UBUNTU user and user group management
from: http://my.oschina.net/zhangqingcai/blog/32094
Create group:
$sudo addgroup ccache
Create user:
$sudo useradd ccache -g ccache -M
Create a wfz user and create a HOME directory, specify the user group as ccache
$sudo useradd wfz -g ccache -m
Add an existing user to the specified group
$sudo adduser $USER ccache
$sudo adduser dbh ccache
$sudo adduser paul ccache
$sudo adduser wfz ccache
Display user ID and group information:
~$ id
uid=1001(dbh) gid=1001(dbh) groups=115(admin),1001(dbh)
$ cat /etc/group
ccache:x:1002:dbh,paul,wfz
1. Management of users and user groups:
The multi-user concept of Linux means that multiple users can use the system at the same time.
(1) User account file - passwd
Passwd is a text file (one user per line) that defines the user account of the system, located in the "/etc" directory. The file contains a list of system accounts, storing some useful information for each account, such as user ID, group ID, home directory, shell, etc. (separated by ":"). Only the user account is defined, and the password is not saved (represented by "x", if there is no sun:: there is no password). The real password is stored in the Shadow file, which cannot be read by ordinary users at all, and the encrypted ciphertext cannot be read, which can improve the security of the user account.
E.g:
[root@sun root]# head /etc/passwd
root:x:0:0:root:/root:/bin/bash means there are 7 fields: login name: with or without password: user ID: group ID: account remarks: user home directory: the name of the user shell when logging in (Super user has permission to modify)
(2) User password file - shadow
Each line defines a user information, and each field in the line is separated by:. To further improve security, the password file stores the encrypted password of the user: *, special symbol
[root@sun root]# head /etc/shadow
Login name: Encrypted password (represented by * or other special characters): The number of days since the last password change since 1970.1.1: The number of days that cannot be changed after the password is changed: The number of days that the password must be changed after the password is changed (validity period): Before the password expires The number of days to warn the user: the number of days since the account is blocked after the password expires: the number of days since 1970.1.1 when the account was blocked: reserved.
(3) User group account file - group
User group: A logical way of organizing a collection of user accounts. Users are allowed to share files within their groups. Each file in the system has a user and an associated user group. Use the "ls -l" command to view the attributes and groups of each file.
[root@sun root]# head /etc/group
root:x:0:root,tom,mary (group name: group encryption password: GID: group member list (each group username separated by , ))
(4) User group password file - gshadow
Used to define user group password and user group administrator information. This file can only be read by the superuser root
Record information per line:
[root@sun root]# head /etc/gshadow
用户组:用户组加密口令:组管理员帐号(管理员有权进行增删帐号):组成员列表
2. 用户和用户组账户维护的命令:
(1)增加用户账户:useradd 用户名
useradd –g 组名 用户名 指定该用户所使用的私有组名,默认是与用户帐号同名的私有组。
useradd –D [-g group][-b base][-s shell][-f inactive][-e expire] 用于显示和设置useradd该命令所使用的默认值。
例如:#useradd sun //建立用户帐号
#tail -l /etc/passwd //查询passwd中添加的用户账户的信息
#tail –l /etc/shadow
#ls /home //查看所建立帐号的主目录
(2)修改用户帐号属性:usermod [-LU][-c ][-d ][-e ][-f ][-g ][-G][-l][-s][-u][用户帐号]
(3)删除用户帐号:userdel [-r][用户帐号] //如果不加参数则只删除用户帐号,不删除文件,否则两者都删除。
userdel [-r][用户帐号] //-r用来删除帐号登入目录和目录中所有文件
举例:#grep sun /etc/passwd //查询用户帐号sun是否存在
#userdel sun //删除用户帐号sun
#grep sun /etc/passwd //再次查询用户帐号sun是否存在
#ll –d /home //查询用户sun主目录是否存在
#userdel –r sun //删除用户的同时,删除其工作主目录
(4) 增加用户组帐号:groupadd [-r][组帐号]
【注意】帐号ID唯一,数值不可为负,预设最小值不得小于500,且每增加一个,组帐号ID逐次自增1。其中-r参数是用来建立系统帐号的。0~499是给系统帐号准备的。
举例:#groupadd magicSun //建立组账户magicSun
#grep magicSun /etc/group //查询group文件中magicSun组账户是否建立
#groupadd –r sysWang //建立系统组账户sysWang
#grep sysWang /etc/group //查询group文件中sysWang系统组账户是否建立
(5)修改组帐号:groupmod [-g ][-n][群组名称]
其中-o表示重复使用群组识别码
(6)删除组帐号:groupdel [群组名称]
【注意】必须先删除组中的用户才能删除该组
(7)口令维护:passwd [-s][-l][-u][-d][用户名] 超级用户可以为每一位新增的用户设置口令,普通用户只能用不带参数的passwd命令来修改自己的口令。其中参数-s表示用于查询指定用户帐号的状态,-l用户锁定帐号的口令,-u解锁帐号口令,-d删除指定帐号的口令。
(8)组用户成员维护:将一个账户添加到组、或将一个账户从组中删除、将一个账户设为组管理员。
添加用户到组:gpasswd –a 用户帐号名 组帐号名
从组中删除用户:gpasswd –d用户帐号名 组帐号名
设置用户为组管理员:gpasswd –A 组管理员用户列表 用户组
(9)用户和组的状态命令:
id [选项] [用户名称] 用于显示用户当前UID,gid以及所属群组的组列表
[选项]参数有:
-g :显示用户所属群组的id
-G:显示用户所属附加群组的id
-n:显示用户所属群组或附加群组的名称
-r:显示实际ID
-u:显示用户ID
whoami 用于显示登录者自身的名称(=id -un)
su [-flmp] [-][-c ][-s][用户帐号] //用来将当前用户转换为其他用户身份,暂时变更自己的登录身份,用其他人的身份来登录系统。前提是必须知道对方的口令。其中参数-c表示执行完指定的指令后恢复原来的身份。-f适用于csh和tsch,使shell不用去读取启动文件。-表示改变身份时也同时变更工作目录,以及 HOME,SHELL,USER,LOGNAME,此外也会变更PATH环境变量。-m,-p 变更身份时不变更环境变量。-s 指定要执行的shell。若不指定要变更的用户账户,那么预设为root超级用户。
groups [用户名称] 用于显示指定用户所属的组,若未指定用户则显示当前用户所属组