One-day learning of Linux user and group management

In the previous section, we learned about user and group. now, let's take a look at how to manage users and user groups. Related Management commands summary User management related commands useradd add user adduser add user passwd set password for User use...

In the previous section, we learned about user and group. now, let's take a look at how to manage users and user groups.

Summary of related management commands
User management commands
Useradd add user
Adduser
Passwd sets a password for the user
The usermod command can be used to modify the logon name and user's home directory.

User Group management commands
Groupadd add user group
Groupdel delete user group
Groupmod
Groups displays the user group to which the user belongs
Switch newgrp to the corresponding user group

After reading so many commands, you may feel dizzy. In fact, in daily use and maintenance, we do not commonly use many commands. next we will split them and combine them again, it makes learning easier.

Command usage
 

1. add new users, edit users, and delete users
Related commands: useradd, passwd, usermod, userdel

Add user useradd

Syntax: useradd [options] LOGIN
There are many options (you can use useradd-hlep or man useradd to view them). let's briefly introduce several options.

-D directory specifies the user's main directory (by default, a directory with the same user name is created under the/home directory)
-G user group specifies the user group to which the user belongs (main group)
-G user group specifies the additional group to which the user belongs (these groups must have been added in advance or already exist in the system)
-S Shell specifies the user's logon Shell
-U UID indicates the user id of a user. If the-o option is available at the same time, the user ID of another user can be reused.
-C description specifies an annotation description.
-M user directory is automatically created if it does not exist (default option)

Let's look at several instances.
Instance 1, the simplest New User
[Root @ yufei ~] # Useradd opser_1
[Root @ yufei ~] # Passwd opser_1
Changing password for user opser_1.
New password:
Bad password: it is too simplistic/systematic
Bad password: is too simple
Retype new password:
Passwd: all authentication tokens updated successfully.
Note: If the password is too simple, the system will give the above prompt, in fact, the password has been set. This is only for the root user. if the user sets an overly simple password, the system will not receive it.
[Root @ yufei ~] # Grep opser_1/etc/passwd
Opser_1: x: 501: 501:/home/opser_1:/bin/bash
The user and group IDs are both 501, and the home directory and SHELL used are provided. Note that the two IDs can be different.
[Root @ yufei ~] # Grep opser_1/etc/shadow
Opser_1: $6 $ cIFPSKDr $ rQV1fCHYfpUBSqgtpUGcO5A. Examples/UWHFgKuqx/: 14981: 0: 99999: 7 :::
The user's password and some restrictions on the password are also very clear (do not understand the above example)
[Root @ yufei ~] # Grep opser_1/etc/group/etc/gshadow
/Etc/group: opser_1: x: 501:
/Etc/gshadow: opser_1 :! ::
We can see that while creating a user, a user group with the same name as the user is also created.
[Root @ yufei ~] # Ls-a/home/opser_1/
... Bash_logout. bash_profile. bashrc. gnome2. mozilla
Contents in the user's home directory
[Root @ yufei ~] # Ls-ld/home/opser_1/
Drwx --. 4 opser_1 opser_1 4096 Jan 7/home/opser_1/
Note: For file permissions, we will talk about them in the subsequent courses. here we will first understand

