CentOS 7 User Management 3 - Users and Groups

User

etc/passwd stores the correspondence between user names and user IDs, which is equivalent to a database

[yxkong@localhost ~]$ tail /etc/passwd
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
radvd:x :75:75:radvd user:/:/sbin/nologin
chrony:x:994:993::/var/lib/chrony:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run /pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:993:991::/run/gnome-initial-setup/: /sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump: x:72:72::/:/sbin/nologin
yxkong:x:1000:1000:yxkong:/home/yxkong:/bin/bash

username:password:userid(uid):primary groupid(gid): GECOS: Home Directory: Login shell

users are divided into three categories:

Ordinary users

Ordinary users are the real users of the system. Usually /bin/bash is used as the login shell, and a subdirectory of /home is used as the home directory. The number of user IDs of ordinary users is usually >=500

root users.

User ID=0 is reserved for root users, and root users are sometimes called super users. Has full permissions on the system, usually using /root as the home directory

System User

Most Linux systems reserve a list of users with low UID values ​​as system users. System users do not represent people, but components of the system.

Groups

Users, the programs they run, and the files they own belong to a collection of groups. Group membership allows system administrators to effectively manage users with similar objects. Each user belongs to a primary group. A user may not belong to or belong to multiple secondary groups.
etc/group file

[yxkong@localhost ~]$ vim /etc/group
root:x:0:yxkong
bin:x:1:
daemon:x:2:
wheel:x:10:yxkong
cdrom:x:11:
mail: x:12:postfix #group
name group password group ID (GID) group members

Each file has a user owner and a group owner, primary group and secondary group, the default group of the file creator is called the primary group.

Check user information

id command is used to display user information and group information

[yxkong@localhost ~]$ id --help
Usage: id [OPTION]... [USER]
Print user and group information for the specified USER,
or (when USER omitted) for the current user.
  -a ignore, for compatibility with other versions
  -Z, --context print only the security context of the current user
  -g, --group print only the effective group ID
  -G, --groups print all group IDs
  -n, --name print a name instead of a number, for -ugG (print user or group name instead of numbers, needs to be used with -ugG, cannot be used alone)
  -r, --real print the real ID instead of the effective ID, with -ugG
  -u , --user print only the effective user ID
  -z, --zero delimit entries with NUL characters, not whitespace;
                   not permitted in default format
      --help display this help and exit
      --version display version information and

exit Without any options, the program displays some useful information to identify the user.

[yxkong@localhost ~]$ id #Print the current login user information directly
uid=1000(yxkong) gid=1000(yxkong) group=1000(yxkong),0(root),10(wheel) environment=unconfined_u:unconfined_r:unconfined_t :s0-s0:c0.c1023
[yxkong@localhost ~]$ id root #Print the information of the specified user
uid=0(root) gid=0(root) group=0(root)

whoami is used to get the current user name

[yxkong @localhost ~]$ whoami
yxkong

who, users and w commands are used to get the users users in the session to
print a simple list of currently logged in users

[yxkong@localhost ~]$ users #The virtual machine is not logged
in (unknown) yxkong
[yxkong@localhost ~ ]$ users #After the virtual machine is logged in as root,
root yxkong

w prints the information of all currently logged in system users, you can specify the user

[yxkong@localhost ~]$ w --help
Usage:
w [options]
Options:
-h, --no-header     do not print header(跳过标题)
-u, --no-current    ignore current process username()
-s, --short         short format(简短列表)
-f, --from          show remote hostname field(不要显示"FROM"字段)
-o, --old-style     old style output
-i, --ip-addr       display IP address instead of hostname (if possible)
     --help     display this help and exit
-V, --version  output version information and exit
For more details see w(1).
[yxkong@localhost ~]$ w  #虚拟机没有登录
08:39:30 up 26 min,  2 users,  load average: 0.39, 0.50, 0.31
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
yxkong pts/0 08:15 2.00s 0.17s 0.02sw
[yxkong@localhost ~]$ w
08:44:25 up 30 min, 2 users, load average: 0.42, 0.33, 0.27
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
yxkong :0 08:44 ?xdm? 19.18s 0.10s gdm-session-worker [pam/gdm-password]
yxkong pts/0 08:15 1.00s 0.17s 0.01sw
USER: Login user's Username
TTY: The terminal the user logs in to
FROM: If the user logs in from the Internet, the hostname the user uses
LONGIN@: The time the user started the session
IDLE: The time the terminal has been idle
JCPU: The CPU consumed by all currently running processes related to the terminal session The total amount of time
WHAT: the current running process of the user
who provides the details of the currently logged in user (similar to w), and can also be used to report system events, such as the current run level, system clock adjustment

