Article directory
1.UID and GID
1.1 Overview of user accounts and group accounts
Linux controls resource access based on user identity
● User account
super user, common user, program user
用户账号
root: root useris in the Linux operating systemdefault superuser account, has the highest authority on this host.The superuser is the only one in the system。
general user:Created by root or another admin user, the permissions you have will be restricted, generallyOnly have full permissions in the user's own home directory。
program user: When installing the inux operating system and some applications, someSpecific low-privileged user accounts, these users generallyNot allowed to log into the system,Only used to maintain the normal operation of the system or a program, such as bin, demon, ftp, mail, etc.
● Group account
Basic group (private group)
Additional group (public group)
组账号
Basic group (private group):There is only one basic group account, usuallyThe group specified when creating the user. The fourth field recorded in the /etc/passwd file is the basic group GID number of the user.
Additional group (public group): In addition to the basic group, usersadditionally add the specified group。
● UID and GID
UID (User IDentity, user identification number)
GID (Group IDentity, group identification number)
UID: user identification number
GID: group identification number
root userAccountUID and GID numbers are fixed value 0
program userThe UID and GID numbers of the account default toCentos5,6: 1~499,Centos7: 1~999
general userThe UID and GID numbers default toCentos5,6: 500~60000,Centos7:1000~60000
1.2 User account file /etc/passwd
Save basic information such as user name, host directory, login shell, etc.
File location: /etc/passwd
Each row corresponds to a user's account record
root:x:0:0:root:/root:/bin/bash
第一字段root:用户名
第二字段x:占位符
第三字段0:用户的UID号
第四字段0:用户基本组的GID号
第五字段root:用户全名信息的描述
第六字段/root:用户的宿主目录,也就是家目录所在位置
第七字段/bin/bash:用户登录的shell信息(/bin/bash:默认的shell登录信息;/sbin/nologin:不允许登录的shell信息)
1.3 User account file /etc/shadow
Save the user's password, account expiration date and other information
File location: /etc/shadow
Each row corresponds to a user's password record
root:$6$rn9yK8kuso3pcHaI$mi0mdf/UQf9p2PdB/zkG1Zmyh7DtvL2Ckgr1aFjTJP1tFPKwRLaKUzUxLtKvR2b995g4JqOcTuWd6EF/ad4xa0::0:99999:7:::
第一字段root:用户名
第二字段$6$rn9yK8kuso3pcHaI$mi0mdf/UQf9p2PdB/zkG1Zmyh7DtvL2Ckgr1aFjTJP1tFPKwRLaKUzUxLtKvR2b995g4JqOcTuWd6EF/ad4xa0:MD5算法加密(当为"*"或"!!"时表示此用户不能登录到系统。若该字段内容为空,则该用户无须密码即可登录系统)
第三字段:::上次修改密码的时间
第四字段0:密码的最短有效天数
第五字段99999:密码的最长有效天数
第六字段7:提前多少天警告用户密码将过期,默认为7
第七字段:::密码过期之后多少天禁用此用户
第八字段:::账号失效时间
第九字段:保留字段(未使用)
2. UID
2.1 Add user account
useradd命令
useradd command format: useradd [options]…username
常用选项:
-u、-d、-e、-g、-G、-M、-s
[root@clr ~]# which useradd #查看外部命令useradd在系统中的位置
/usr/sbin/useradd
[root@clr ~]# ll /usr/sbin/useradd
-rwxr-xr-x. 1 root root 137616 8月 9 2019 /usr/sbin/useradd
[root@clr ~]# which adduser #查看外部命令adduser在系统中的位置
/usr/sbin/adduser
[root@clr ~]# ll /usr/sbin/adduser
lrwxrwxrwx. 1 root root 7 3月 23 00:42 /usr/sbin/adduser -> useradd #adduser是个软链接指向useradd
useradd -d ## -e ## -s ##Command: Specify the user's home directory location, account expiration time, and login shell information
[root@clr ~]# useradd -d /admin -e 2024-01-01 -s /sbin/nologin admin1 #添加用户admin1,指定家目录/admin;指定失效时间:2024-01-01;指定不能登录到系统的shell命令
[root@clr ~]# useradd -u 2000 -g gaozhenyang -G 1002 admin2 #指定用户admin2的UID号为2000;指定基本组名为gaozhenyang;指定附加组的GID号为1002(admin1)
[root@clr ~]# vim /etc/passwd
admin2:x:2000:1001::/home/admin2:/bin/bash
[root@clr ~]# id admin2
uid=2000(admin2) gid=1001(gaozhenyang) 组=1001(gaozhenyang),1002(admin1) #查看可得,用户admin2的UID为2000;基本组的GID为1001(gzozhenyang);附加组的GID号为1002(admin1)
Create a program user: useradd -M -s command: do not create a host directory, specify the login shell information of the user
[root@clr ~]# useradd -M -s /sbin/nologin ergouzi #创建程序用户ergouzi,不建立宿主目录,shell登录信息,设置为不允许登录