Instance 2: Add a user, set UID, group, and additional group, and specify a SHELL that cannot be logged on
[Root @ yufei ~] # Groupadd-g 600 opser.org
[Root @ yufei ~] # Groupadd user_group
[Root @ yufei ~] # Tail-n 4/etc/group
Yufei: x: 500:
Opser_1: x: 501:
Opser.org: x: 600:
User group: x: 601:
We can see that when I added the first opser.org user group, I restricted its GID to 600, and the second one changed to 601 without restriction.
[Root @ yufei ~] # Useradd-g user_group-G opser.org-u 580-s/sbin/nologin opser_2
[Root @ yufei ~] # Passwd opser_2
Changing password for user opser_2.
New password:
Bad password: it is too simplistic/systematic
Bad password: is too simple
Retype new password:
Passwd: all authentication tokens updated successfully.
I have made some restrictions on the added user opser_2 and set the same password as opser_1 (in fact, this password is useless, because I later restricted the SHELL used by him to be/sbin/nologin, and he could not log on to the system.) let's compare it.
Files related to opser_1 and opser_2
[Root @ yufei ~] # Tail-n 2/etc/passwd
Opser_1: x: 501: 501:/home/opser_1:/bin/bash
Opser_2: x: 580: 601:/home/opser_2:/sbin/nologin
[Root @ yufei ~] # Tail-n 2/etc/shadow
Opser_1: $6 $ cIFPSKDr $ rQV1fCHYfpUBSqgtpUGcO5A. Examples/UWHFgKuqx/: 14981: 0: 99999: 7 :::
Opser_2: $6 $ VZTnZmFj $ hayn6ycBCy9Mnfpwi13pAUOquwOVTmC/fingerprint: 14981: 0: 99999: 7 :::
[Root @ yufei ~] # Tail-n 2/etc/group
Opser.org: x: 600: opser_2
User group: x: 601:
Note:
1. Although the passwords of opser_1 and opser_2 are the same, they are still displayed in shadow after encryption.
2. the UID and GID of the user opser_2 are not default by the system, but are specified by us.
3. the GID of opser_2 is 601, that is, user_gruop, and opser_2 is also a member in opser.org.
4. Although the opser_2 user has specified a SHELL, this SHELL is a special SHELL and cannot log on to the system. This (/sbin/nologin) SHELL is generally used to add system accounts.
5. when creating a user, the user UID created last is used as a reference. For example, if the UID of opser_2 is 580, then when a user is created, it becomes 581, and 502 ~ 579 these are not used by users. how can I implement them from 503? You can add the-r parameter or specify it yourself.
For more information about other parameters, see your reference.

Other user-related call files

Through the two examples above, do you have any questions about where the files in the home directory come from when adding users? What are UID and GID references? What is the basis of shell?
If you want to know these problems, you can use man useradd to view them. you will find that there will be FILES in this help file, except for the four FILES mentioned in the previous section.
/Etc/default/useradd
Default values for account creation.

/Etc/skel/
Directory containing default files.

/Etc/login. defs
Shadow password suite configuration.
I have seen the instructions in the above three files. have you found the answer to the above questions!
To see how it is planned, open the file.
/Etc/default/useradd rule file when adding a user through useradd
[Root @ yufei ~] # Vim/etc/default/useradd
# Useradd defaults file
GROUP = 100 # The GID of the Master GROUP also starts from 100.
HOME =/home # create the home directory of the user in/HOME. you can set this directory by yourself.
INACTIVE =-1 # whether the password will expire after it is enabled.-1 indicates that the password will never expire. For example, 10 indicates that it will expire after 10 days.
EXPIRE = # end date of the account. If this parameter is not set, the account is not enabled.
SHELL =/bin/bash # SHELL type used
SKEL =/etc/skel # reference location of files in the user's home directory. That is to say, when adduser is used to add users, all files in the user's home directory are copied from this directory;
CREATE_MAIL_SPOOL = yes # Create a user's mail pool. It is equivalent to a user's mailbox.

/Etc/skel/file sources in the user's home directory when adding users. All files in this directory are hidden files.
[Root @ yufei ~] # Ls-la/etc/skel/
Total 36
Drwxr-xr-x. 4 root 4096 Dec 15.
Drwxr-xr-x. 96 root 12288 Jan 7 13:40 ..
-Rw-r-. 1 root 18 Jun 22 2010. bash_logout
-Rw-r-. 1 root 176 Jun 22 2010. bash_profile
-Rw-r-. 1 root 124 Jun 22 2010. bashrc
Drwxr-xr-x. 2 root 4096 Jul 14 23:55. gnome2
Drwxr-xr-x. 4 root 4096 Dec 15. mozilla

/Etc/login. defs: some plans for creating users. For example, when creating a user, do you need the home directory, UID and GID range, and user duration.
[Root @ yufei ~] # Vim/etc/login. defs
MAIL_DIR/var/spool/mail # Create a user mail file in the/var/spool/mail directory when creating a user.

PASS_MAX_DAYS 99999 # maximum number of days when the user's password does not expire
PASS_MIN_DAYS 0 # minimum number of days for password modification
PASS_MIN_LEN 5 # minimum password length
PASS_WARN_AGE 7 # Warning time

UID_MIN 500 # UID starts from 500
UID_MAX 60000 # The maximum UID is 60000

GID_MIN 500 # GID starts from 500
GID_MAX 60000 # The maximum GID is 60000

CREATE_HOME yes # whether to create the user's home directory

UMASK 077 # default permission restrictions when creating a user's home directory

USERGROUPS_ENAB yes # when using userdel to delete a user, if there are no other users in the main group, delete this group as well.
ENCRYPT_METHOD SHA512 # The user password is encrypted in SHA512.

