Linux users, groups to explain and add
In Linux systems, user and group related permissions are the basic content of Linux system management. Linux systems can run better and more securely with specific users, groups, and corresponding permissions.
For this part, I summarized the following notes in my training and study as follows:
Create groups and Users: 1. Create Group
Definition of group: is a collection of permissions
To create a group command: Groupadd
For example:
Groupadd ABC after group creation succeeds, view the groups that have been created with the following command:
Tail-l/etc/group
The ID of the specified group is also a GID:
Groupadd-g 1001 ABCDE
GID recommends specifying more than 500, 500 of the following may have been used, and if no GID is specified then the default GID will be the GID extension of the previous group you created
Continue to create Oinstall and DBA groups, and GID is specified in order (GID can be defined by itself)
[root@vastedu home]# groupadd-g 1002 Oinstall
[root@vastedu home]# groupadd-g 1003 dba
Group is created without any permissions, adding permissions to the group is described later
2. Create user
Create a user after the group is created:
First view the/etc/passwd file with the tail command to view some of the existing users of the system, the tail command defaults to view the following 10 lines. [Root@vastedu home]# tail-l/etc/passwd
Abrt:x:173:173::/etc/abrt:/sbin/nologin
Haldaemon:x:68:68:hal Daemon:/:/sbin/nologin
Gdm:x:42:42::/var/lib/gdm:/sbin/nologin
Pulse:x:497:496:pulseaudio System Daemon:/var/run/pulse:/sbin/nologin
Sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin
Tcpdump:x:72:72::/:/sbin/nologin
Test:x:1002:1002::/home/test:/bin/bash
Test2:x:1003:1002::/home/test2:/bin/bash
Test1:x:1008:1009::/home/test1:/bin/bash
Test3:x:1100:2001::/home/test3:/bin/bash
ID Plus User: such as ID test3
This command is to view the UID, GID, and so on of the user test3
[Root@vastedu home]# ID test3
Uid=1100 (TEST3) gid=2001 (dbdeep) groups=2001 (Dbdeep), 1002 (Oinstall), 1003 (DBA)
Add Users below:
It should be noted that the manually assigned ID to the user is not duplicated with the existing user UID, and the general recommendation is set to 500
The following is a specific add user, to add user test4 as an example: [root@vastedu home]# useradd-u 1200-g oinstall
The parameters defined in the commands specify the following:
-U: Specifies uid-g: Specifies the GID, is the specified primary group, can only have one primary group
[Root@vastedu home]# ID test4
uid=1200 (test4) gid=1002 (oinstall) groups=1002 (Oinstall)
Because sometimes the environment is different, you need to add a user to a different group, one of the main group, the other as a subsidiary group.
The specific additional auxiliary group commands are as follows:
First View existing groups:
[Root@vastedu home]# tail-l/etc/group
stapdev:x:158:
SSHD:X:74:
TCPDUMP:X:72:
SLOCATE:X:21:
Oinstall:x:1002:test3
Dba:x:1003:test,test3
abc:x:1009:
DBDEEP:X:2001:
DDD:X:2002:
DDDDD:X:2003:
Then, depending on the user management content, the user is added to the different auxiliary groups, the order is as follows:
To test1 users Shenghing a secondary group:
Usermod-ag DBA Test4
-ag and-a-g.
-A is append,-G is a secondary group
[Root@vastedu home]# ID test4
uid=1200 (test4) gid=1002 (oinstall) groups=1002 (Oinstall), 1003 (DBA)
The ID test4 command allows you to see that the user test4 already belongs to the primary group Oinstall the secondary Group DBA group.
Or you can add users to both the primary and secondary groups by using a single command while creating the user:
[root@vastedu home]# useradd-u 1012-g oinstall-g dba Test6
[Root@vastedu home]# ID Test6
uid=1012 (TEST6) gid=1002 (oinstall) groups=1002 (Oinstall), 1003 (DBA)-G followed by the auxiliary group to be added, can be with multiple, need to separate comma, and the following is the main group
Note: When Oracle RAC is installed, both the GID and UID are the same
3. Deletion of groups and users
Note: This operation must be prudent, the production system recommended not to use the user to lock, do not recommend deletion, but in order to learn, you need to keep this piece of content, to avoid errors.
First look at etc under the passwd file and group to determine so users and groups, determine good to delete users and groups, must be cautious ...
[Root@vastedu home]# cat/etc/passwd
Pulse:x:497:496:pulseaudio System Daemon:/var/run/pulse:/sbin/nologin
Sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin
Tcpdump:x:72:72::/:/sbin/nologin
Test:x:1002:1002::/home/test:/bin/bash
Test3:x:1100:2001::/home/test3:/bin/bash
Test7:x:1013:1002::/home/test7:/bin/bash
[Root@vastedu home]# Cat/etc/group
stapdev:x:158:
SSHD:X:74:
TCPDUMP:X:72:
SLOCATE:X:21:
Oinstall:x:1002:test3
Dba:x:1003:test,test3,test4,test5,test6,test7
Abc:x:1009:test7
DBDEEP:X:2001:
DDD:X:2002:
DDDDD:X:2003:
To remove user test7 and group DBA for example:
The user is removed first, and the execution commands are as follows:
[Root@vastedu home]# Userdel Test7
[Root@vastedu home]# ID test7
Id:test7:No such user
To delete the group again:
Groupdel + Group Name
[Root@vastedu home]# ID test3
Uid=1100 (TEST3) gid=2001 (dbdeep) groups=2001 (Dbdeep), 1002 (Oinstall), 1003 (DBA)
[Root@vastedu home]# Groupdel dba
[Root@vastedu home]# ID test3
Uid=1100 (TEST3) gid=2001 (dbdeep) groups=2001 (Dbdeep), 1002 (Oinstall)
[Root@vastedu home]# tail-l/etc/group
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
SSHD:X:74:
TCPDUMP:X:72:
SLOCATE:X:21:
Oinstall:x:1002:test3
DBDEEP:X:2001:
DDD:X:2002:
DDDDD:X:2003:
[Root@vastedu home]# Groupdel Dbdeep
Groupdel:cannot Remove the primary group of user ' Test3 '
[Root@vastedu home]#
By executing the delete command you will be issued with the following two points to note:
1 If the deleted group is a secondary group, you can delete it directly
2 If the deleted group is the main group of other users, you will send an error, you can not delete
Then the main group can not delete the situation how to solve it.
First you need to delete the group as the primary group, and then you can delete the group, but in any case, in addition to their own test machine, will not be blind to delete operations, so be sure to pay attention.
~ ~ The follow-up will bring you the interpretation of the authority, we always pay attention to oh ...