View all users and all user groups under Linux

Source: Internet
Author: User
Tags addgroup readable file permissions

Groups viewing the members of the currently logged on user group
Groups Gliethttp View the group that the Gliethttp user is in, and the members in the group
WHOAMI View the currently logged in user name

/etc/group file contains all groups
All user names exist for/etc/shadow and/etc/passwd systems

1,/etc/group commentary;
The/etc/group file is a user group profile that includes users and user groups, and can show which user group or groups of users belong to, because one user can belong to one or more different groups of users, and users of the same user group have similar characteristics. For example, if we add a user to the root user group, then the user can browse the root user's home directory files, if the root user to open the read and write permissions of a file, all users of the root user group can modify the file, if it is executable files (such as scripts), The user of the root user group can also be executed;

User group's characteristics in system management for the system administrator to provide a great convenience, but security is also worth attention, such as a user under the system management has the most important content, it is best to let users have a separate user group, or the user under the permissions of the file is set to fully private In addition, the root user group is generally not easy to add ordinary users to enter,

2,/etc/group content specific analysis
The content of/etc/group includes user group, user group password, GID, and user group, a record of each user group, in the following format:

Each record in/etc/group is divided into four fields:
First field: User group name;
Second field: User group password;
Third field: GID
The fourth field: User list, with each user, the number is divided; This field can be empty, if the word blank indicates the user group is the GID user name;
Overview of Linux User and user group management
Reference URL:
One, the understanding of Linux single-user multi-tasking, multi-user multi-tasking concept;

Linux is a multi-user, multi-tasking operating system, we should understand the single-user multi-tasking and multi-user multi-tasking concept;

1, Linux Single-user multi-tasking;
Single user multitasking; For example, when we log into the system with Beinan, I want to open gedit to write the document, but in the process of writing the document, I feel less music, so open the Xmms to some music, of course, listen to some music, MSN still have to open, want to know what a few brothers are doing now, Like this, I am using Beinan user login, executed gedit, XMMS and MSN, and of course, the input method fcitx; This is a bit simpler, a Beinan user, in order to complete the work, carried out a few tasks; Of course Beinan this user, Others can also do other things by logging in remotely.

2, Linux Multi-user, multi-tasking;
Sometimes it may be a lot of users at the same time with the same system, but not all users must do the same thing, so this has a multi-user multi-tasking said;

For example, such as the server, which has FTP users, system administrators, Web users, regular users, and so on, at the same time, may have some brothers are visiting the forum, some may be uploading package management sub-station, such as Luma or yuking Brother in the management of their home system and FTP; At the same time, there may be a system administrator to maintain the system, browse the homepage is used by the nobody users, everyone with the same, and upload the package with the FTP user, the administrator of the system maintenance or review, May use a normal account or Superuser root account, different users have different permissions, to complete different tasks need different users, can also say that different users, may be completed work is not the same;

Noteworthy is: Multi-user multi-tasking is not everyone at the same time squeezed to a machine in the keyboard and display to operate the machine, multi-user may be through remote login, such as remote control of the server, as long as there is user rights can be up to anyone to operate or access;

3, the role of users to distinguish;
Users in the system are sub-roles, in the Linux system, due to different roles, permissions and the tasks completed are different; it is noteworthy that the user's role is through UID and identification, especially UID; in system management, the system administrator must adhere to the unique characteristics of UID;
Root User: The system is unique, is real, can log on the system, the operating system can be any file and command, with the highest authority;
Virtual User: This kind of user is also called pseudo-user or false user, distinguish from real user, this kind of user does not have the ability to log in system, but it is the user that the system runs indispensable, such as bin, daemon, ADM, ftp, mail, etc., this kind of user is owned by the system itself, not later added, Of course we can also add virtual users;
Ordinary real users: such users can log into the system, but only the contents of their own home directory, limited access, such users are the system administrator to add their own;

4, the security of multi-user operating system;
Multi-user system is more convenient for system management from the fact. From the security point of view, multi-user management of the system more secure, such as Beinan users under a file do not want to let other users see, just set up the file permissions, only Beinan a user readable writable editable on the line, so that only Beinan a user can operate their private files , Linux in multi-user performance is the best, Linux can well protect the security of each user, but we also have to learn that Linux is a safe system, if there is no security-conscious administrator or management technology, such a system is not secure.

