Introduction to Linux Users and User Groups
Article Directory
0. write in front
- Linux:
CentOS7.5
- Some shell command operations need to be executed
root用户
under
1. group
1.1 What is a group?
-
A Linux group has a set of permissions that may include read, write, or execute permissions. For example, users working on the same project can be in the same group to share files and other system resources.
-
By default, whenever a new user is added via
adduser
the command , that user is added to that user's own personal group. -
Every file in Linux has a user as the file owner (usually the user who created the file) and a group that has access to the file.
1.2 groupadd
-
Purpose: Create a new workgroup, and the information of the new workgroup will be added to the system file.
-
grammar:
sudo groupadd [options] group
- Option option Description:
[zhangsan@node01 ~]$ sudo groupadd --help
用法:groupadd [选项] 组
选项:
-f, --force 如果组已经存在则成功退出
并且如果 GID 已经存在则取消 -g
-g, --gid GID 为新组使用 GID
-h, --help 显示此帮助信息并推出
-K, --key KEY=VALUE 不使用 /etc/login.defs 中的默认值
-o, --non-unique 允许创建有重复 GID 的组
-p, --password PASSWORD 为新组使用此加密过的密码
-r, --system 创建一个系统账户
-R, --root CHROOT_DIR chroot
- example
[root@node01:~]$ groupadd -g xxx group_name
1.2 groupmod
- usage:
sudo groupmod [option] 用户组名字
- Parameter Description
[zhangsan@node01 ~]$ sudo groupmod -h
用法:groupmod [选项] 组
选项:
-g, --gid GID 将组 ID 改为 GID
-h, --help 显示此帮助信息并推出
-n, --new-name NEW_GROUP 改名为 NEW_GROUP
-o, --non-unique 允许使用重复的 GID
-p, --password PASSWORD 将密码更改为(加密过的) PASSWORD
-R, --root CHROOT_DIR chroot 到的目录
- use:
The groupmod command modifies the definition of the specified group, modifying the corresponding entry in the group database.
- Example:
# 新增组
[root@node01 ~]# groupadd group1
[root@node01 ~]# tail -1 /etc/group
group1:x:500:
# 修改组名(-n)
[root@node01 ~]# groupmod -n ngroup1 group1
[root@node01 ~]# tail -1 /etc/group
ngroup1:x:500:
1.3 groupdel
- Purpose: delete group
- usage:
[root@node01~]# groupdel --help
用法:groupdel [选项] 组
选项:
-h, --help 显示此帮助信息并推出
-R, --root CHROOT_DIR chroot 到的目录
- example
groupdel user_name
1.4 gpasswd
- Purpose: Add users to or remove them from groups
- usage:
[root@node01 ~]# gpasswd --help
用法:gpasswd [选项] 组
选项:
-a, --add USER 向组 GROUP 中添加用户 USER
-d, --delete USER 从组 GROUP 中添加或删除用户
-h, --help 显示此帮助信息并推出
-Q, --root CHROOT_DIR 要 chroot 进的目录
-r, --delete-password remove the GROUP's password
-R, --restrict 向其成员限制访问组 GROUP
-M, --members USER,... 设置组 GROUP 的成员列表
-A, --administrators ADMIN,... 设置组的管理员列表
除非使用 -A 或 -M 选项,不能结合使用这些选项。
- remove a user from a usergroup
gpasswd -d user1 group1
Note: When using this syntax to delete, you need to pay attention to ensure that group1 is not the primary group of user1
1.5 Description of related documents
- /etc/group
/etc
The files in the directorygroup
record the relevant information of the user group and its members
[zhangsan@node01 ~]$ cat /etc/group | tail -1
racdba:x:1007:oracle
explain:
About uid: 0 means administrator (root), 1 - 500 means system user, 501 - 65535 means normal user
racdba : x : 1007 : oracle
⬇ ⬇ ⬇ ⬇
Group(用户组) 用户组口令 GID 该用户组包含的用户(user)
- /etc/gshadow
/etc/gshadow contains group shadow information
This file cannot be read by normal users if password security is to be maintained.
