1, user and user group files in Linux, user accounts, user passwords, user group information, and user group passwords are stored in different configuration files. in Linux systems, the user accounts created and their related information (except passwords) are stored in the/etc/passwd configuration file. Because all users have read permissions to the passwd file, the password information is not stored in the file, but is saved in the/etc/shadow configuration file. in the passwd file, a row defines a user account, each row consists of several different fields, separated by a ":" In each field, each representing the information for that account. in the newly installed Linux system, the passwd profile already has a lot of account information, these accounts are automatically created by the system, they are the Linux process or part of the service program is required for the normal operation of the account, the last field of these accounts the value of the general/ Sbin/nologin, indicates that the account cannot be used to log on to the Linux system. the correspondence between the left-to-right fields and their meanings in the passwd configuration file: user account user password User ID user group ID Username full name User home directory user shell root  X 0 0 root /root /bin/bash because passwd no longer saves password information, it is represented by a placeholder x. to make a user account unable to log on to Linux, simplyThe shell used by the user is set to/sbin/nologin. For example, for FTP accounts, it is generally only allowed to log in and access the FTP server, not allowed to log on to the Linux operating system. To give a user no Telnet permission, which means that the user is not allowed to telnet to and access the Linux operating system with the login, the shell used by the user is set to/bin/true. To let users have no Telnet and FTP logon rights, you can set the user's shell to/bin/false. in the/etc/shells file, if there is no/bin/true or/bin/false, you need to add it manually: [[email protected] ~]# echo "/bin/false" >> /etc/shells[[email protected] ~]# echo "/bin/true" >>/etc/shells
2, user password fileFor security purposes, the user's true password is encrypted using the MD5 encryption algorithm, which is stored in the/etc/shadow configuration file, which can only be read by the root user. Similar to the passwd file, the shadow file is also information about each row defining and saving an account. The first field is the user account name, and the second field is the password for the account.
3, user group account fileUser group account information is saved in the/etc/group configuration file and can be read by any user. The real password for the user group is saved in the/etc/gshadow configuration file. In group, the first field represents the name of the user group, the second is X, the third is the ID number of the user group, and the fourth is a list of user members for that user group, separated by commas.
4, add userCreate or add a new user using the Useradd command, with the following command usage:useradd [option] username This command has more option options and is commonly used mainly: -c comments User Settings Comment Description text -d home directory Specifies the home directory to replace the default/home/username -m If the home directory does not exist, create it. -R and-m combination to create a home directory for the system account -m Do not create a home directory -e date Specifies the date on which the account expires. Date format is mm/dd/yy -f days account expires several days after the permanent stop right. If specified as-, the right to be stopped immediately, if 1, then turn this feature off -g user group Specify which user group the user is joined to, and that user group must have a list of user groups that the user is joined at the same time as the -g user group list. Groups with tease -n Do not create a private user group for users -s Shell Specify the shell that users use when they log on, The default is/bin/bash -r Create a system account with a user ID of less than 500, default does not create the corresponding home directory -u user ID Manually specify the ID value for the new user, which must be unique and greater than 499 -p password to specify a login password for the new user. The password here is the password value of the corresponding login password after MD5 encryption, false real password original, so in practical applications, this parameter option is less used, usually using the passwd command alone to set the user login password. Example: to create a user named Zhangjie, and as a member of the student user group, the action command is: [[email protected] ~]# useradd-g StuDent zhangjie[[email protected] ~]# tail-1/etc/passwdzhangjie:x:501:501::/home/zhangjie:/bin/bash When you add a user, a private user group with the same name as the user account is automatically created by default if the user group is not specified with the-G parameter. If you do not need to create this private user group, you can choose the-n parameter. For example, add an account named Lijie, but do not specify a user group with the following result: [[email protected] ~]# useradd lijie[[email protected] ~]# tail-1/etc/ Passwdlijie:x:502:502::/home/lijie:/bin/bash[[email protected] ~]# tail-2/etc/groupstudent:x:501:lijie:x : 502: #系统自动创建了名为lijie的用户组, ID number 502 When you create a user account, the user's home directory is created automatically. The directory is placed by default in the/home directory, to change the location, can be specified with the-d parameter, for the shell used when the user logs on, the default is/bin/bash, to change, use the-s parameter is specified. For example, to create an account named Vodup, place the home directory in the/var directory, and specify the login shell as/sbin/nologin, the action command is: [[email protected] ~]# useradd-d/var/vodup -s/sbin/nologin vodup[[email protected] ~]# tail-1/etc/passwdvodup:x:503:503::/var/vodup:/sbin/nologin[[ Email protected] ~]# tail-1/etc/groupvodup:x:503:
5. Set account PropertiesFor a created user, you can use the Usermod command to modify and set the properties of the account, including the login name, home directory, user group, login shell, and so on, which is used as:usermod [option] usernamePartial option option (1) Change the user account name using the-l parameter, the command usage is: usermod-l new username original username For example, to rename a user Lijie to Lijunjie, the action command is: [[email protected] ~]# Usermod-l Lijunjie lijie[[email protected] ~]# tail-1/etc/passwdlijunjie:x:502:502::/home/lijie:/bin/bash from the output results are visible, The user name has been changed to Lijunjie. The home directory is still the original/home/lijie, and if you want to change to/home/lijunjie, you can do this by executing the following command [[email protected] ~]# usermod-d/home/lijunjie lijunjie[[ Email protected] ~]# tail-1/etc/passwdlijunjie:x:502:502::/home/lijunjie:/bin/bash[[email protected] ~]# mv/home/ Lijie/home/lijunjie (2) lock an account to temporarily prevent users from logging in, you can lock the user account. The lock account can be implemented by using the-l parameter, which uses the following command: Usermod-l to lock the account Linux lock user, is by the password file shadow the password field before adding "! "To identify that the user is locked out. (3) Unlock account to unlock the account, you can use the Usermod command with the-u parameter to achieve
6. Delete AccountTo delete an account, you can use the Userdel command, which uses:Userdel [-r] Account name-R is optional, if the parameter is taken, delete the account and the home directory corresponding to the account. To set the time at which all user account passwords expire, you can modify the value of the Pass_max_days configuration entry in the/etc/login.defs configuration file to the default value of 99999, which means that the user account password never expires. Where the Pass_min_len configuration item is used to specify the minimum length of the account password, which defaults to 5 characters.
7. Set User Login passwordUse the passwd command to set the command usage to:passwd [account name]If the account name is specified, the login password for the specified account is set and the original password is automatically overwritten. Only the root user has permission to set the password for the specified account. General users can only set or modify their own account password (without parameters). For example, to set the login password for the Lijunjie account, the action command is: [[email protected] ~]# passwd Lijunjie Change the password of the user Lijunjie. New Password: Re-enter the new password: passwd: All authentication tokens have been successfully updated. Once the account login password is set, the account will be able to log into the system. Press the CTRL+ALT+F2 key to select the 2nd Virtual Console (Tty2) and log in with the Lijunjie account to verify that you can log in.
8. Lock/Unlock account passwordIn Linux, in addition to the user account can be locked out, the account password can also be locked, either party is locked, will not be able to log on the system. Only the root user has permission to execute the command, and the lock account password uses the passwd command with the-L-vegetable, which uses:passwd-l account namepasswd-u account name#解锁账户密码
9, query password statusTo query whether the password for the current account is locked, you can use the passwd command with the-s parameter, which uses:passwd-s account nameFor example [[email protected] etc]# passwd-s Lijunjielijunjie LK 2011-03-25 0 99999 7-1 (password has been locked.) ) [[email protected] etc]# passwd-u Lijunjie unlock user Lijunjie password. PASSWD: Operation successful [[email protected] etc]# passwd-s Lijunjielijunjie PS 2011-03-25 0 99999 7-1 (password is set, use SHA512 encryption.) )
10. Delete account passwordTo delete the password for the account, use the-D parameter with the passwd command, which is only available to the root user, and is used as:passwd-d account nameAfter the account password is deleted, you will not be able to log on to the system unless you reset the password.
11. Create a user groupUsers and user groups belong to many-to-many relationships, one user can belong to more than one user group at a time, and a user group can contain several different user-created user groups using the Groupadd command, whose command usage is:Groupadd [-r] User group nameIf the command has the-r parameter, the system user group is created and the GID value of the group is less than 500, and if there is no-r parameter, the normal user group is created with a GID value greater than or equal to 500.