Through the above explanation, I think you have learned more about the process of adding users to the linux system. this process is:

Create a line of account-related data in/etc/passwd, including creating UID/GID/home directory;
Enter the password parameters of this account in/etc/shadow, but no password exists;
Add a group name identical to the account name in/etc/group;
Create a directory with the same name as the account under/home as the user's home directory, and the permission is 700
COPY the corresponding files from/etc/skel/to the user's home directory
Finally, use the passwd command to encrypt the password and write it to/etc/shadow.

User password settings

The above focuses on user creation, and there is not much talk about user password settings.
In Linux, the command is used to change the configuration file, and the passwd command is used to encrypt the password and write it into/etc/shadow (Column 2, we also know that there are 9 columns in this file. how can we modify other columns through the passwd command?
See Help
Passwd-help
Format: passwd [OPTION...]
-L: it means Lock. it will add "!" to the front of the second column of/etc/shadow "!" Invalidate password
-U: relative to-l, which means Unlock.
-S: list password-related parameters, that is, most of the shadow file information.
-N: followed by the number of days. The value is in the 4th Field of shadow. you cannot change the password number of days.
-X: The number of days followed by the shadow field 5th. the password must be changed within a certain period of time.
-W: The number of days followed by shadow, the 6th Field of shadow, and the number of days of warning before the password expires
-I: followed by the date, the 7th Field of shadow, and the password expiration date

Let's experiment with these questions. apart from passwd settings for passwords, I prefer to modify them directly in/etc/shadow.
There is also a command similar to passwd, that is, chage. you should study it yourself!

By the way, we often encounter such a situation: for example, I downloaded an application, but it should be well integrated, at this time, someone else will give you a default user and password. during the first login, you only need to reset the password before logging in. In fact, the implementation of this function is to change the third column in our shadow and change this value to 0! If you are interested, try it.

Edit user usermod

The new user has been done, but if I modify the user's related information, there are no other methods besides modifying the file? Of course, the ultimate goal of a command is to change the configuration file. Then let's take a look at how to use usermod to modify the user's related 0 information.
[Root @ yufei ~] # Usermod-h
Usage: usermod [options] LOGIN
-C: The following is an account description, that is, the description column in the fifth column of/etc/passwd. you can add some account descriptions.
-D: the home directory of the account, that is, the sixth column of/etc/passwd.
-E: followed by a date in the format of YYYY-MM-DD, that is, the eighth column in/etc/shadow
-F: next to the number of days. modify the seventh column of shadow.
-G: next to the main group, modify the Fourth Field of/etc/passwd, that is, the GID field.
-G: add an additional group to modify the group that the user can support. The modified group is/etc/group.
-A: used with-G to add support for additional groups instead of settings.
-L: followed by the account name. Modify the account name, the first column of/etc/passwd
-S: a Shell file, such as/bin/bash or/bin/csh.
-U: followed by a UID number. modify the user's UID/etc/passwd in the third column.
-L: temporarily freeze the user's password so that he cannot log in. In fact, "!" is added to the password bar of/etc/shadow.
-U: "!" in the/etc/shadow password column Remove
In fact, the usage of this usermod is very similar to that of useradd, but it only increases user locking and unlocking.
Let's look at several examples.
Modify user description
[Root @ yufei ~] # Grep opser_1/etc/passwd
Opser_1: x: 501: 501:/home/opser_1:/bin/bash
[Root @ yufei ~] # Usermod-c "opser.org exmple" opser_1
[Root @ yufei ~] # Grep opser_1/etc/passwd
Opser_1: x: 501: 501: opser.org exmple:/home/opser_1:/bin/bash

Set the user's expiration date
[Root @ yufei ~] # Grep opser_1/etc/shadow
Opser_1: $6 $ cIFPSKDr $ rQV1fCHYfpUBSqgtpUGcO5A. Examples/UWHFgKuqx/: 14981: 0: 99999: 7 :::
[Root @ yufei ~] # Usermod-e "2011-02-01" opser_1
[Root @ yufei ~] # Grep opser_1/etc/shadow
Opser_1: $6 $ cIFPSKDr $ rQV1fCHYfpUBSqgtpUGcO5A. Examples/UWHFgKuqx/: 14981: 0: 99999: 7: 15006:
Let's briefly introduce these two parameters. let's study them by yourself!

