【Linux】——User account and group account

1.UID and GID

1.1 Overview of user accounts and group accounts

Linux controls resource access based on user identity

● User account
super user, common user, program user

用户账号
root: root useris in the Linux operating systemdefault superuser account, has the highest authority on this host.The superuser is the only one in the system。

general user:Created by root or another admin user, the permissions you have will be restricted, generallyOnly have full permissions in the user's own home directory。

program user: When installing the inux operating system and some applications, someSpecific low-privileged user accounts, these users generallyNot allowed to log into the system，Only used to maintain the normal operation of the system or a program, such as bin, demon, ftp, mail, etc.

● Group account
Basic group (private group)
Additional group (public group)

组账号

Basic group (private group):There is only one basic group account, usuallyThe group specified when creating the user. The fourth field recorded in the /etc/passwd file is the basic group GID number of the user.

Additional group (public group): In addition to the basic group, usersadditionally add the specified group。

● UID and GID
UID (User IDentity, user identification number)
GID (Group IDentity, group identification number)

UID: user identification number

GID: group identification number

root userAccountUID and GID numbers are fixed value 0

program userThe UID and GID numbers of the account default toCentos5,6: 1～499，Centos7: 1～999

general userThe UID and GID numbers default toCentos5,6: 500～60000，Centos7:1000～60000

1.2 User account file /etc/passwd

Save basic information such as user name, host directory, login shell, etc.

File location: /etc/passwd

Each row corresponds to a user's account record

root:x:0:0:root:/root:/bin/bash
第一字段root：用户名
第二字段x:占位符
第三字段0：用户的UID号
第四字段0：用户基本组的GID号
第五字段root:用户全名信息的描述
第六字段/root:用户的宿主目录，也就是家目录所在位置
第七字段/bin/bash:用户登录的shell信息（/bin/bash:默认的shell登录信息；/sbin/nologin:不允许登录的shell信息）

1.3 User account file /etc/shadow

Save the user's password, account expiration date and other information

File location: /etc/shadow

Each row corresponds to a user's password record

root:$6$rn9yK8kuso3pcHaI$mi0mdf/UQf9p2PdB/zkG1Zmyh7DtvL2Ckgr1aFjTJP1tFPKwRLaKUzUxLtKvR2b995g4JqOcTuWd6EF/ad4xa0::0:99999:7:::
第一字段root:用户名
第二字段$6$rn9yK8kuso3pcHaI$mi0mdf/UQf9p2PdB/zkG1Zmyh7DtvL2Ckgr1aFjTJP1tFPKwRLaKUzUxLtKvR2b995g4JqOcTuWd6EF/ad4xa0：MD5算法加密(当为"*"或"!!"时表示此用户不能登录到系统。若该字段内容为空，则该用户无须密码即可登录系统)
第三字段::：上次修改密码的时间
第四字段0：密码的最短有效天数
第五字段99999：密码的最长有效天数
第六字段7：提前多少天警告用户密码将过期，默认为7
第七字段::：密码过期之后多少天禁用此用户
第八字段::：账号失效时间
第九字段：保留字段（未使用）

2. UID

2.1 Add user account

useradd命令

useradd command format: useradd [options]…username

常用选项:

-u、-d、-e、-g、-G、-M、-s

[root@clr ~]# which useradd   #查看外部命令useradd在系统中的位置
/usr/sbin/useradd
[root@clr ~]# ll /usr/sbin/useradd
-rwxr-xr-x. 1 root root 137616 8月   9 2019 /usr/sbin/useradd
[root@clr ~]# which adduser  #查看外部命令adduser在系统中的位置
/usr/sbin/adduser
[root@clr ~]# ll /usr/sbin/adduser
lrwxrwxrwx. 1 root root 7 3月  23 00:42 /usr/sbin/adduser -> useradd   #adduser是个软链接指向useradd

useradd -d ## -e ## -s ##Command: Specify the user's home directory location, account expiration time, and login shell information

[root@clr ~]# useradd -d /admin -e 2024-01-01 -s /sbin/nologin admin1  #添加用户admin1,指定家目录/admin；指定失效时间：2024-01-01；指定不能登录到系统的shell命令

[root@clr ~]# useradd -u 2000 -g gaozhenyang -G 1002 admin2  #指定用户admin2的UID号为2000；指定基本组名为gaozhenyang;指定附加组的GID号为1002（admin1）

[root@clr ~]# vim /etc/passwd
admin2:x:2000:1001::/home/admin2:/bin/bash

[root@clr ~]# id admin2 
uid=2000(admin2) gid=1001(gaozhenyang) 组=1001(gaozhenyang),1002(admin1)  #查看可得，用户admin2的UID为2000；基本组的GID为1001（gzozhenyang）;附加组的GID号为1002（admin1）

