This article is from the "10,000-hour Law" blog, be sure to keep this source http://daisywei.blog.51cto.com/7837970/1688562
Linux User, Group management