Users and Groups in Linux

目录一，用户和组二，Linux用户和组的主要配置文件三，关于用户维护的一些常见命令四，组帐号维护命令

Users and Groups

In Linux, when the UID (user number) is 0 is the root user, because the system also requires some process loading, and each process load also need a user to initiate, so on each Linux system has some system users. and the logged-on user is the user we created:
Linux Users: Username/uid
admin: Root, 0
Normal User: 1-65535 (UID)
System users: 1-499 1-999
Login User: 1000+
(CentOS6) (CentOS7)
XCentOS7 because the process of the system increased, so the system users correspondingly increased

In our system there are many system users, and the system users have many non-interactive users, the reason is to give different system services and processes a starting account to manage them. Because different users to manage different processes, when a process vulnerability, the corresponding account permissions, and the system users have a lot of non-interactive users, so not afraid to be used, to the system caused great harm. But each file cannot be accessed only by the root user and the file owner user, so our system appears "group". Each user in Linux must belong to a group and cannot be independent of the group. In Linux, each file has the concept of owner, group, and other groups.

Categories of Linux groups:
User's primary group (primary group):
The user must belong to one and only one primary group
The group name is the same as the user name and contains only one user: private group
Additional groups for users (supplementary group):
A user can belong to 0 or more secondary groups
It is recommended that you do not put other users ' primary groups, which are private groups, as other users ' home groups

Coincidentally, each group also has a GID (group number), similar to the UID:

Linux Group: Groupname/gid
Administrators group: root, 0
Normal Group:
System Group 1-499 1-999
General Group 1000+
(CentOS6) (CENTOS7)

Primary configuration files for Linux users and groups:

    /etc/passwd：用户及其属性信息(名称、UID、主组ID等）    /etc/group：组及其属性信息    /etc/shadow：用户密码及其相关属性    /etc/gshadow：组密码及其相关属性

Each of the contents in/etc/passwd is separated by ":", and each part represents the meaning:

Login Name: Login name (root)
passwd: Password (x)
UID: User identification number (0)
GID: Login Default group number (0)
GECOS: User's full name or comment
Home directory: Household Directory
Shell: The user uses the shell by default (/bin/bash)

Each content in/etc/group is also separated by ":", with each part meaning:

Group name: is the group name?
Group password: usually does not need to be set, the password is recorded in/etc/gshadow
GID: Is the ID of the group
List of users with the current group as additional groups (comma delimiter)

Each of the contents in the/etc/shadow file is also separated by ":", with each part meaning:

Login with Name
User password: generally with sha512 encryption
From January 1, 1970 to the time the password was last changed
The password can be changed in a few days (0 means it can be changed at any time)
The password must be changed in a few days (99999 means never expire)
The system reminds the user a few days before the password expires (default is one week)
Password expires days payback will be locked
From January 1, 1970, the number of days after the account expires
The part that is circled by the red box represents the transcoding of the password that is set by the account, and the password-free person displays "!! ”

Each of the contents in the/etc/gshadow file is also separated by ":", with each part meaning:

Group name: is the group name
Group Password:
Group Admins list: List of group admins, change groups passwords and members
List of users with the current group as additional groups: (comma delimiter)

Some common commands about user maintenance:
　　　User Management command: Useradd usermod Userdel

Useradd command
The Useradd command is used for new system users created in Linux. Useradd can be used to create user accounts. After the account is built, then use passwd to set the password of the account. You can delete an account by using Userdel. The account created using the USERADD directive is actually saved in a/etc/passwd text file
Useradd (option) (parameter)
-u UID Specifies uid default starting from 1000 onwards
-O with-u, does not check UID uniqueness
-G GID or group name the primary group for the specified user is an existing group, and you can specify the GID or the group name
-g Specifies that additional groups can be specified at a comma interval, that the group must exist beforehand, that the GID can be specified, and the group name can be specified.
-C Comment Information
-d Specifies the directory path, if not specified by default in/home with the same name as the user. Note that the directory name must already exist and the base name does not exist when specified.
-s Specifies the login shell as follows
Useradd-s/sbin/nologin Test Create a shell for non-interactive logon users
-N Do not create private group master group, use the Users group master Group
-R Create System users (CentOS 6 and previous versions <, CentOS 7 < 1000)

Usermod command
The Usermod command is used to modify the user's basic information. The Usermod command does not allow you to change the user account name that is being online. When the Usermod command is used to change the user ID, it must be confirmed that the user is not executing any programs on the computer.

