1. The usermod command
The usermod command is used to change user attributes. Its format is usermod - parameter username . The commonly used parameters are as follows:
- a /append ##Append users to certain groups, only used with -G.
- d /home ## Specifies the user's home directory.
- e /expiredate ##Specify the date when the user account is disabled, the date format is: YY-MM-DD
- f /inactive ##How many days after the user account password expires to disable the account, 0 means to disable the account as long as it expires, -1 means to disable the function.
- g /gid ##Modify the user's gid, the gid must exist before it can be used
- G /groups ##Append users to certain groups, and can be appended to multiple groups, each group is separated by ","
- l /login ##Modify the user's login name
- L /lock ##Lock user's password=passwd -l username
- s/shell ## Modify the user's shell
- u / uid ##Modify user's uid, uid is unique
- U /unlock ##Unlock user's password=passwd -u username
Example analysis
Use usermod -g to modify the user's group, the execution result is as follows:
[root@localhost ~]# usermod -g li1 li1
[root@localhost ~]# id li1
uid=1001(li1) gid=1001(li1) 组=1001(li1)
[root@localhost ~]# usermod -g work1 li1
[root@localhost ~]# id li1
uid=1001(li1) gid=1002(work1) 组=1002(work1)
Use the usermod -G command to add users to multiple groups. The execution results are as follows:
[root@localhost ~]# usermod -G work1,lichao,li1 li1
[root@localhost ~]# id li1
uid=1001(li1) gid=1002(work1) 组=1002(work1),1000(lichao),1001(li1)
[root@localhost ~]#
Use usermod -d to change the user's home directory. The execution result is as follows:
[root@localhost ~]# tail -n2 /etc/passwd
lichao:x:1000:1000::/home/lichao:/bin/bash
li1:x:1001:1002::/home/li1:/bin/bash
[root@localhost ~]# usermod -d /home/lichao li1
[root@localhost ~]# !tail
tail -n2 /etc/passwd
lichao:x:1000:1000::/home/lichao:/bin/bash
li1:x:1001:1002::/home/lichao:/bin/bash
Use usermod -l to modify the user name, the execution result is as follows:
[root@localhost ~]# usermod -l ldy li1
[root@localhost ~]# tail /group
[root@localhost ~]# tail -n5 /etc/passwd
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
lichao:x:1000:1000::/home/lichao:/bin/bash
ldy:x:1001:1002::/home/lichao:/bin/bash
Use usermod -L to lock user passwords, use usermod -U to unlock user passwords
[root@test-01 ~]# usermod -L lichao
[root@test-01 ~]# tail /etc/shadow
avahi:!!:17512::::::
avahi-autoipd:!!:17512::::::
postfix:!!:17512::::::
sshd:!!:17512::::::
lc1:!!:17521:0:99999:7:::
lc2:!!:17521:0:99999:7:::
lichao:!$6$scJg7AnT$iJx/pPM2mLK8sWq0NDRX5Dur9wWLEKWwL8Zb5iYG6Y5ioV.WZtFbTeGaDGb4EVxrEXIsFuq3QKZrPyVrNzZLF0:17522:0:99999:7:::
li1:!!:17526:0:99999:7:::
li3:!!:17526:0:99999:7:::
lic3:!!:17526:0:99999:7:::
[root@test-01 ~]# usermod -U lichao
[root@test-01 ~]# !tail
tail /etc/shadow
avahi:!!:17512::::::
avahi-autoipd:!!:17512::::::
postfix:!!:17512::::::
sshd:!!:17512::::::
lc1:!!:17521:0:99999:7:::
lc2:!!:17521:0:99999:7:::
lichao:$6$scJg7AnT$iJx/pPM2mLK8sWq0NDRX5Dur9wWLEKWwL8Zb5iYG6Y5ioV.WZtFbTeGaDGb4EVxrEXIsFuq3QKZrPyVrNzZLF0:17522:0:99999:7:::
li1:!!:17526:0:99999:7:::
li3:!!:17526:0:99999:7:::
lic3:!!:17526:0:99999:7:::
[root@test-01 ~]#
2. User password management
Command to set a password for a user: passwd username
[root@test-01 ~]# passwd lichao
更改用户 lichao 的密码 。
新的 密码:
无效的密码: 密码包含用户名在某些地方
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@test-01 ~]#
Use passwd -l to lock an account's password = usermod -L . Use passwd -u to unlock an account = usermod -U . I won't go into details here. There is also a command to set a password for a user, passwd --stdin username
[root@test-01 ~]# passwd --stdin lichao
更改用户 lichao 的密码 。
12345678
passwd:所有的身份验证令牌已经成功更新。
This method is mostly used in scripts. Its format is echo "12345678" |passwd --stdin username
[root@test-01 ~]# echo "11223344" |passwd --stdin lichao
更改用户 lichao 的密码 。
passwd:所有的身份验证令牌已经成功更新。
There is also a way to change the password,
[root@test-01 ~]# echo -e "1122334455\n1122334455"|passwd lichao
更改用户 lichao 的密码 。
新的 密码:无效的密码: 密码未通过字典检查 - 它基于字典单词
重新输入新的 密码:passwd:所有的身份验证令牌已经成功更新。
[root@test-01 ~]#
** A little knowledge point, echo -e can appear a newline or Tab in this command. The usage is as follows:
[root@test-01 ~]# echo -e "11223344\n33445566"
11223344
33445566
[root@test-01 ~]# echo -e "11223344\t33445566"
11223344 33445566
When using the echo -e command, there are two sets of strings that follow, and the two sets of strings are separated by "\". After "\", add n and it will be displayed in a newline. After "\", add t, It will be displayed separately (equivalent to pressing the tab key)
3. mkpasswd tool
mkpasswd=make passwd. Before using it, make sure that the expect package is installed. If not, you need to install it first. When running mkpasswd, the system will generate a relatively safe and irregular string, which can be used as a password. You can specify the length mkpasswd -l , You can specify the number of special characters, mkpasswd-s
[root@test-01 ~]# mkpasswd
hj96QC>oi
[root@test-01 ~]# mkpasswd -l 15
j5cesyIq1e%upLf
[root@test-01 ~]# mkpasswd -l 10 -s 0
6OOgpugpl1