From the server point of view, multi-user system security is also the most important, we commonly used Windows operating system, it can only be said that the ability to manage the rights management, there is no way to the Linux or Unix-like system compared;

( user) and user groups (group) concept;

1, the user's concept;
With the understanding of Linux multiuser before, we understand that Linux is the real multi-user operating system, so we can build a number of users in the Linux system. For example, our colleagues want to use my computer, but I do not want him to use my username login, because my user name has not wanted to let others see the information and information (that is, privacy content) then I can give him a new user name, let him use the user name I opened to toss, This is consistent with the operational rules from the point of view of computer security;

Of course the user's concept of understanding is not only this, in the Linux system there are also some users are used to accomplish specific tasks, such as nobody and FTP, we visit Web program, is nobody users; when we visit FTP anonymously, User FTP or Nobody will be used, if you want to know some of the Linux system account, please check/etc/passwd;

2. The concept of user groups (group);
User groups (group) is a collection of users with the same characteristics, for example, sometimes we want to have multiple users with the same permissions, such as viewing, modifying a file or executing a command, we need the user group, we define the user to the same user group, we modify the file or directory permissions , so that the user group has a certain operation permissions, so that users under the user group has the same permissions to the file or directory, which we define the group and modify the file permissions to achieve;

For example, in order for some users to have permission to view a document, such as a schedule, and the person who writes the timesheet has permission to read and write, we want some users to know the content of the timesheet without letting them modify it, so we can put these users into a group and then modify the permissions of the file. Make the user group readable so that each user under the user group is readable;

The correspondence between users and user groups is: one-to-many, one or one-to-many or many-to-many;
Single: A user can be the only member of a group;
Many-to-one: multiple users can be a member of a unique group, not belong to other user groups, such as Beinan and Linuxsir two users only belong to the Beinan user group;
One-to-many: a user can be a member of more than one user group, for example, Beinan can be a member of the root group or a member of the Linuxsir user group, or it can be a team of ADM users;
Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group, in fact, many-to-many relationship is the extension of the previous three, understand the above three, this article can also understand;

third, user and user groups (group) related configuration files, commands or directories;

1, the user and user groups (group) related configuration files;

1) User-related configuration files;
/ETC/PASSWD Note: User's configuration file;
/etc/shadow Note: User shadow password file;

2) configuration files related to user groups (group);
/etc/group Note: User groups (group) configuration file;
/etc/gshadow Note: Shadow files for user groups (group);

2. Tools or commands for managing users (user) and user groups (group);

1) tools or commands for managing users (user);

Useradd Note: Add user adduser Note: Add user passwd Note: Set a password for the user usermod Note: Modify the user command, you can modify the login by Usermod, the user's home directory and so on; Pwcov Note: Synchronizing users from/etc/passwd to/ ETC/SHADOWPWCK Note: Pwck is to verify that the user profile/etc/passwd and/etc/shadow file contents are legitimate or complete; Pwunconv Note: Pwcov is the reverse operation, from/etc/shadow and/etc/ passwd create/etc/passwd, and then delete the/etc/shadow file; Finger Note: View the user Information tool ID Note: View the UID, GID, and user group belonging to the user CHFN Note: Change user information tool SU Note: User Switching tool sudo note: s The Udo is executed by another user (execute a command as another user), SU is used to switch the user, and then by the user to switch to complete the corresponding task,
However, Sudo can execute commands directly behind it, such as sudo does not require root password to perform root assignment, only root can execute the corresponding command, but it has to be done by Visudo to edit/etc/sudoers; Visudo Note: Visodo is edit/etc /sudoers command; You can also use the VI to edit the/etc/sudoers effect is the same; Sudoedit Note: The same as sudo function;

2) tools or commands for managing user groups (group);