[root@clr ~]# vim /etc/passwd
ergouzi:x:2001:2001::/home/ergouzi:/sbin/nologin
2.2 Set/change user password passwd
passwd命令
passwd command format: passwd [options]…username
常用选项:
-d、-l、-S、-u
When no user name is specified, modify the password of the current account
passwd -d command: clear the password of the specified user, and only use the user name to log in to the system
[root@clr ~]# passwd -d gaozhenyang
清除用户的密码 gaozhenyang。
passwd: 操作成功
passwd -l command: lock the user account, the locked user account will no longer be able to log in to the system
[root@clr ~]# passwd -l gaozhenyang #锁定用户账户,锁定的用户账户将无法再登录系统
锁定用户 gaozhenyang 的密码 。
passwd: 操作成功
[root@clr ~]# passwd -l ergouzi
锁定用户 ergouzi 的密码 。
passwd: 操作成功
passwd -S command: see the status of the user account (whether it is locked)
[root@clr ~]# passwd -S gaozhenyang #查看用户账户的状态是否被锁定
gaozhenyang LK 2023-04-02 0 99999 7 -1 (密码已被锁定。)
passwd -u command: unlock user account
[root@clr ~]# passwd -u gaozhenyang #解锁用户账户gaozhenyang
解锁用户 gaozhenyang 的密码。
passwd: 警告:未锁定的密码将是空的。
passwd: 不安全的操作(使用 -f 参数强制进行该操作)
[root@clr ~]# passwd -u -f gaozhenyang #-f命令,强制解锁用户
解锁用户 gaozhenyang 的密码。
passwd: 操作成功
Method 2 of setting user password: echo "password" | passwd --stdin username
[root@clr ~]# echo "abc" | passwd --stdin gaozhenyang #将用户gaozhenyang的密码修改为abc
更改用户 gaozhenyang 的密码 。
passwd:所有的身份验证令牌已经成功更新。
Method 3 of setting user password: echo <username>:<password> | chpasswd
[root@clr ~]# echo gaozhenyang:123 | chpasswd #将用户gaozhenyang的密码修改为123
2.3 Modify user account attribute usermod
usermod命令
usermd command format: usermod [options]…username
常用选项:
-l、-L、-U
The following options have the same meaning as in the useradd command
-u、-d、-e、-g、-G、-s
usermod -l command: Change the login name of the user account.
[root@clr ~]# usermod -l CLR cCLR #更改用户账户cCLR的登录密码
[root@clr ~]# vim /etc/passwd
CLR:x:1000:1000:CLR:/home/cCLR:/bin/bash
usermod -s command: specify the user's login shell
[root@clr ~]# usermod -s /bin/bash ergouzi #修改用户账户ergouzi的登录方式,修改为可登录/bin/bash
[root@clr ~]# vim /etc/passwd
ergouzi:x:2001:2001::/home/ergouzi:/bin/bash
usermod -d command: modify the user's home directory location
[root@clr ~]# usermod -d /admin CLR #修改用户CLR的宿主目录位置为/admin
[root@clr ~]# vim /etc/passwd
CLR:x:1000:1000:CLR:/admin:/bin/bash
"/etc/passwd" 50L, 2568C
usermod -e command: modify the user's account expiration time, you can use the date format of YYYY-MM-DD
[root@clr ~]# usermod -e 2023-12-31 admin1 #修改账户用户admin1的失效时间
[root@clr ~]# vim /etc/shadow
admin1:!!:19449:0:99999:7::19722:
usermod -L command: lock user account
[root@clr ~]# usermod -L ergouzi #锁定用户账户ergouzi
[root@clr ~]# passwd -S ergouzi #查看用户账户ergouzi的状态,是否已被锁定
ergouzi LK 2023-04-02 0 99999 7 -1 (密码已被锁定。)
usermod -U command: unlock user account
[root@clr ~]# echo ergouzi:123 | chpasswd #为用户账户ergouzi设置密码123
[root@clr ~]# usermod -U ergouzi #解锁用户账户ergouzi
[root@clr ~]# passwd -S ergouzi #查看用户账户ergouzi的状态(是否已被锁定)
ergouzi PS 2023-04-02 0 99999 7 -1 (密码已设置,使用 SHA512 算法。)
2.4 Delete user account userdel
userdel命令
userdel command format: userdel [-r] username
When the -r option is added, it means that the user's home directory is also deleted
userdel -r command: delete a user and delete its home directory
[root@clr ~]# userdel -r admin2 #删除用户admin2,并且连同家目录也一并删除
[root@clr ~]# ls /home/ #admin2的家目录已被删除
gaozhenyang
-
When a user account in the systemno longer needed(If the employee has resigned from the company, etc.), you canUse the userdel command to delete the user account。
-
Use the userdel commandAccount name needs to be specified as parameter, when adding the "-r" option, the user'sThe host directory is also deleted。
3. GID
3.1 Initial configuration file for user account
文件来源
● After the useradd command adds a new user account, theCreate some initial configuration files in the user's home directory。
● These files are fromAccount template directory /etc/skel/, which are basically hidden files.