Create a program user: useradd -M -s command: do not create a host directory, specify the login shell information of the user

[root@clr ~]# useradd -M -s /sbin/nologin ergouzi #创建程序用户ergouzi,不建立宿主目录，shell登录信息，设置为不允许登录
[root@clr ~]# vim /etc/passwd
ergouzi:x:2001:2001::/home/ergouzi:/sbin/nologin

2.2 Set/change user password passwd

passwd命令

passwd command format: passwd [options]…username

常用选项:

-d、-l、-S、-u

When no user name is specified, modify the password of the current account

passwd -d command: clear the password of the specified user, and only use the user name to log in to the system

[root@clr ~]# passwd -d gaozhenyang
清除用户的密码 gaozhenyang。
passwd: 操作成功

passwd -l command: lock the user account, the locked user account will no longer be able to log in to the system

[root@clr ~]# passwd -l gaozhenyang #锁定用户账户，锁定的用户账户将无法再登录系统
锁定用户 gaozhenyang 的密码 。
passwd: 操作成功
[root@clr ~]# passwd -l ergouzi
锁定用户 ergouzi 的密码 。
passwd: 操作成功

passwd -S command: see the status of the user account (whether it is locked)

[root@clr ~]# passwd -S gaozhenyang #查看用户账户的状态是否被锁定
gaozhenyang LK 2023-04-02 0 99999 7 -1 (密码已被锁定。)

passwd -u command: unlock user account

[root@clr ~]# passwd -u gaozhenyang #解锁用户账户gaozhenyang
解锁用户 gaozhenyang 的密码。
passwd: 警告：未锁定的密码将是空的。
passwd: 不安全的操作(使用 -f 参数强制进行该操作)

[root@clr ~]# passwd -u -f gaozhenyang #-f命令，强制解锁用户
解锁用户 gaozhenyang 的密码。
passwd: 操作成功

Method 2 of setting user password: echo "password" | passwd --stdin username

[root@clr ~]# echo "abc" | passwd --stdin gaozhenyang #将用户gaozhenyang的密码修改为abc
更改用户 gaozhenyang 的密码 。
passwd：所有的身份验证令牌已经成功更新。

Method 3 of setting user password: echo <username>:<password> | chpasswd

[root@clr ~]# echo gaozhenyang:123 | chpasswd #将用户gaozhenyang的密码修改为123

2.3 Modify user account attribute usermod

usermod命令

usermd command format: usermod [options]…username

常用选项:

-l、-L、-U

The following options have the same meaning as in the useradd command

-u、-d、-e、-g、-G、-s

usermod -l command: Change the login name of the user account.

[root@clr ~]# usermod -l CLR cCLR  #更改用户账户cCLR的登录密码

[root@clr ~]# vim /etc/passwd
CLR:x:1000:1000:CLR:/home/cCLR:/bin/bash

usermod -s command: specify the user's login shell

[root@clr ~]# usermod -s /bin/bash ergouzi #修改用户账户ergouzi的登录方式，修改为可登录/bin/bash

[root@clr ~]# vim /etc/passwd
ergouzi:x:2001:2001::/home/ergouzi:/bin/bash

usermod -d command: modify the user's home directory location

[root@clr ~]# usermod -d /admin CLR   #修改用户CLR的宿主目录位置为/admin

[root@clr ~]# vim /etc/passwd
CLR:x:1000:1000:CLR:/admin:/bin/bash
"/etc/passwd" 50L, 2568C                   

usermod -e command: modify the user's account expiration time, you can use the date format of YYYY-MM-DD

[root@clr ~]# usermod -e 2023-12-31 admin1 #修改账户用户admin1的失效时间

[root@clr ~]# vim /etc/shadow
admin1:!!:19449:0:99999:7::19722:

usermod -L command: lock user account

[root@clr ~]# usermod -L ergouzi  #锁定用户账户ergouzi 

[root@clr ~]# passwd -S ergouzi  #查看用户账户ergouzi的状态，是否已被锁定
ergouzi LK 2023-04-02 0 99999 7 -1 (密码已被锁定。)

usermod -U command: unlock user account

[root@clr ~]# echo ergouzi:123 | chpasswd #为用户账户ergouzi设置密码123

[root@clr ~]# usermod -U ergouzi  #解锁用户账户ergouzi

[root@clr ~]# passwd -S ergouzi  #查看用户账户ergouzi的状态（是否已被锁定）
ergouzi PS 2023-04-02 0 99999 7 -1 (密码已设置，使用 SHA512 算法。)

2.4 Delete user account userdel

userdel命令

userdel command format: userdel [-r] username

When the -r option is added, it means that the user's home directory is also deleted

userdel -r command: delete a user and delete its home directory

[root@clr ~]# userdel -r admin2  #删除用户admin2，并且连同家目录也一并删除
[root@clr ~]# ls /home/   #admin2的家目录已被删除
gaozhenyang

• When a user account in the systemno longer needed(If the employee has resigned from the company, etc.), you canUse the userdel command to delete the user account。

• Use the userdel commandAccount name needs to be specified as parameter, when adding the "-r" option, the user'sThe host directory is also deleted。

3. GID

3.1 Initial configuration file for user account

文件来源

● After the useradd command adds a new user account, theCreate some initial configuration files in the user's home directory。

● These files are fromAccount template directory /etc/skel/, which are basically hidden files.