Groupadd Note: Add user group; Groupdel Note: delete user groups; Groupmod Note: Modify user group Information groups Note: Displays the user group to which the user belongs GRPCK grpconv Note:/etc/group and/etc/gshadow File content to synchronize or create/etc/gshadow, if/etc/gshadow does not exist; Grpunconv Note: Synchronize or create/etc/gshadow with/etc/group and/etc/group file contents Then delete the Gshadow file;

3,/etc/skel directory;

/etc/skel directory is usually a directory of user startup files, this directory is controlled by root permissions, when we add users, the files in this directory are automatically copied to the newly added user's home directory, the files under the/etc/skel directory are hidden files, It is similar to the. file format; We can provide users with a unified, standard, Default user environment by modifying, adding, and deleting files in the/etc/skel directory;

[Email protected] beinan]# ls-la/etc/skel/
Total dosage 92
Drwxr-xr-x 3 root root 4096 August 11 23:32.
Drwxr-xr-x-root root 12288 October 14 13:44.
-rw-r--r--1 root root 24 May 00:15. bash_logout
-rw-r--r--1 root root 191 May 00:15. Bash_profile
-rw-r--r--1 root root 124 May 00:15. BASHRC
-rw-r--r--1 root root 5619 2005-03-08. Canna
-rw-r--r--1 root root 438 May 15:23 Emacs
-rw-r--r--1 root root 120 May 05:18. GTKRC
Drwxr-xr-x 3 root root 4096 August 23:16. KDE
-rw-r--r--1 root root 658 2005-01-17. ZSHRC

/etc/skel directory files, generally we use the Useradd and AddUser command to add Users (user), the system automatically copied to the new Add users (user) in the home directory, if we modify the/etc/passwd to add users, We can create the user's home directory by ourselves, then copy the files under/etc/skel to the user's home directory, then use Chown to change the owner of the new user's home directory;

4,/etc/login.defs configuration file;
/etc/login.defs files are some planning when creating a user, such as when creating a user, whether the home directory, the UID and GID range, the user's deadline, and so on, can be defined by root;

such as Fedora's/etc/logins.defs file content;

 # *required* # Directory where mailboxes reside, _or_ name of File, relative to the # home Directory. If you _do_ define Both, mail_dir takes precedence.# Qmail_dir are for qmail# #QMAIL_DIR Maildir mail_dir/var/spool/m AIL Note: When creating a user, create a user MAIL file in directory/var/spool/mail; #MAIL_FILE. mail# Password Aging CONTROLS: # # Pass_max_days Maximum number Of days a password is used.# pass_min_days Minimum number of days allowed between password changes. # pass_min_le N Minimum acceptable Password length.# pass_warn_age number of days warning given before a password expires. # pass_m ax_days 99999  Note: The user's password is the maximum number of days; pass_min_days 0  Note: The minimum number of days between password modifications; pass_min_len 5   NOTE: Minimum password length;pass_warn_age 7  note: # # Min/max values for automatic uid selection in useradd# uid_min 500& nbsp; Note: The minimum UID is 500, that is, when adding a user, the UID is starting from 500; uid_max 60000  Note: The maximum UID is 60000; # # Min/max values for automatic GID selection in Groupadd # gid_min 500  Note: GID isStarting from 500; gid_max 60000 # # If defined, this command is run when removing a user. # It should Remov e any at/cron/print jobs etc. owned by# the user to be removed (passed as the first argument). #  #USERDEL_CMD/usr/sbin/userdel_local # If Useradd should create home directories for users by default # on RH Systems, we do. This option was ORed with THE-M flag on #, Useradd command line. # Create_home Yes: Create a user home directory and request a; 

5,/etc/default/useradd documents;
The rule file when adding user through useradd;
# useradd defaults file
Home=/home Note: The user's home directory is built in/house;
Inactive=-1 Note: Whether to enable account expiration, 1 means not enabled;
Expire= Note: Account termination date, do not set the indication is not enabled;
Shell=/bin/bash Note: The type of shell used;
Skel=/etc/skel Note: By default, add the user's directory default file location, that is, when we add users with AddUser, the files in the user's home directory are copied from this directory in the past;

