Linux notes: users and user groups

Others 2020-04-18 01:01:37 views: null

Users in Linux are usually divided into root users (super administrators) and ordinary users, because you may want to create some ordinary users with special purposes in different scenarios. At this time, the newly created users can be divided into different according to different usage scenarios. In the user group, and then set the relevant permissions to the user group, so that users in the user group can perform certain operations or can not perform certain operations, in order to manage numerous users. The purpose of establishing a user group is to facilitate management in order to cope with complex usage scenarios. Of course, it is not necessary to add users to a user group. This article talks about some common operations of users and user groups, and how to view related information of users and user groups.

 

1. Common user and user group operation commands

useradd command
useradd [options] username: add a user.
After adding a user, the system will automatically generate or add some files and configurations:

  • / etc / password: add the corresponding user information.
  • / etc / shadow: add the password information of the corresponding user.
  • / etc / group: Add user's group information.
  • / etc / gshadow: Add the password information of the user's corresponding group.
  • / home / username /: Generate the corresponding user home directory.
  • / var / spool / mail / username /: Generate the corresponding user mailbox directory.

Options:

  • -u UID: Manually specify the user's UID (it is not recommended to manually specify it).
  • -d home directory: manually specify the user's home directory (it is not recommended to manually specify it).
  • -c User description: Specify the user's description manually.
  • -g group name: manually specify the user's initial group (it is not recommended to manually specify it).
  • -G group name: Manually specify additional groups of users. If multiple groups are specified, multiple group names are connected with commas.
  • -s shell: Manually specify the user's login shell, the default is / bin / bash.

Note: Some default settings when the useradd command is executed are specified in / etc / default / useradd. The home directory is under / home. Other default information can be viewed in /etc/login.defs

 

passwd command
passwd [options] [user]: Set a password for a user, the root user can set a password for anyone.
If no user name is entered, it means that the current user's own password is changed, but only the root user can change the password of another person. If it is not the root user, the user name cannot be specified at all, because ordinary users are not allowed to modify others' passwords at all.
Ordinary users must comply with the password rules when setting their own passwords. Only the root user can set passwords at will.
Options:

  • -S: Query password status information of user password (only root user is available).
  • -l: temporarily lock the user (only the root user is available), the user cannot temporarily log in. The actual operation performed by the system at this time is to add the password of the corresponding user in the / etc / shadow file (storing user password-related information) An exclamation mark!
  • -u: Unlock the user (only the root user is available), or you can manually modify the password of the corresponding user in the / etc / shadow file, and delete the exclamation mark in front of the password!
  • --stdin: The data that can be output through the pipe character is used as the user's password, such as echo "123" | passwd --stdin user1, which sets 123 to the password of user1. This option is most commonly used when using shell script programming.

 

who / w command
who: directly view the currently logged in user information. Including user name, login terminal, login time, login host ip (no value means local login).
Login terminal:

  • tty: indicates a local terminal, that is, logging in directly on the Linux system.
  • pts: Remote login, that is, login using the connection tool.

w: View detailed information of the currently logged in user. Compared to who, additional information includes:

  • Current system time.
  • up: the continuous running time of the system.
  • The number of currently logged in users.
  • Current system load.
  • IDLE: The idle time of the logged-in user (the time without any operation).
  • JCPU: The total CPU time occupied by the logged-in user.
  • PCPU: CPU time occupied by the logged-in user to perform the operation.
  • WHAT: Log in the current command executed by the user.

 

usermod / chage command
usermod [options] user: modify the user information of an existing user.
The commands supported in the useradd command are supported by usermod, and the additional supported options are:

  • -L: temporarily lock the user.
  • -U: Unlock the user.

chage [Option] User name: modify the user password status.
Options:

  • -l: List the user's detailed password status.
  • -d Date: The last time the password was changed. Usually this option is often used in shell scripts. This value is set to 0 in the script, which will cause the user to be required to change the password before using the first login.
  • -m days: the interval between two password changes.
  • -M days: change the password validity period.
  • -W days: warning days before password expiration.
  • -I days: grace days after the password expires.
  • -E Date: Account expiry time.

 

userdel / id / su command
userdel [-r] username: delete a user. The -r option indicates that the user's home directory is deleted at the same time that the user is deleted.
id Username: View the user's UID and GID information.
su [options] username: switch user identity.
Options:

  • -: Indicates that the environment with the user is also switched, such as su-root.
  • -c: Only use the user's identity to execute the command once, but do not switch identities. Such as su-root -c "useradd user3" means to call the root user to add a user3 user.

