User management operation example

User management operation example Linux User management operation example [plain] # user root Super User, super administrator, unlimited permissions: 500 System Account System Software running without logon permissions 500 and above ordinary users hongyi: x: 501: 501:/home/hongyi: /bin/bash hongyi: username x: Password placeholder. No password can be used for Logon. If yes, you must use the password to log on to 501: User ID 501: User Group ID: Comment information, dispensable And customizable. For example, Oracle user/home/hongyi: home/bin/bash: What is the default shell shd used by the user to log on to the system :!!: 15908 ::::::!!: The user is locked. There are two locks!: A lock 15908: the number of days after the password is changed to 1970.1.1 zhink: $6 $ YJ. smIrY $ response. yVJutBtyqlaJSJG.9AJC4. s/: 15910: 0: 99999: 7: 0: the minimum number of days the password can be modified. 99999: the maximum number of days the password can be used must be modified. Otherwise, the password expires. 7: how many days before the password expires will you be prompted :: [root @ larrywen soft] # man shadow [root @ larrywen soft] # man 5 shadow [root @ serv01 test] usermod -- help -- modify the user ID [root @ serv01 test] # usermod-u 666 zhink [root @ serv01 test] # id zhink Uid = 666 (zhink) gid = 500 (hink) groups = 500 (hink) -- change the user zhink to think [root @ serv01 test] # usermod-l think zhink [root @ serv01 test] # id zhink id: zhink: no such user [root @ serv01 test] # tail-n2/etc/passwd hongyi: x: 501: 501:/home/hongyi:/bin/bash think: x: 666: 500:/home/zhink: /bin/bash -- add a group named 666 linux [root @ serv01 test] # groupadd-g 666 linux [root @ serv01 test] # tail-n1/etc/group linux: x: 666 :-- Modify the think group name to linux [root @ serv01 test] # usermod-g linux think [root @ serv01 test] # tail-n1/etc/passwd think: x: 666: 666: :/home/zhink:/bin/bash [root @ serv01 test] # id think uid = 666 (think) gid = 666 (linux) groups = 666 (linux) -- change the comment of user think to this is linux admin [root @ serv01 test] # usermod-c "this is linux admin" think [root @ serv01 test] # tail-n2/etc /passwd hongyi: x: 501: 501:/home/hongyi:/bin/bash think: x: 666: 666: this is linux admin:/home/zhink: /bin/bash [root @ serv01 test] # mkdir/rhome [root @ serv01 test] # ls-ld/rhome/drwxr-xr-x. 2 root 4096 Jul 24/rhome/-- migrate to the user, failed [root @ serv01 test] # usermod-m/rhome/think usermod: no changes [root @ serv01 test] # tail-n2/etc/passwd hongyi: x: 501: 501:/home/hongyi:/bin/bash think: x: 666: 666: this is linux admin:/home/zhink:/bin/bash [root @ serv 01 test] # ls/rhome [root @ serv01 test] # ls/home hongyi test zhink -- migrate think to the user [root @ serv01 test] # usermod-m-d/rhome/ think [root @ serv01 test] # tail-n2/etc/passwd hongyi: x: 501: 501:/home/hongyi:/bin/bash think: x: 666: 666: this is linux admin:/rhome/think: /bin/bash [root @ serv01 test] # ls/rhome think [root @ serv01 test] # ls/home hongyi test # test logon prohibited [root @ serv01 test] # usermod- s/sbin/nolo Gin think [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: Last login: Thu Jul 25 00:03:44 2013 from 192.168.1.1 This account is currently not available. connection to 192.168.1.11 closed. [root @ serv01 test] # usermod-s/bin/bash think [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: Last login: Thu Jul 25 00:03:58 2013 from 192.168.1.1 [Think @ serv01 ~] $ [Root @ serv01 test] usermod-p # md5 encryption [root @ serv01 test] # grub-md5-crypt Password: Retype password: $1 $9gmEH1 $ TxmCSmV4.uJTjCNVlqnBn. # modify the user's think password [root @ serv01 test] # usermod-p '$1 $9gmEH1 $ TxmCSmV4.uJTjCNVlqnBn. 