It must be a valid group name that exists on the system.
[zhangsan@node01 ~]$ sudo cat /etc/gshadow | head -5
root:::
bin:::
daemon:::
sys:::
adm:::
- /etc/login.defs
The /etc/login.defs file provides default configuration information for several user account parameters. The useradd, usermod, userdel, and groupadd commands, as well as other user and group utilities, get their default values from this file. Each line consists of a directive name and associated value.
[zhangsan@node01 ~]$ cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 201
SYS_GID_MAX 999
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512
Note: If the directive in /etc/login.defs
USERGROUPS_ENAB
is set toYES
, a group with the same name as the username will be created for the user. If this directive is set to NO, the useradd command sets the new user's primary group to the value specified by the directive/etc/default/useradd
in the file , or 100 by default.GROUP
- /etc/passwd
The gpasswd command is used to manage /etc/group and /etc/gshadow. Each group can have administrators, members and a password.
[zhangsan@node01 ~]$ cat /etc/passwd | grep zhangsan
zhangsan:x:1000:1000::/home/zhangsan:/bin/bash
2. user
2.2 useradd
- Purpose: Create a new user
- usage:
[root@node01 ~]# useradd --help
用法:useradd [选项] 登录
useradd -D
useradd -D [选项]
选项:
-b, --base-dir BASE_DIR 新账户的主目录的基目录
-c, --comment COMMENT 新账户的 GECOS 字段
-d, --home-dir HOME_DIR 新账户的主目录
-D, --defaults 显示或更改默认的 useradd 配置
-e, --expiredate EXPIRE_DATE 新账户的过期日期
-f, --inactive INACTIVE 新账户的密码不活动期
-g, --gid GROUP 新账户主组的名称或 ID
-G, --groups GROUPS 新账户的附加组列表
-h, --help 显示此帮助信息并推出
-k, --skel SKEL_DIR 使用此目录作为骨架目录
-K, --key KEY=VALUE 不使用 /etc/login.defs 中的默认值
-l, --no-log-init 不要将此用户添加到最近登录和登录失败数据库
-m, --create-home 创建用户的主目录
-M, --no-create-home 不创建用户的主目录
-N, --no-user-group 不创建同名的组
-o, --non-unique 允许使用重复的 UID 创建用户
-p, --password PASSWORD 加密后的新账户密码
-r, --system 创建一个系统账户
-R, --root CHROOT_DIR chroot 到的目录
-s, --shell SHELL 新账户的登录 shell
-u, --uid UID 新账户的用户 ID
-U, --user-group 创建与用户同名的组
-Z, --selinux-user SEUSER 为 SELinux 用户映射使用指定 SEUSER
- useradd is to create a new user [oracle] and add it to the sql user group, as shown below:
[root@node01 ~]# useradd oracle -g sql
- Of course, this method should also be possible [add the user_name user to the created user groups group_name1, group_name2, group_name3]
[root@node01 ~]# useradd user_name -g group_name -G group_name1 group_name2 group_name3
2.3 adduser
- Purpose: It is also used to create user accounts.