 

groupadd / groupmod / groupdel / gpasswd command
groupadd [options] group name: add a user group.
Options:

  • -g GID: Set the GID of the user group.

groupmod [options] group name: modify group information.
Options:

  • -g GID: modify the GID of the user group.
  • -n New group name: modify the group name.

groupdel group name: delete the corresponding user group.
gpasswd [options] group name: add the user to the group or delete it from the group.
Options:

  • -a username: add the user to the group.
  • -d username: delete the user from the group.

 

Second, view user and user group information

The user information file / etc / passwd
stores the user's basic information. Each line stores one user's information, and there are as many users as there are lines.
The user information in each line is separated by a colon and has 7 parts:

  • The first field: user name.
  • The second field: password identification, generally x, indicating that the user has a password (the real password is stored in the file / etc / shadow), if this item has no value, it means that the user has no password You can log in directly without entering a password (in this case, no password can only be logged in on this machine, it is not possible to log in through remote connection).
  • The third field: UID, that is, the relationship between user ID, user name and UID, is equivalent to the relationship between domain name and IP, IP is not easy to remember, then remember the domain name, so users only need to remember the user name, not UID, UID is recognized and remembered by the system.
    • 0: Super user, the root is not necessarily the administrator, but the UID is 0 must be the administrator.
    • 1-499: System users (pseudo-users), be careful not to modify the things of these users.
    • 500-65535: ordinary users.
  • The fourth field: GUD, the user's initial group ID.
    • Initial group: Refers to the user who has the relevant permissions of this user group as soon as he logs in. Each user can only have one initial group. Generally, the user name of this user is used as the name of this group. Not recommended to modify).
    • Additional groups: A user can belong to multiple groups and have the permissions of these groups. Among the groups to which the user belongs, either the initial group or its additional group.
  • The fifth field: user description information, you can not add this information.
  • The sixth field: the user's home directory.
    • Super user: / root /
    • Ordinary user: / home / username /
  • The seventh field: Shell after login, the default is the standard Shell of the system: / bin / bash. At the same time, the shell of ordinary users must be / bin / bash, otherwise they cannot log in. If you specify the shell of a user as / sbin / nologin, it means that the user is disabled and the user is not allowed to log in.

 

User password file / etc / shadow
This file saves the user password related information, and the permissions of this file are ------------, that is, if it is an ordinary user, the read permission is not available, of course, the root user Can read and write.
Each line in this file holds a user's information, and also uses a colon to separate different user information, a total of 9 fields:

  • The first field: user name.
  • The second field: the encrypted password. If this item is !! or *, this user has no password and cannot log in. If you want to disable a user's login, just add one before his password! That's it.
  • The third field: the last modification date (days) of the password, using the number of days from January 1, 1970 to the current.
  • The fourth field: the minimum time interval allowed to change the password.
  • The fifth field: password validity period (days), refers to how many days after the password is changed to be valid.
  • The sixth field: the user will be reminded to change the password n ​​days before the password expires, and you will be prompted to change the password every time you log in within the n days.
  • The seventh field: the grace days after the password expires. If it is not written, it means the password is invalid immediately. After the password expires, the user will not be able to log in.
    • 0: The effect is the same as not writing, that is, the password becomes invalid immediately after it expires.
    • -1: indicates that the password will never expire. At this time, the effect of setting the validity period of the fifth field will be overwritten.
  • The eighth field: account expiration time, using the timestamp format (days). After this time is set, all the previous settings will be overwritten. After the time is up, this account will be invalid immediately.
    • Convert timestamp to time: execute the command like "date -d" 1970-01-01 [16076] days "", in which 76076 days in square brackets can be set by yourself.
    • Convert time to timestamp format: execute the command "echo $ (($ date --date =" 2014/01/06 "+% s) / 86400 + 1)" to view the corresponding timestamp (1970-01-01 Days to today).
  • The ninth field: reserved field (temporarily useless).

 

Group information file / etc / group
This file stores the user's group information, one line represents the information of a group, and uses a colon to separate different group information, a total of 4 fields:

  • The first field: group name.
  • The second field: group password identification, generally x, indicating that this group has a password, but the group password is not commonly used, and it is not recommended to set a group password. The group password is also stored in a shadow file / etc / gshadow.
  • The third field: GID, which is the group ID.
  • The fourth field: additional users in the group.

 

The group password file / etc / gshadow is
used to store the relevant information of the group password. One line represents the information of a group password, and a colon is used to separate different group password information. There are 4 fields in total:

  • The first field: group name.
  • The second field: group password.
  • The third field: group administrator user name.
  • The fourth field: additional users in the group.

 

User template directory
/ etc / skel /: This directory defaults to some hidden files. When creating a user, it will automatically copy all the files in this directory to the corresponding user's home directory. When you want to create a user, some files will be automatically generated. In the corresponding home directory, you can put these files in this directory.

 

Guess you like

Origin www.cnblogs.com/guyuyun/p/12723551.html
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com