Syntax: useradd [options] User name options:
-d< Login Directory > Specify the starting directory for new users to log in, default to /home
-e< Expiration date > specified user's expiration date in the form Yyyy-mm-dd
-g< User Group > Specify the group to which the user belongs
-p< password > Set password for new user
- R Establish system user
PS:
1. Create a new user Frisen, set the login starting directory to/home/guest, password 123456:
useradd-d/home/guest-p 123456 Frisen
2. Create an account for the specified directory, validity period, and attribution group Frisen2:
useradd-d/home/guest-e 2017-01-01-g guest Frisen2
In Linux, it does not recognize the name of the account. It knows our account ID and the account ID is saved in the/etc/passwd file. When we log in to the Linux host, after entering the account number and password, Linux will first look for the/etc/passwd file in the account, if not then jump, if any, He reads the UserID and GroupID of the account, and the root and shell of the account are also read. Then check the password list, find the account number and UserID we just entered in/etc/shadow, and check if we have entered the correct password. Everything is right we can log in to the current user shell. So, let's first look at the user account file.
user management generally need to know/etc/passwd/etc/shadow/etc/group
1./etc/passwd We use cat to view this file
Root:x:0:0:root:/root:/bin/bash
Bin:x:1:1:bin:/bin:/sbin/nologin
Lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
Sync:x:5:0:sync:/sbin:/bin/sync
Dingn:x:501:501::/home/dingn:/bin/bash
We first look at the first line of root, a total of seven items, each using: separate, they represent the following:
account Name: Account name due to the corresponding user ID, this is the system default user root Super Administrator, in the same system account name is unique, the length according to different Linux system, usually 8 bits.
Password: Since there is also a/etc/shadow file in the system for storing the encrypted password, this is an "x" in this case, if the user does not set the password, the entry is empty.
User ID (UID): This is used within the system to identify different users, different user identification code, where the user ID has the following types:
0 for system administrators, if you want to create a system administrator, you can create a regular account, and then change the user ID of the account to 0.
1-500 system reserved id,500 above is used by ordinary users.
Group ID (GID): In fact, this is similar to the user ID, used to standardize the group, he is related to/etc/group.
Description Information: This field has little effect, just to explain the meaning of the account.
User root: Is the user log on to the system's starting directory, the user logged into the system will first enter the directory. Root user default is/root, ordinary user is the/home/user name.
User Login Shell: The shell that is used when the user logs on to the system, and we will study the shell in the future.
2./etc/shadow
In the early Unix operating system, the user's account information and password information are stored in the passwd file, although the password has been encrypted and stored in the passwd file in ciphertext, but because the passwd file is readable for all users in the system, Password is easier to crack, there are large security risks. Now use "Shadow" file to save ciphertext user password, use passwd file to save user account other information. The "shadow" file can only be read by an administrator user. Because this file may be cracked, you must not disclose the contents of the file to others, to ensure that the system security.
Similarly, we analyze the first line, a total of nine items, respectively, explain:
Root:x:0:0:root:/root:/bin/bash
Bin:x:1:1:bin:/bin:/sbin/nologin
Daemon:x:2:2:daemon:/sbin:/sbin/nologin
Adm:x:3:4:adm:/var/adm:/sbin/nologin
Lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
Sync:x:5:0:sync:/sbin:/bin/sync
Dingn:x:501:501::/home/dingn:/bin/bash
account name: corresponds to passwd, and passwd the same meaning.
Password: This is the real password, and has been encrypted, can only see some special symbols. It is important to note that these passwords are hard to crack, but not equal. And the first character of the password bar is "*" to indicate that the user does not have to log in, if the user does not want him to log in, you can add a star in front of him.
date The password was last changed: This record is the last date that the password was changed, why is it 13798? This is because Linux calculates the date by January 1, 1970 as 1, January 1, 1971 is 366, and so on, and the date that I changed the password is represented as 13798.
the number of days password can not be changed: Because of fear of password theft and endanger the security of the entire system, so this field is scheduled, you must re-modify the password in this time, or the account will be temporarily invalidated. The above 99999, indicating that the password does not need to re-enter, it is best to set a period of time to change password. ensure system security.
Password change period to the front of the warning period: when the password expiration period of the account, the system issued a warning according to the setting of this field, remind the user "N days after your password will expire, please reset the password as soon as possible." The default is seven days.
Account Expiration Period: If the user has not re-entered the password after the warning period, so that the password expires, and the user in this field within the time limit is not reflected to the Administrator, so that the account re-enable, then this account will be temporarily invalidated.