Delete user userdel

This command is very simple,
[Root @ yufei ~] # Userdel-h
Usage: userdel [options] LOGIN
-F: force delete, including all user-related content. this parameter is a dangerous parameter and is not recommended. For more information, see MAN.
-R: deletes the user's home directory and email pool.
In fact, this-r parameter is used to delete information in the user's configuration file.
User account/password parameters:/etc/passwd,/etc/shadow
User-related parameters:/etc/group,/etc/gshadow
User personal file data:/home/username,/var/spool/mail/username

I will not demonstrate it to you. please do it yourself!

Note:
1. when using the userdel-r command, make sure that all data of this user is no longer used.
2. before using this command, we recommend that you find all the data of this account (find/-user username), and then perform the operation.

2. User Group management
This is similar to the above user management, but the modified File (/etc/group,/etc/gshadow) is different.

Add user group groupadd

[Root @ yufei ~] # Groupadd-h
Usage: groupadd [options] GROUP
-G gid: Set the user group and specify the corresponding GID.
-R: this parameter is the same as our useradd-r parameter.
The usage of this command has been mentioned earlier and is also very simple.
[Root @ yufei ~] # Tail-n 4/etc/group/etc/gshadow
==>/Etc/group <=
Yufei: x: 500:
Opser_1: x: 501:
Opser.org: x: 600:
User group: x: 601:

==>/Etc/gshadow <=
Yufei :!! ::
Opser_1 :! ::
Opser.org :! ::
User_group :! ::

[Root @ yufei ~] # Groupadd new_group_1
[Root @ yufei ~] # Groupadd-r new_group_2
[Root @ yufei ~] # Tail-n 4/etc/group/etc/gshadow
==>/Etc/group <=
Opser.org: x: 600:
User group: x: 601:
Maid: x: 602:
New_group_2: x: 489:

==>/Etc/gshadow <=
Opser.org :! ::
User_group :! ::
New_group_1 :! ::
New_group_2 :! ::

Edit user group groupmod

Similar to usermod
[Root @ yufei ~] # Groupmod-h
Usage: groupmod [options] GROUP
-G: modify the existing GID number;
-N: modify the existing group name.

Let's look at an example.
Change the new_group_2 name created in the previous command to mygroup and GID to 666.
[Root @ yufei ~] # Groupmod-g 666-n mygroup new_group_2
[Root @ yufei ~] # Tail-n 4/etc/group/etc/gshadow
==>/Etc/group <=
Opser.org: x: 600:
User group: x: 601:
Maid: x: 602:
Mygroup: x: 666:

==>/Etc/gshadow <=
Opser.org :! ::
User_group :! ::
New_group_1 :! ::
Mygroup :! ::

Note: We recommend that you do not change this GID at will to avoid confusion of the system's GID.

Delete User Group groupdel

This command is simpler and does not have any parameters. it is followed by the user group name you want to delete.
Note: you cannot use groupdel-h or groupdel-help to view help. you can only use man groupdel.
[Root @ yufei ~] # Tail-n 2/etc/passwd/etc/shadow
==>/Etc/passwd <=
Yufei: x: 500: 500: yufei:/home/yufei:/bin/bash
Opser_1: x: 501: 501: opser.org exmple:/home/opser_1:/bin/bash

==>/Etc/shadow <=
Yufei: $6 $ VdpG9FMuvcR49tD2 $ zhfYkufmtPd5jjzYG/assets/cz3nksC6p7l8MhePXC7FCXDhv1YbTM/: 14958: 0: 99999: 7 :::
Opser_1: $6 $ cIFPSKDr $ rQV1fCHYfpUBSqgtpUGcO5A. Examples/UWHFgKuqx/: 14981: 0: 99999: 7: 15006:
[Root @ yufei ~] # Tail-n 5/etc/group/etc/gshadow
==>/Etc/group <=
Opser_1: x: 501:
Opser.org: x: 600:
User group: x: 601:
Maid: x: 602:
Mygroup: x: 666:

==>/Etc/gshadow <=
Opser_1 :! ::
Opser.org :! ::
User_group :! ::
New_group_1 :! ::
Mygroup :! ::

