Users and permissions in Ubuntu (3)

Source: Internet
Author: User

7. add or delete group-related commands

Similarly, we should first introduce two important configuration files:/etc/group and/etc/gshadow. The previous one is actually the same as/etc/passwd, the latter is the password table of the group. Let's see what it looks like:

Root: X: 0:

ADM: X: 4: M, Syslog

M: X: 1000:

This is part of the intercepted/etc/group. Each line is divided into four segments by a colon, the first segment is the group name, the second segment is the password, and the third segment is the GID; the fourth part is the members in the group.

We can see that the fourth segment of the root and M groups is empty, and the fourth segment of the ADM group has two members. Why is this difference? In the past, each user group was divided into two groups: the main group and the secondary group. The main group refers to the Group that the user account was bound to when it was just created, take a look at the fourth section of/etc/passwd to know which user's main group is. Let's see the user's M information. M: X: 1000: 1000: M ,,,: /home/M:/bin/bash obviously the main group of user m is M. Therefore, the name of each account will not appear in the fourth section of the main group in/etc/group, because it is self-evident or default to some extent; if a user appears in the fourth section, it means that the group is not its main group.

Another concept is effective groups. Although a user can join multiple groups and have corresponding permissions, this is for existing files or directories. If a user wants to create a file or directory, which group does the user belong? The answer is a valid group, that is, the group in which the user is located. We know that a user can only be active in one group at a time, even if he has permissions for other groups. For example, a leader manages three departments and has three groups, but he can only sit in the office of a specific department at every moment, but he cannot sit in three offices at the same time, even if he has the right to enter the other two offices.

You can use the groups command to view all groups to which the current user belongs. The first one is the valid Group of the user. You can use the newgrp command to switch between valid groups. Similar leaders can go to another office. Then it is the default situation, that is, when a user logs on to Linux, which is the valid group? Which of the following is the first office to lead? The answer is the main group above. Here it is called the initial group, but whatever the name is, it is the fourth group of/etc/passwd.

Root :*::
Daemon :*::

M :! ::

This is part of the intercepted/etc/gshadow. Each line is also divided into four segments by colons, which are the group name, password, Group Administrator, and members. If the password segment is! Or *, indicates that the reorganization cannot be logged in, that is, newgrp cannot be used to switch.

Add group commands

Groupadd-g/R groupname-G is followed by GID. Adding-r indicates that a system group is created, that is, the second column of/etc/gshadow will become an asterisk or exclamation point.

Group modification command: groupmod is similar to usermod, that is, -- groupmod [-g gid] [-N group_name]

Group deletion command: groupdel groupname. However, this command may fail in some cases because the user's initial group is the group, therefore, You Need To unbind the user, that is, modify the GID of the user in/etc/passwd or directly Delete the user.

8. Other commands

1) In addition to the above groups, you can view the group information, there is an id command to view more information, just enter the ID on the terminal, without adding parameters.

2) passwd command passwd [-lunxws] Username

-L: Lock the username account and modify it in the password column of/etc/shadow ~
-U: Unlock the Lock of-l!
-N: the number of days followed by a number. The shortest Number of days is the fourth column in/etc/shadow;
-X: followed by a number of days. The maximum number of days is the Fifth Column in/etc/shadow;
-W: the number of days followed by the number of days. The number of days is the sixth column in/etc/shadow;
-S: displays information about the current username.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.