主要的用户初始配置文件

● ~/.bash_profile

● ~/.bashrc

● ~/.bash_logout

View the hidden files in the template directory /etc/skel/

[root@clr ~]# ls /etc/skel/ -a #查看账号模板目录/etc/skel/下的隐藏文件
.  ..  .bash_logout（用户退出系统时，加载的文件）  .bash_profile（用户登录时，自动加载的环境变量配置文件）  .bashrc  .mozilla

View the .bash_profile file

[root@clr ~]# vim .bash_profile #查看并修改.bash_profile文件

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc  #./bash_profile文件会调用该用户的~/.bashrc文件

View the .bashrc file

[root@clr ~]# vim .bashrc  #查看并修改.bashrc文件

# .bashrc

# User specific aliases and functions

alias rm='rm -i'  #每次登录系统或shell环境时，都会自动执行的程序代码
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc  #./bashrc文件会调用./etc/bashrc文件

作用范围:

etc/profile /etc/bashrc 对Valid for all users

~/.bash_profile ~/.bashrc only for =valid for current user

功能用途:

profile:After the system starts, the user logs in and executes directlycommand or configuration in the file

bashrc:User login or user switch shell environmentThe command or configuration in the file will be executed

调用关系:

/etc/profile -> /etc/profile.d/xxx. sh

~/.bash_profile -> ~/.bashrc -> /etc/bashrc

注意:

• files in /etc/profile,It will be executed automatically when the system starts；

• ~/.bash_profile file, only inWhen the specified user logs in or switches the shell environment, will be executed.

3.2 Group account file

Similar to user account files

• /etc/group: saveBasic information of group account

• /etc/gshadow: savePassword information for group accounts

Check the basic information of the group account /etc/group

[root@clr ~]# vim /etc/group

kvm:x:36:qemu
组名：密码占位符：组的GID号：组中用户

[root@clr ~]# useradd -G admin1 zhangsan #添加用户zahngsan,并指定附加组为admin

[root@clr ~]# vim /etc/group
admin1:x:1002:lisi,zhangsan  #admin1中有组员lisi和zhangsan 

3.3 Add group account groupadd

groupadd命令

groupadd command format: groupadd [-g GID] group account name

示例

groupadd -g command: add a group and set the specified group account

[root@clr ~]# groupadd -g 2345 mygirl #添加组mygirl,并设置组GID号为2345
[root@clr ~]# vim /etc/group
mygirl:x:2345:

3.4 Add and delete group member gpasswd

gpasswd命令

● Set group account password (rarely used), add/delete group members

gpasswd command format: gpasswd [option]…group account name

`Common options

● -a: add a user to the group

● - d: delete a user member from the group

● -M: define a list of group members, separated by commas

gpasswd -a command: add a user to the group

[root@clr ~]# gpasswd -a zhangsan mygirl #用户zhangsan加入到mygirl组中
正在将用户“zhangsan”加入到“mygirl”组中
[root@clr ~]# id zhangsan
uid=2004(zhangsan) gid=2004(zhangsan) 组=2004(zhangsan),1002(admin1),2345(mygirl)

gpasswd -d command: delete a user member from the group

[root@clr ~]# gpasswd -d zhangsan admin1  #将用户zhangsan从admin1组中删除
正在将用户“zhangsan”从“admin1”组中删除
[root@clr ~]# id zhangsan
uid=2004(zhangsan) gid=2004(zhangsan) 组=2004(zhangsan),2345(mygirl)

gpasswd -M command: define a list of group members, separated by commas

[root@clr ~]# useradd xiaohua #分别创建三个用户xiaohua,xiaowang,xiaozhang
[root@clr ~]# useradd xiaowang
[root@clr ~]# useradd xiaozhang

[root@clr ~]# gpasswd -M xiaohua,xiaowang,xiaozhang mygirl  #将这三个用户xiaohua,xiaowang,xiaozhang，一次性加入到mygirl组中(-M定义组成员列表，定义即覆盖)
[root@clr ~]# vim /etc/group
mygirl:x:2345:xiaohua,xiaowang,xiaozhang

3.5 Delete group account groupdel

groupdel命令

groupdel command format: groupdel group account name

示例