[yxkong@localhost ~]$ who - -help
Usage: who [options]...[file|parameter1parameter2]
Displays information about the currently logged-in user.
  -a, --all is equal to -b -d --login -p -r -t -T -u option combination
  -b, --boot last system boot time -d   ,
  --dead show dead processes-
H, --heading output the header column of the header
  -l, --login shows the system login process
      --lookup tries to check the hostname via DNS
  -m only faces hosts and users that have direct interaction with standard input
  -p, -- process shows the active processes spawned by the init process
  -q, --count lists the login names and number of users of all logged-in users
  -r, --runlevel shows the current runlevel
  -s, --short only shows the name, line and number of users time (default)
  -T, -w, --mesg mark user message status with +, - or ?
  -u, --users list logged in users
      --message equals -T
      --writable equals -T
      --help Display this help information and exit
      --version Display version information and exit
[yxkong@localhost ~]$ who #The virtual machine is not logged in
(unknown) :0 2014-10-11 08:37 (:0)
yxkong pts/0 2014-10-11 08:15 (10.200.1.24)
[yxkong@localhost ~]$ who #The virtual machine is root after logging in as
root :0 2014-10-11 08:35 (:0)
yxkong pts/0 2014-10-11 08:15 (10.200.1.24)
Identity switch
su command allows users to switch user ID

[yxkong@localhost ~] $ su --help
Usage:
su [options] [-] [USER [parameters]...]
Change the effective user id and group id to USER's id.
A single - is treated as -l. If USER is not specified, root will be assumed.
Options:
-m, -p, --preserve-environment do not reset environment variables (temporarily keep currently set environment)
-g, --group <group> specify primary group
-G, --supp-group <group> specify an auxiliary group
-, -l, --login to make the shell a login shell
-c, --command <command> Use -c to pass a command to the shell (run the specified command, then return)
--session-command <command> Use -c to pass a command to the shell
                                 without creating a new session
-f, - -fast pass the -f option to the shell (csh or tcsh)
-s, --shell <shell> If /etc/shells allows it, run a shell (with SHELL as the new user's shell)
-h, --help show this help And exit
-V, --version Output version information and exit the

su command is invoked through a common string, such as: su-, indicating that the user should be effectively logged in as a new user.
For example:
su username is only temporary use of the corresponding user's shell, after use up, the current login name of su can be returned

[yxkong@localhost ~]$ su root 
password:
[root@localhost yxkong]# #The new shell is called user root Shell, any process started on this shell belongs to root, this shell is called non-login shell. root is not fully logged in,

su - username The user is fully logged in as a new user, and has nothing to do with the original user

[yxkong@localhost ~]$ su - root
Password:
Last login: On October 13 08:37:27 CST 2014pts/1
[root@localhost ~]#
[yxkong@localhost ~]$ su #Temporarily switch to the root user without adding any parameters
Password :
[root@ localhost yxkong]# su - #Permanent switch
Password :
Last login: Oct. 13 08:47:26 CST 2014pts/1 On
[root@localhost ~]#

newgrp command, also known as sg, allows users to switch main Group (switch primary group) ID
usage:

[yxkong@localhost ~]$ sg --help
usage: sg group [[-c] command]

to see that the main group of yxkong is yxkong

[yxkong@localhost ~]$ id
uid=1000 (yxkong) gid=1000(yxkong) group=1000(yxkong),0(root),10(wheel) environment=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[yxkong@localhost ~]$ sg root

execution After the command, you can see that the main group of yxkong has become root

[yxkong@localhost ~]$ id
uid=1000(yxkong) gid=0(root) 组=1000(yxkong),0(root),10(wheel) 环境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023