Account Cancellation Date: This date is the same as the third field, which uses the Date setting method since 1970 years. This field indicates that the account will no longer be available after the date specified in this field. This field is typically used in a fee-for-service system where a date can be specified to make the account no longer available.
reserved: The last field is reserved, see if there are any new features to join later.
3./etc/group Check this file
we still analyze the first line, a total of four items, followed by:
root:x:0:
Bin:x:1:bin,daemon
Daemon:x:2:bin,daemon
Sys:x:3:bin,adm
dingn:x:501:
Group name: is the name of the group.
group password: Usually not required because we rarely use groups to log in. But this password is also recorded in the/etc/gshadow.
Group ID: This is the team ID.
name of the support account: All accounts for this group. If you want to let the user Qiuri also belong to the root of this group, in the first line at the end of the ", Qiuri" note that there is no space when added.
4. Useradd Add User
If there are no special requirements, we usually create a user account directly using the Useradd user name. For example, we create a Qiuri account:
since the most newly created account will add a line to the last line of the three files we just said, we'll verify:
we use this command to create the user through the default account settings files/etc/login.defs and/etc/default/useradd.
in this file we need to know, skel this option, the user's root directory content is copied from the/etc/skel directory in the past. Useful when adding users manually. Take a look at the contents of this directory:
This command also has a number of parameters for example, for your reference:
Useradd [-u uid][-g group][-d home][-s Shell]
- u: give the UserID directly
- G: Give the GID directly
- D: Directly builds the root directory in the existing directory
- s: Define shell
5.passwd Set User password
By default, the user's password is not set after the user has been added, so the established user account cannot log into the system even if it exists. You need to use the passwd command to set a password on your user account to log into the system. This command is divided into the administrator to the user to modify the password and the user himself login system to modify the password.
administrator Root to change the password for the user, for example: Create a user Qiuri, and then set the password
The administrator sets a password for the user to command passwd [username] to set the password, in order to avoid the input error, will enter two consecutive times in the process of entering the password. If you enter the same password two times, the password is correct, and the password is saved to the shadow file in an encrypted manner. After Setup we can log in using User Qiuri. Qiuri users to modify their passwords.
6. Add a new user
here are some specific syntax that you can use to view Help commands through the man Useradd
in a Linux system, only the root user can create a new user, as the following command creates a new user with the login name user1.
# Useradd User1
However, the user is not yet able to log in because the initial password has not been set and the user without the password is not able to log on to the system. By default, a user home directory with the same user name will be created under the/a directory. If you need to specify a different household directory, you can use the following command:
# useradd-d/HOME/XF user1
at the same time, the user will get a shell program when logging in:/bin/bash, and if you do not want this user to log in, you can also specify that the user's shell program is:/bin/false, so that the user is not able to execute commands under Linux, even if logged in:
# useradd-s/bin/false user1
in Linux, a new user is created with the same name as the user who is a member of the group. If you want a new user to belong to a group that already exists, you can use the following command:
# useradd-g User user1
This allows the user to be part of the Users group. And if you just want it to belong to a group, you should use:
# useradd-g User user1
Once you have done this, you should also use the passwd command to set an initial password for it.
2. Delete a user
to delete a user, simply use a simple command called "Userdel username". However, it is best to delete the files that are left on the system, and you can use the "Userdel-r username" for this purpose.
3. Modify User Properties
in the front we saw how to specify its user home directory when creating a new user, how to specify its shell, how to set the group it belongs to ... Wait a minute. A command is provided in Linux to implement: USERMOD-G Group name-G group name-D user home directory-S user Shell
There is also a direct way, that is to modify the/etc/passwd file, in this file each user occupies a row, its content is:
User name: password: User id: Group ID: User's full name: Owner's directory: User Shell
However, it is important to note that the password is usually replaced by an * number, which you do not see.
Management of user groups
groupadd Option User Group
-G GID Specifies the group identification number (GID) of the new user group.
- o is commonly used with the-G option, which means that the GID of the new user group can be the same as the GID of the user group already in the system.
1. Add a group
remember that Linux files can set different access rights for people in the same group, not groups? We can create a user group according to our own needs:
Groupadd Group name
2. Delete a group
Similarly, we sometimes need to delete a group whose command is the Groupdel group name.
3. Modification of Group members
If we need to add a user to a group, simply edit the/etc/group file and write the user name to the name of the group. For example, to add a newuser user to the Softdevelop group, just find the Softdevelop line:
Softdevelop:x:506:user1,user2
then add NewUser to the back, forming:
Softdevelop:x:506:user1,user2,newuser
Usage of useradd in Linux