About the user and user Group (group) management content is about this much, as long as the above mentioned content and grasp, the user (user) and group management is almost Because the user and user groups (group) are associated with file and directory permissions, the operation of file and directory permissions will be independently written to introduce to you;

This article just let the novice brother understand the user and user groups (group) Some principles, so I write this article, most of the commentary content, I mean through the explanation and index some commands, let the novice brother understand a little theory is more important, technical operation is nothing more than command usage;

Linux users, user groups, file permissions Learning notes
Reference URL:

Recently intend to learn more carefully about Linux operating system. First, it's a bad thing. User, user group, file permissions These three more important knowledge.
To learn these things, you have to first grasp the Linux permissions system related knowledge.
Linux permissions system is mainly composed of users, user groups and permissions.
A user is a user who logs in and uses Linux. Linux internally is represented by a UID.
A user group is a grouping of users. Linux is represented internally by a GID.
Permissions are divided into three types of permissions: Read, write, and execute.

Linux user information is stored in the/etc/passwd file, and in addition, the/etc/shadow file contains information about the user's password.

/ETC/PASSWD file Format:
User name: Password: uid:gid: User info: Home directory path: User shell
Where UID 0 is the user root,1~499 for the system user, more than 500 for the average user

/etc/shadow Save the user password information, including the password after encryption, password expiration time, password expiration prompt days and so on.

The user group information is saved in the/etc/group file.
The format is as follows:
User group name: group Password: GID: In-group account (multiple accounts separated by commas)

After the user logs in, the GID in the/etc/passwd file is the user's initial user group.
The fact that the user's initial user group is no longer reflected in the/etc/group.

To view the user group commands for the current user:
[[email protected] opt] #groups
Root bin daemon Sys adm disk wheel
Output information, the first user group is a valid user group for the current user (current user group)

To toggle a valid user group command:
[[email protected] opt] #newgrp user group name
To leave the new active user group, enter exit carriage return.

New User command:
[[email protected] opt] #useradd user name-G initial user group-G Other user groups (modify/etc/group)-C User Description-U specify UID

Users need to set a password for the user:
[[email protected] opt] #passwd username

The user wants to modify their password command:
[[email protected] opt] #passwd

To modify the user Information command:
[[email protected] opt] #usermod parameter user name
-C Description
-G Group name Initial user group
-E Expiration date format: YYYY-MM-DD
-G group name other user groups
-L Modify User name
-L Lock Account (two exclamation mark in front of user's password password string in/etc/shadow file) )
-U unlock

To delete a user command:
[[email protected] opt] #userdel [-r] User name
where the parameter-R is the home directory for the user to delete.
In fact, there may be other places in the system also have the user file, to complete delete a user and its files to find the file belonging to him first:
[[email protected] opt] #find/-user user name
Then delete and then run Userdel to delete the user.

To view the available shell commands:
[[email protected] opt] #chsh-l
To modify your own shell command:
[[email protected] opt] #chsh-s

View yourself or someone uid/gid information:
[[email protected] opt] #id [user name]
Return information in groups as a valid user group

New User Group command:
[[email protected] opt] #groupadd user group name

To modify a user group name command:
[[email protected] opt] #groupmod-n Name

To delete a user group command:
[[email protected] opt] #groupdel user group name

Set User Group Password command:
[[email protected] opt] #gpasswd user group name

If the GPASSWD plus parameter has other functions

Set User Group Administrator command:
[[email protected] opt] #gpasswd-a user name user group name

Add an account to group command:
[[email protected] opt] #gpasswd-m user name user group name

To remove an account command from a group:
[[email protected] opt] #gpasswd-d user name user group name

passwd Related parameter operation:
-L Lock User
-U Unlock User
-N days password cannot be changed days
-X days password expires in days
-W Days Warning days

Knowledge of file Permissions

Let's look at an example:
[[email protected] opt] #ls-al
The Ls-al command is to list all files in the directory, including hidden files. The first character of the hidden file's file name is '. '
-rw-r--r--1 root root bayi 08-02 14:54 gtkrc-1.2-gnome2
-RW-------1 root root 189 08-02 14:54 iceauthority
-RW-------1 root root 08-05 10:02. lesshst
drwx------3 root root 4096 08-02 14:54. metacity
Drwxr-xr-x 3 root root 4096 08-02 14:54 Nautilus