'Think [root @ serv01 test] # passwd think # change the password of think, root User [root @ serv01 test] # passwd think # minimum expiration date of user think password is 3 [root @ serv01 test] # passwd-n 3 think # user think Password the minimum expiration date is 0 [root @ serv01 te St] # passwd-n 0 think # Date on which the user expires. Set this parameter to [root @ serv01 test] # passwd-I 3 think # modify the user think, expiration [root @ serv01 test] # usermod-e "2013-09-10" think # warning of user think password invalidation date: 3 days later, the user think will be warned when logging on [root @ serv01 test] # passwd-w 3 think [root @ serv01 test] # date Thu Jul 25 00:25:44 CST 2013 [root @ serv01 test] # date-s "16:26:44" Thu Jul 25 16:26:44 CST 2013 [root @ serv01 test] # date Thu Jul 2 5 16:26:45 CST 2013 [root @ serv01 test] # tail-n2/etc/shadow think: $6 $ B0kGPvNc $ scheme/KNAl7sNswovvsGawl1: 15910: 0: 99999: 7 ::: [root @ serv01 test] # passwd think Changing password for user think. new password: bad password: it is based on a dictionary word bad password: is too simple Retype new password: passwd: all authentication tokens upda Ted successfully. [root @ serv01 test] # tail-n2/etc/shadow think: $6 $ xuDtWPxr $ scheme: 15911: 0: 99999: 7 ::# 15911: you do not need to modify [root @ serv01 test] # passwd -- help [root @ serv01 test] # passwd-n 3 think Adjusting aging data for user think. passwd: Success [root @ serv01 test] # tail-n2/etc/shadow think: $6 $ xuDtWPxr $ 9S2ZcJ0mn4CWXnUZqS Login: 15911: 3: 99999: 7: [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: Last login: thu Jul 25 00:04:23 2013 from 192.168.1.1 [think @ serv01 ~] $ Passwd Changing password for user think. changing password for think. (current) UNIX password: You must wait longer to change your password passwd: Authentication token manipulation error [root @ serv01 test] # passwd-n 0 think Adjusting aging data for user think. passwd: Success [think @ serv01 ~] $ Passwd Changing password for user think. changing password for think. (current) UNIX password: New password: bad password: it is too simplistic/systematic New password: Retype new password: passwd: all authentication tokens updated successfully. [root @ serv01 test] # date Thu Jul 25 16:33:27 CST 2013 [root @ serv01 test] # date-s "2013-07-30" Tue Jul 30 00:00:00 CST 2013 passwd [root @ serv01 test] # da Te-s "" [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: Warning: your password will expire in 0 days Last login: thu Jul 25 16:29:24 2013 from 192.168.1.1 [root @ serv01 test] # date-s "2013-09-01" Sun Sep 1 00:00:00 CST 2013 [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: you are required to change your password immediately (p Assword aged) Last login: Tue Aug 20 00:00:28 2013 from 192.168.1.1 WARNING: Your password has expired. You must change your password now and login again! Changing password for user think. changing password for think. (current) UNIX password: [root @ serv01 test] # passwd-I 3 think Adjusting aging data for user