12. Modify User Group PropertiesAfter the user group is created, the relevant properties of the user group can be modified as needed. The modification of user group properties is primarily to modify the name of the user group and the GID value of the user group. (1) Changing the name of a user group to rename a user group, use the Groupmod command with the-n parameter, which uses:groupmod-n New User group name original user group nameRenaming a user group does not change the value of its GID for example, to rename the student user group to the Teacher user group, the action command is: [[email protected] ~]# tail-3/etc/group student:x:501: lijie:x:502:vodup:x:503: [[email protected] ~]# groupmod-n teacher Student [[email protected] ~]# tail-3/ Etc/group lijie:x:502:vodup:x:503:teacher:x:501: (2) The GID value of the GID user group of the Reset user group can be re-set and modified, but cannot be duplicated with the GID value of the existing user group. Changes to the GID do not change the name of the user name. To modify the GID for a user group, you can use the Groupmod command with the-G parameter, using:groupmod-g new_gid user group nameFor example, to change the GID of the teacher group to 504, the action command is: [[email protected] ~]# tail-3/etc/grouplijie:x:502:vodup:x:503:teacher:x:501:[[ Email protected] ~]# groupmod-g 504 teacher[[email protected] ~]# tail-3/etc/grouplijie:x:502:vodup:x:503:teacher:x:50 4:
13. Delete User groupsThe Delete user group is implemented using the Groupdel command, which uses the following:Groupdel user group nameWhen you delete a user group, the deleted user group cannot be a private user group for an account, or it cannot be deleted, and to delete it, you should first delete the account that references the private user group before you delete the user group. [Email protected] ~]# Groupdel Teachergroupdel:cannot Remove the primary group of user ' Zhangjie ' [[email protected] ~]# Userdel-r Zhangjie[[email protected] ~]# Groupdel teacher[[email protected] ~]# grep teacher/etc/group #没有输出, Description Teache R User Group does not exist, delete succeeded
14. Add users to the specified group/remove users from the specified groupYou can add a user to a specified group so that it becomes a member of the group. Its implementation commands are:gpasswd-a user account user group nameTo remove a user from a user group, the implementation command is:gpasswd-d user account user group nameFor example, now add the Lijunjie user created above to the Vodup user Group [[email protected] ~]# groups Lijunjielijunjie:lijie[[email protected] ~]# gpasswd-a Lijunjie vodup #添加用户到指定的用户组Adding user Lijunjie to group Vodup[[email protected] ~]# groups Lijunjielijunjie:lijie Vodu P[[email protected] ~]# gpasswd-d Lijunjie vodup #从指定的用户组中移除用户Removing user Lijunjie from group Vodup[[email protected] ~]# groups Lijunjie #查看用户所属的组lijunjie: Lijie
15, set up user Group AdminsAdding a user to a group and removing a user from a group can be performed by the user group Administrator, in addition to the root user's ability to perform the operation. To designate a user as an administrator for a user group, use the following command to accomplish this;gpasswd-a user accounts to be managed by user groupsCommand function: Sets the specified user as the user administrator for the specified user group. User administrators can only administer user groups for authorized users (add users to groups or remove users from a group) and do not have permission to manage other user groups. [[email protected] ~]# gpasswd-a Lijunjie vodup[[email protected] ~]# useradd fen[[email protected] ~]# gpasswd-a Fen vo Dupadding User fen to group Vodup[[email protected] ~]# groups Fenfen:fen vodup[[email protected] ~]# gpasswd-d Fen VOD Upremoving user fen from group Vodup[[email protected] root]$ gpasswd-d Fen fen #试图将fen用户从fen用户组中移除gpasswd: Permission D Enied. #操作被拒绝, stating that it is not authorized to manage other user groups in addition, Linux provides commands such as Id,whoami and groups to view the status of users and groups. The ID command is used to display the current user's uid,gid and the list of user groups to which the whoami is used to query the name of the current user; Groups is used to produce the user groups to which the specified user belongs. At the same time, we can use the graphical interface to manage users and user groups, System---> Management---> Users and Groups can open the appropriate configuration interface.
16, switch User and operating environment su-username #用户和操作环境都改变
su username #只切换用户不切换操作环境及环境变量不变. can also be used to exit Super permissions
Linux User and user group detailed