The columns of the list are defined as follows:
[Permission Property Information] [Number of connections] [owner] [owner-owned user group] Size [Last Modified time] FileName

The permission attribute list is 10 characters:
The first character indicates the file type, D is the directory-for normal file L for connection b for the storage interface device C for keyboard and mouse input device
2, 3, 4 characters represent owner permissions, 5, 6, 7 characters represent owner-group user Rights, 8, 9, 10 for other user rights
The second character represents the owner Read permission, or R if there is permission, or-
The third character represents the owner write permission, or W if there is permission, or-
The fourth character represents the owner execution permission, or X if there is a permission, or-
The fifth character indicates that the owner is in the same group as the user Read permission, if the permission is R, no permission is-
The sixth character indicates that the owner is the same as the group user write permission, if the permission is W, no permission is-
The seventh character indicates that the owner performs the permissions with the group user, and if the permission is x, no permission is-
The eighth character represents other non-identical read permissions, and if there is a permission R, no permission is-
The nineth character represents the other non-identical write permissions, if the permission is W, no permission is-
The tenth character represents the other non-identical group execution permissions, if the permission is x and no permission is-

Modify a file to belong to the Group command:
[[email protected] opt] #chgrp [-r] Group name file name
Where-R is the recursive setting

To modify the owner and group commands for a file:
[[email protected] opt] #chown [-r] User [: User Group] File name

To modify File access Permissions command:
[[email protected] opt] #chmod [-r] 0777 file name