think. passwd: Success [root @ serv01 test] # tail-n1/etc/shadow think: $6 $ 7yd/Qbel $ uAzY/GJKpo7J9aPOy62axAYvWK. examples/BXvSsMipC5GLtKtkiyYLVNFe6dy1: 15911: 3: 30: 7: 3: [root @ serv01 test] # usermod-f 10 think [root @ serv01 test] # Tail-n1/etc/shadow think: $6 $ 7yd/Qbel $ uAzY/GJKpo7J9aPOy62axAYvWK. tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1: 15911: 3: 30: 7: 10 :: # modify the expiration time [root @ serv01 test] # usermod-e "2013-09-10" think [root @ serv01 test] # tail-n1/etc/shadow think: $6 $ 7yd/Qbel $ uAzY/GJKpo7J9aPOy62axAYvWK. tQCRN9WQj4KVpsQM0D1ILeaA2JqiTa/BXvSsMipC5GLtKtkiyYLVNFe6dy1: 15911: 3: 30: 7: 10: 15958: [root @ serv01 test] # date Su N Sep 1 00:03:45 CST 2013 [root @ serv01 test] # date-s "2013-09-20" Fri Sep 20 00:00:00 CST 2013 [root @ larrywen Desktop] # ssh think@192.168.1.11 think@192.168.1.11's password: your account has expired; please contact your system administrator Connection closed by 192.168.1.11 [root @ serv01 test] # passwd -- help Usage: passwd [OPTION...] <accountName>-k, -- keep-tokens keep non-expired authentication Tokens-d, -- delete the password for the named account (root only)-l, -- lock the named account (root only)-u, -- unlock the named account (root only)-f, -- force operation-x, -- maximum = DAYS maximum password lifetime (root only)-n, -- minimum = DAYS minimum password lifetime (root only)-w, -- warning = DAYS number of days warning users names es before password expiration (roo T only)-I, -- inactive = DAYS number of days after password expiration when an account becomes disabled (root only)-S, -- status report password status on the named account (root only) -- stdin read new tokens from stdin (root only) Help options :-?, -- Help Show this help message -- usage Display brief usage message [root @ serv01 test] # tail-n1/etc/group linux: x: 666: [root @ serv01 test] # groupadd -- help # Add an oracle user to a group numbered 668 [root @ serv01 test] # groupadd-g 667 oracle [root @ serv01 test] # tail -n2/etc/group linux: x: 666: oracle: x: 667: # Add a group to a user when creating a user, you can use the group name or group number [root @ serv01 test] # useradd-g oracle oracle01 [root @ serv01 test] # useradd-g 667 oracle 01 [root @ serv01 test] # useradd-g oracle oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 667 (oracle) groups = 667 (oracle) # Add a user to multiple groups [root @ serv01 test] # useradd-g oracle-G linux oracle01 [root @ serv01 test] # usermod -- help # Add the user oracle01 to linux group [root @ serv01 test] # usermod-G linux oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 667 (oracle) groups = 667 (oracle), 666 (linux) [Root @ serv01 test] # tail-n2/etc/group linux: x: 666: oracle01 oracle: x: 667: # Main group # Add group [root @ serv01 test] # groupadd dba [root @ serv01 test] # tail-n2/etc/group oracle: x: 667: dba: x: 668: # modify the user's master group [root @ serv01 test] # usermod-g dba oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 668 (dba) groups = 668 (dba), 666 (linux) [root @ serv01 test] # tail-n2/etc/passwd oracle01: x: 667: 668 :: /home/oracle 01:/bin/bash test: x: 668: 667:/home/test:/bin/bash [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 668 (dba) groups = 668 (dba), 666 (linux) # modify the user's sub-group, overwrite the previous [root @ serv01 test] # usermod-G oracle oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 668 (dba) groups = 668 (dba), 667 (oracle) # secondary group # Add a user to multiple groups [root @ serv01 test] # usermod-G oracle, linux oracle01 [root @ serv01 test] # id oracle01 uid = 667 (Oracle01) gid = 668 (dba) groups = 668 (dba), 666 (linux), 667 (oracle) [root @ serv01 test] # usermod-G oracle oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 668 (dba) groups = 668 (dba ), 667 (oracle) # Add to multiple groups, it will not overwrite the previous sub-group [root @ serv01 test] # usermod-a-G linux oracle01 [root @ serv01 test] # id oracle01 uid = 667 (oracle01) gid = 668 (dba) groups = 668 (dba), 666 (linux), 667 (oracle) # delete a specified user from the oracle group [root @ serv01/] # Gpasswd-d oracle01 oracle Removing user oracle01 from group oracle [root @ serv01/] # id oracle01 uid = 667 (oracle01) gid = 666 (linux) groups = 666 (linux) [root @ serv01/] # tail-n2/etc/passwd think: x: 666: 666: this is linux admin:/rhome/think:/bin/bash oracle01: x: 667: 666:/home/oracle01:/bin/bash # delete a user, without parameters, do not delete the home Directory [root @ serv01/] # userdel hongyi [root @ serv01/] # ls/home hongyi learning oracle01 # delete a user and Delete the main directory [root @ serv01/] # userdel-r oracle01 [root @ serv01/] # ls/home/hongyi/learning/[root @ serv01/] # tail-n3/etc /passwd avahi: x: 70: 70: Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin sshd: x: 74: 74: Privilege-separated SSH: /var/empty/sshd:/sbin/nologin think: x: 666: 666: this is linux admin:/rhome/think: /bin/bash [root @ serv01/] # tail-n3/etc/passwd avahi: x: 70: 70: Avahi mDNS/DNS-SD Stac K:/var/run/avahi-daemon:/sbin/nologin sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd: /sbin/nologin think: x: 666: 666: this is linux admin:/rhome/think: /bin/bash [root @ serv01/] # tail-n5/etc/gruop tail: cannot open '/etc/gruop' for reading: no such file or directory [root @ serv01/] # tail-n5/etc/group sshd: x: 74: hink: x: 500: linux: x: 666: oracle: x: 667: dba: x: 668: [root @ serv01/] # userdel hongyi Userdel: user 'hongyi' does not exist [root @ serv01/] # rm-rf/home/hongyi # Delete Group linux [root @ serv01/] # groupdel linux groupdel: cannot remove the primary group of user 'think' [root @ serv01/] # userdel-r think [root @ serv01/] # groupdel dba [root @ serv01/] # groupdel linux [root @ serv01/] # groupdel oracle # Cluster: number specified, not repeated # different machine IDs keep the same user name keep the same [root @ serv01/] # groupadd oracle [root @ serv01/] # groupadd l Inux [root @ serv01/] # groupadd dba [root @ serv01/] # tail-n3/etc/group oracle: x: 501: linux: x: 502: dba: x: 503: # A user belongs to multiple groups and is added to multiple groups [root @ serv01/] # useradd-g oracle-G linux, dba zhink [root @ serv01/] # id zhink uid = 500 (zhink) gid = 501 (oracle) groups = 501 (oracle), 502 (linux), 503 (dba) [root @ serv01/] # groupadd admin [root @ serv01/] # groupadd users [root @ serv01/] # usermod-a-G admin, mongozhink [root @ serv0 1/] # id zhink uid = 500 (zhink) gid = 501 (oracle) groups = 501 (oracle), 502 (linux), 503 (dba), 504 (admin ), 505 (rows) [root @ serv01/] # tail-n1/etc/group rows: x: 505: # modify the group name [root @ serv01/] # groupmod-n opr restart [root @ serv01/] # tail-n1/etc/group opr: x: 505: # modify the group number [root @ serv01/] # tail-n1/etc/group opr: x: 505: [root @ serv01/] # groupmod-g 666 opr [root @ serv01/] # tail-n1/etc/group opr: x: 666: # add multiple Member [root @ serv01/] # useradd-G admin hongyi Creating mailbox file: File exists [root @ serv01/] # id hongyi uid = 501 (hongyi) gid = 667 (hongyi) groups = 667 (hongyi), 504 (admin) [root @ serv01/] # useradd up01 [root @ serv01/] # useradd up02 [root @ serv01/] # useradd up03 [root @ serv01/] # tail-n10/etc/ group hink: x: 500: oracle: x: 501: linux: x: 502: zhink dba: x: 503: zhink admin: x: 504: zhink, hongyi opr: x: 666: hongyi: x: 667: up01: x: 668: up02: x: 669: up03: x: 670: # append up01 to the admin group [root @ serv01/] # gpasswd-a up01 admin Adding user up01 to group admin [root @ serv01/] # tail-n10/etc/group hink: x: 500: oracle: x: 501: linux: x: 502: zhink dba: x: 503: zhink admin: x: 504: zhink, hongyi, up01 opr: x: 666: hongyi: x: 667: up01: x: 668: up02: x: 669: up03: x: 670: # add multiple users to a group, will overwrite the previous [root @ serv01/] # gpasswd-M up01, up02, up03 admin [root @ serv01/] # Tail-n10/etc/group hink: x: 500: oracle: x: 501: linux: x: 502: zhink dba: x: 503: zhink admin: x: 504: up01, up02, up03 opr: x: 666: hongyi: x: 667: up01: x: 668: up02: x: 669: up03: x: 670: rm-rf * # manually delete users: reverse thinking creates users # change the group password [root @ serv01/] # tail-n1/etc/gshadow linux :!: Zhink [root @ serv01/] # gpasswd linux Changing the password for group linux New Password: Re-enter new password: [root @ serv01/] # tail-n1/etc/gshadow linux: $6 $ Qkm/5/Xju/N/U $ assets/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3. UAmiS/kQzjrnBs7Kbg7DriXaCJ1: zhink useradd zhink passwd zhink # log on to the zhink user [root @ larrywen Desktop] # ssh zhink@192.168.1.11's password: # modify the zhink user to li Nux group [zhink @ serv01 ~] $ Newgrp linux Password: Invalid password. # RHEL5 supports adding passwords to other groups; 6 does not support # modifying user up01 to linux Group, become the administrator of this group [root @ serv01/] # gpasswd-A up01 linux [root @ serv01/] # tail-n1/etc/gshadow linux: $6 $ Qkm/5/Xju/N/U $ cmxuQ0KEcDJzISIhlhEaAkKi/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3. UAmiS/kQzjrnBs7Kbg7DriXaCJ1: up01: [root @ serv01/] # passwd up01 # Log On As an up01 user, then add zhink to the linux Group [root @ larrywen Desktop] # ssh up01@192.168.1.11 up01 @ 192. 168.1.11's password: [up01 @ serv01 ~] $ Gpasswd-a zhink linux Adding user zhink to group linux [up01 @ serv01 ~] $ Id zhink uid = 500 (zhink) gid = 501 (oracle) groups = 501 (oracle), 502 (linux), 503 (dba) [root @ serv01/] # tail-n1/etc/gshadow linux: $6 $ Qkm/5/Xju/N/U $ assets/fQSxeqicB3U/mGLk1o02kyCSQMvdu4FI3. UAmiS/kQzjrnBs7Kbg7DriXaCJ1: up01: zhink # modify the up02 password [root @ serv01/] # passwd up02 [root @ larrywen Desktop] # ssh up02@192.168.1.11 # log on to up02, then add the zhink to the linux Group and find that the up02@192.168.1.11's password: [up02 @ serv0 failed 1 ~] $ Id zhink uid = 500 (zhink) gid = 501 (oracle) groups = 501 (oracle), 502 (linux), 503 (dba) [up02 @ serv01 ~] $ Gpasswd-a zhink linux gpasswd: Permission denied. # [root @ serv01/] # vim/etc/default/useradd [root @ serv01 etc] # ls-l/var/mail/var/spool/mail /-id 417 lrwxrwxrwx. 1 root 10 Jul 23/var/mail-> spool/mail 424 drwxrwxr-x. 2 root mail 4096 Sep 20/var/spool/mail/