Usermod
-U newuid user name modify UID of user
-G Newgid User name modify the user's primary group to specify the group name, or you can specify the GID
-G GID or group name [, group name] User name sets which group the user's additional group is, which is overwritten with additional group information
-A combined with-G can increase the user's additional group without affecting the previous additional group
-s shell name User name Modify the user's shell
-C "Description information" Set User's description information
-d/path User name modifies the user's home directory, the new home directory is not created automatically; to create a new home directory and move the original home data, use the-M option
-l newname User name to modify user names
-l:lock Specify the user, add in the/etc/shadow password bar! Equivalent to Passwd-l
-u:unlock Specify the user, will/etc/shadow the password bar! Take away the equivalent of passwd-u
-E YYYY-MM-DD: Indicates user account expiration date
-F INACTIVE: Set inactivity Period

Userdel command
The Userdel command is used to delete a given user, as well as files related to the user. Without the option, only the user account will be deleted, not the relevant files.
Userdel
-F: Force the deletion of the user, even if the user is currently logged in;
-r: Deletes all files associated with the user while deleting the user.

Group Account Maintenance Command Groupadd Groupmod Groupdel

Groupadd command
The Groupadd command is used to create a new workgroup, and the new workgroup information is added to the system files.
Groupadd (option) (parameter)
-G: Specifies the ID of the new workgroup;
-r: Create system Workgroup, System Workgroup Group ID is less than 500;
-K: Overwrite configuration file "/ect/login.defs";
-O: Allows you to add a workgroup with a group ID number that is not unique.

groupmod Command

The Groupmod command changes the group identifier or name. When you need to change the identification number or name of a group, you can use the GROUPMOD directive to complete the work

Groupmod (option) (parameter)
-g< group identification Code;: Set the group identifier to use;
-O: Repeated use of the group identification Code;
-n< New group Name: Set the name of the group you want to use.

Groupdel command
The Groupdel command is used to delete the specified workgroup, and the system files to be modified by this command include/ect/group and/ect/gshadow. If some users are still included in the group, you must delete the users before you can delete the groups. Because we mentioned earlier that each user must have only one group.
Groupdel (parametric)
parameter = Group: The workgroup name to delete

Let's introduce some special and very useful commands
GPASSWD newgrp groupmems Groups Chowm

GPASSWD command

GPASSWD Group Name setting group password administrator can perform
-A user name group name a user is added to a group as an additional group to which the group administrator can perform
-d user Name Group name a user kicked out of a group from a specified group administrator can execute
-m username [, user name ...] group name set user list for a group only root execution
-a user name [, user name ...] Group name set Administrator list for a group only root execution
The group administrator can only fix the group password and add others to the group and kick out the group, but does not have the permissions of the group member.

NEWGRP command

NEWGRP group name (normal user execution)
A normal user who is not an attached group member can use this command to temporarily change the primary group after the group password is entered correctly.
An ordinary user with an additional group member does not need to enter a password to use this command to temporarily change the primary group. The original primary group temporarily becomes an additional group

groupmems Command
Groupmems only Root execution
-G group name-a user name a user is added to a group as an additional group
-G Group name-D user name a user kicked out of a specified group
-G Group name-p clears all group members
-G Group name-L view the members of the specified group (only additional groups are displayed)

Groups user name to see which groups the specified user belongs to (including the primary group and additional groups)

CHOWM command
Chown only root to change the file's owner
User name filename
User name. group name filename or user name: Group name filename Change both owner and group if. Or: Previously omitted, change group only

Users and Groups in Linux