At this point, users, files and permissions related things, summed up a 7788, the next is, usually dare to use a variety of commands, diligent to see the summary of this article.
How Linux views users and user groups
Feature Description: Find and display user information.
Syntax: whois [account name]
Note: The WHOIS directive will go to find and display user-related information for the specified account, because it is located in the WHOIS database of network Solutions, so the account name must be registered on the above to be found, and the name is not the case difference.
Function Description: The user name appears first.
Syntax: WhoAmI [--help][--version]
Supplemental Note: Displays the user name of itself, this instruction is equivalent to execute "id-un" instruction.
--help online Help.
--version Displays version information.
Feature Description: Displays the user information currently logged into the system.
Syntax: Who [-himqsw][--help][--version][am i][record file]
Additional note: The implementation of this directive will be informed that there are currently users logged into the system, the individual implementation of the WHO command would list the login account, the terminal used, login time and from where to log in or use which x monitor.
-H or--heading displays the header information column for each field.
-I or-u or--idle displays idle time, and if the user has performed any action within the first minute, it will be marked as "." If the user has not had any action for more than 24 hours, the "old" string is marked.
-M The effect of this parameter is the same as specifying the "Am I" string.
-Q or--count only displays the account name and total number of logged-in systems.
-S This parameter ignores non-processing and is only responsible for resolving compatibility issues with other versions of the WHO directive.
-W or-t or--MESG or--message or--writable displays the user's information status bar.
--help online Help.
--version Displays version information.
Feature Description: Displays the user information currently logged into the system.
Syntax: w [-fhlsuv][user name]
Additional note: The implementation of this directive will be known to users who are currently logged into the system, as well as the programs they are executing. Execute W separately
The command displays all users, and you can specify the user name to display only information about a user.
-F turn on or off to show where users are logged into the system.
-H does not display the header information column for each field.
-L uses a detailed format list, which is a preset value.
-S uses a concise format list, which does not show the CPU time consumed by user login times, terminal stage jobs, and programs.
-U ignores the name of the executing program and the information that the program consumes CPU time.
-V Displays version information.
Finger command
The function of the finger command is to query the user's information, which usually displays the user name, home directory, time of stagnation, logon time, login shell, etc. of a user in the system. If you want to query the user information on the remote computer, you need to follow the user name "@ hostname", the [username @ hostname] format, but to query the network host needs to run the finger daemon.
The general format of the command is:
finger [options] [users] [user @ host]
The meanings of the options in the command are as follows:
-S displays information such as the user's registered name, actual name, terminal name, write status, stall time, logon time, and so on.
-L In addition to the information displayed with the-s option, it also displays information such as the user's home directory, login shell, message status, and the contents of the. Plan,. Project, and. Forward files in the user's home directory.
-P is the same as the-l option except that the. plan file and the. project file are not displayed.
[Example] use the finger command on the local machine.
$ finger XXQ
Directory:/home/xxq Shell:/bin/bash
Last login Thu Jan 1 21:43 (CST) on tty1
No Mail.
No Plan.
$ finger
Login Name Tty Idle Login Time Office Office Phone
Root root * 25 09:17
/etc/group file contains all groups
All user names exist for/etc/shadow and/etc/passwd systems
To modify the method of the group to which the current user belongs
Usermod or you can modify the/etc/paaawd file directly
Vlock (Virtual Console lock)
Function Description: Lock the virtual terminal.
Syntax: Vlock [-ACHV]
Additional Note: Execute Vlock instruction can lock virtual terminal, avoid others to use.
-A or--all locks all end-stage jobs, and if you use this parameter in a full-screen terminal, the keyboard
The function of switching terminals is closed.
-C or--current locks the current terminal stage job, which is a preset value.
-H or--help online Help.
-V or--version displays version information.
Function Description: Modify user account.
Syntax: Usermod [-lu][-c < remarks >][-d < login directory >][-e < expiration >][-f < buffer days >][-g < group >][-g < group >][-l & lt; account name >][-s][-u [user account]
Additional note: Usermod can be used to modify the user account settings.
-c< Notes > Modify the Notes text for the user account.
-D Login Directory > Modify user login directory.
-e< Expiration date > Modify the expiration date of the account.
-f< Buffer days > Modify the number of days after the password expires to close the account.
-g< Group > Modify the group to which the user belongs.
-g< Group > Modify the additional groups to which the user belongs.
-l< Account name > Modify user account name.
-L LOCKS the user password to invalidate the password.
-S modifies the shell used by the user when they log in.
-U modifies the user ID.
-U unlocks the password.
Feature Description: Delete the user account.
Syntax: Userdel [-r][user Account]
Additional Note: Userdel can delete the user account and related files. Without parameters, only the user account will be deleted, not the relevant files.
-F Delete the user log in directory and all files in the directory.
Function Description: User account Setup program.
Syntax: userconf [--addgroup < group >][--adduser < user id>< Group >< user name >][--delgroup < group >][--deluser < user Id>][--help]
Supplementary Note: Userconf is actually for the linuxconf symbolic connection, provides the graphical interface operation Way, for the administrator to establish and manages each kind of account. If no parameters are added, the graphical interface is entered.
--addgroup< groups > new groups.
--adduser< User id>< Group >< user name > Add user account.
--delgroup< groups > Delete groups.
--deluser< user id> Delete user account.
--help display Help.
Function Description: Set up user account.
Syntax: Useradd [-mmnr][-c < remarks >][-d < login directory >][-e < expiration >][-f < buffer days >][-g < group >][-g < group >][-s ][-u [user Account] or useradd-d [-b][-e < expiration >][-f < buffer days >][-g < group >][-g < group >][-s]
Additional note: Useradd can be used to create user accounts. After the account is built, then use passwd to set the password of the account. You can delete an account by using Userdel. The account number created by using the USERADD directive is actually saved in the/etc/passwd text file.
-c< Notes > Add notes text. Note text is saved in the remarks field of the passwd.
-d< Login Directory > Specify the start directory for user login.
-D Change the preset value.
-e< Expiration date > The expiry date of the specified account.
-f< buffer days > Specify the number of days after the password expires to close the account.
-g< Group > Specify the group to which the user belongs.
-g< Group > Specify the additional groups to which the user belongs.
-M automatically establishes the user's login directory.
-M do not automatically establish the user's login directory.
-N cancels the creation of a group named after the user name.
-R Establish the system account number.
-s Specifies the shell to use when the user is logged in.
-u specifies the user ID.

View all users and all user groups under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.