We will delete the preceding user groups and several user groups.
[Root @ yufei ~] # Groupdel mygroup
[Root @ yufei ~] # Groupdel new_group_1
[Root @ yufei ~] # Groupdel opser.org
[Root @ yufei ~] # Groupdel opser_1
Groupdel: cannot remove the primary group of user 'opser _ 1 ′
Why can't I delete the opser_1 user group? Because there are users in this group. Therefore, before deleting a user group, check whether there are any members in this group.
[Root @ yufei ~] # Tail-n 3/etc/group/etc/gshadow
==>/Etc/group <=
Yufei: x: 500:
Opser_1: x: 501:
User group: x: 601:

==>/Etc/gshadow <=
Yufei :!! ::
Opser_1 :! ::
User_group :! ::

Set gpasswd for the user group administrator

[Root @ yufei ~] # Gpasswd
Usage: gpasswd [option] GROUP
: No parameter. set the user group password.
-A: add a user to a user group.
-D: delete a user from a user group
-R: deletes the user group password.
-M: Set user group members (multiple members)
-A: set the user group administrator (list)

Let's look at an example.
Create two users and set their passwords
[Root @ yufei ~] # Useradd test_user1
[Root @ yufei ~] # Passwd test_user1
Changing password for user test_user1.
New password:
Bad password: it is too simplistic/systematic
Bad password: is too simple
Retype new password:
Passwd: all authentication tokens updated successfully.
[Root @ yufei ~] # Useradd test_user2
[Root @ yufei ~] # Passwd test_user2
Changing password for user test_user2.
New password:
Bad password: it is too simplistic/systematic
Bad password: is too simple
Retype new password:
Passwd: all authentication tokens updated successfully.

View information about the two users
[Root @ yufei ~] # Tail-n 2/etc/passwd/etc/shadow
==>/Etc/passwd <=
Test_user1: x: 502: 502:/home/test_user1:/bin/bash
Test_user2: x: 503: 503:/home/test_user2:/bin/bash

==>/Etc/shadow <=
Test_user1: $6 $ EL8UBf7P $ users/BuiNVBszO/UoycYIBZZygIH3oA3aKDOSA11: 14982: 0: 99999: 7 :::
Test_user2: $6 $ tTs0BG90 $ 7LLaUwF9pP/javash4/IPAwH1x4JE. rSXjYP/wbUq2kxPsXM4/Example. example/: 14982: 0: 99999: 7 :::

View the last user group added to the system)
[Root @ yufei ~] # Tail-n 3/etc/group/etc/gshadow
==>/Etc/group <=
User group: x: 601:
Test_user1: x: 502:
Test_user2: x: 503:

==>/Etc/gshadow <=
User_group :! ::
Test_user1 :! ::
Test_user2 :! ::

Add test_user1 and test_user2 to the user_group group.
[Root @ yufei ~] # Gpasswd-a test_user1 user_group
Adding user test_user1 to group user_group
[Root @ yufei ~] # Gpasswd-a test_user2 user_group
Adding user test_user2 to group user_group
[Root @ yufei ~] # Tail-n 3/etc/group/etc/gshadow

==>/Etc/group <=
User_group: x: 601: test_user1, test_user2
Test_user1: x: 502:
Test_user2: x: 503:
==>/Etc/gshadow <=
User_group :! : Test_user1, test_user2
Test_user1 :! ::
Test_user2 :! ::

Set test_user1 as the administrator of the user_group group.
[Root @ yufei ~] # Gpasswd-A test_user1 user_group
[Root @ yufei ~] # Tail-n 3/etc/gshadow
User_group :! : Test_user1: test_user1, test_user2
Test_user1 :! ::
Test_user2 :! ::
Note: The role of the user group administrator is to manage other members in the user group like the root user.

Set user_group password
[Root @ yufei ~] # Gpasswd user_group
Changing the password for group user_group
New Password:
Re-enter new password:
[Root @ yufei ~] # Tail-n 3/etc/gshadow
User_group: $6 $2 UZWz/O32 $ vViBQd. Bu8y. RfUbH/9QFYxqN. Random/3M1: test_user1: test_user1, test_user2
Test_user1 :! ::
Test_user2 :! ::

Switch User Group newgrp

This command switches the current user to the corresponding user group
Note: The premise is that this user group is the user's main group or additional group.
Play with yourself

From: Yufei blog