主要的用户初始配置文件
● ~/.bash_profile
● ~/.bashrc
● ~/.bash_logout
View the hidden files in the template directory /etc/skel/
[root@clr ~]# ls /etc/skel/ -a #查看账号模板目录/etc/skel/下的隐藏文件
. .. .bash_logout(用户退出系统时,加载的文件) .bash_profile(用户登录时,自动加载的环境变量配置文件) .bashrc .mozilla
View the .bash_profile file
[root@clr ~]# vim .bash_profile #查看并修改.bash_profile文件
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc #./bash_profile文件会调用该用户的~/.bashrc文件
View the .bashrc file
[root@clr ~]# vim .bashrc #查看并修改.bashrc文件
# .bashrc
# User specific aliases and functions
alias rm='rm -i' #每次登录系统或shell环境时,都会自动执行的程序代码
alias cp='cp -i'
alias mv='mv -i'
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc #./bashrc文件会调用./etc/bashrc文件
作用范围:
etc/profile /etc/bashrc 对Valid for all users
~/.bash_profile ~/.bashrc only for =valid for current user
功能用途:
profile:After the system starts, the user logs in and executes directlycommand or configuration in the file
bashrc:User login or user switch shell environmentThe command or configuration in the file will be executed
调用关系:
/etc/profile -> /etc/profile.d/xxx. sh
~/.bash_profile -> ~/.bashrc -> /etc/bashrc
注意:
-
files in /etc/profile,It will be executed automatically when the system starts;
-
~/.bash_profile file, only inWhen the specified user logs in or switches the shell environment, will be executed.
3.2 Group account file
Similar to user account files
-
/etc/group: saveBasic information of group account
-
/etc/gshadow: savePassword information for group accounts
Check the basic information of the group account /etc/group
[root@clr ~]# vim /etc/group
kvm:x:36:qemu
组名:密码占位符:组的GID号:组中用户
[root@clr ~]# useradd -G admin1 zhangsan #添加用户zahngsan,并指定附加组为admin
[root@clr ~]# vim /etc/group
admin1:x:1002:lisi,zhangsan #admin1中有组员lisi和zhangsan
3.3 Add group account groupadd
groupadd命令
groupadd command format: groupadd [-g GID] group account name
示例
groupadd -g command: add a group and set the specified group account
[root@clr ~]# groupadd -g 2345 mygirl #添加组mygirl,并设置组GID号为2345
[root@clr ~]# vim /etc/group
mygirl:x:2345:
3.4 Add and delete group member gpasswd
gpasswd命令
● Set group account password (rarely used), add/delete group members
gpasswd command format: gpasswd [option]…group account name
`Common options
● -a: add a user to the group
● - d: delete a user member from the group
● -M: define a list of group members, separated by commas
gpasswd -a command: add a user to the group
[root@clr ~]# gpasswd -a zhangsan mygirl #用户zhangsan加入到mygirl组中
正在将用户“zhangsan”加入到“mygirl”组中
[root@clr ~]# id zhangsan
uid=2004(zhangsan) gid=2004(zhangsan) 组=2004(zhangsan),1002(admin1),2345(mygirl)
gpasswd -d command: delete a user member from the group
[root@clr ~]# gpasswd -d zhangsan admin1 #将用户zhangsan从admin1组中删除
正在将用户“zhangsan”从“admin1”组中删除
[root@clr ~]# id zhangsan
uid=2004(zhangsan) gid=2004(zhangsan) 组=2004(zhangsan),2345(mygirl)
gpasswd -M command: define a list of group members, separated by commas
[root@clr ~]# useradd xiaohua #分别创建三个用户xiaohua,xiaowang,xiaozhang
[root@clr ~]# useradd xiaowang
[root@clr ~]# useradd xiaozhang
[root@clr ~]# gpasswd -M xiaohua,xiaowang,xiaozhang mygirl #将这三个用户xiaohua,xiaowang,xiaozhang,一次性加入到mygirl组中(-M定义组成员列表,定义即覆盖)
[root@clr ~]# vim /etc/group
mygirl:x:2345:xiaohua,xiaowang,xiaozhang
3.5 Delete group account groupdel
groupdel命令
groupdel command format: groupdel group account name
示例