- usage:
[root@node01 ~]# adduser --help
用法:adduser [选项] 登录
adduser -D
adduser -D [选项]
选项:
-b, --base-dir BASE_DIR 新账户的主目录的基目录
-c, --comment COMMENT 新账户的 GECOS 字段
-d, --home-dir HOME_DIR 新账户的主目录
-D, --defaults 显示或更改默认的 useradd 配置
-e, --expiredate EXPIRE_DATE 新账户的过期日期
-f, --inactive INACTIVE 新账户的密码不活动期
-g, --gid GROUP 新账户主组的名称或 ID
-G, --groups GROUPS 新账户的附加组列表
-h, --help 显示此帮助信息并推出
-k, --skel SKEL_DIR 使用此目录作为骨架目录
-K, --key KEY=VALUE 不使用 /etc/login.defs 中的默认值
-l, --no-log-init 不要将此用户添加到最近登录和登录失败数据库
-m, --create-home 创建用户的主目录
-M, --no-create-home 不创建用户的主目录
-N, --no-user-group 不创建同名的组
-o, --non-unique 允许使用重复的 UID 创建用户
-p, --password PASSWORD 加密后的新账户密码
-r, --system 创建一个系统账户
-R, --root CHROOT_DIR chroot 到的目录
-s, --shell SHELL 新账户的登录 shell
-u, --uid UID 新账户的用户 ID
-U, --user-group 创建与用户同名的组
-Z, --selinux-user SEUSER 为 SELinux 用户映射使用指定 SEUSER
Note: adduser is not actually a real command file, but just an alias command of useradd, so the usage of these two commands is exactly the same.
The adduser command is the same as the useradd command (via a symbolic link).
2.4 passwd
- Purpose: set a password for the user
- usage:
[root@node01 ~]# passwd --help
用法: passwd [选项...] <帐号名称>
-k, --keep-tokens 保持身份验证令牌不过期
-d, --delete 删除已命名帐号的密码(只有根用户才能进行此操作)
-l, --lock 锁定指名帐户的密码(仅限 root 用户)
-u, --unlock 解锁指名账户的密码(仅限 root 用户)
-e, --expire 终止指名帐户的密码(仅限 root 用户)
-f, --force 强制执行操作
-x, --maximum=DAYS 密码的最长有效时限(只有根用户才能进行此操作)
-n, --minimum=DAYS 密码的最短有效时限(只有根用户才能进行此操作)
-w, --warning=DAYS 在密码过期前多少天开始提醒用户(只有根用户才能进行此操作)
-i, --inactive=DAYS 当密码过期后经过多少天该帐号会被禁用(只有根用户才能进行此操作)
-S, --status 报告已命名帐号的密码状态(只有根用户才能进行此操作)
--stdin 从标准输入读取令牌(只有根用户才能进行此操作)
- set account password
passwd user_name
2.5 usermod
- Purpose: Used to modify user accounts.
- usage:
[root@node01 ~]# usermod -h
用法:usermod [选项] 登录
选项:
-c, --comment 注释 GECOS 字段的新值
-d, --home HOME_DIR 用户的新主目录
-e, --expiredate EXPIRE_DATE 设定帐户过期的日期为 EXPIRE_DATE
-f, --inactive INACTIVE 过期 INACTIVE 天数后,设定密码为失效状态
-g, --gid GROUP 强制使用 GROUP 为新主组
-G, --groups GROUPS 新的附加组列表 GROUPS
-a, --append GROUP 将用户追加至上边 -G 中提到的附加组中,
并不从其它组中删除此用户
-h, --help 显示此帮助信息并推出
-l, --login LOGIN 新的登录名称
-L, --lock 锁定用户帐号
-m, --move-home 将家目录内容移至新位置 (仅于 -d 一起使用)
-o, --non-unique 允许使用重复的(非唯一的) UID
-p, --password PASSWORD 将加密过的密码 (PASSWORD) 设为新密码
-R, --root CHROOT_DIR chroot 到的目录
-s, --shell SHELL 该用户帐号的新登录 shell
-u, --uid UID 用户帐号的新 UID
-U, --unlock 解锁用户帐号
-Z, --selinux-user SEUSER 用户账户的新 SELinux 用户映射
- Example 1: Change a user's login directory
[root@node01 ~]# usermod -d /home/whybigdata1 whybigdata
- Example 2: Change the user's uid
[root@node01 ~]# usermod -u 777 whybigdata
- Example 3: Add oracle1 user to group sql:
[root@node01 ~]# usermod -G sql oracle1
- Example 4: Force group_name to be the new primary group (-g)
[root@node01 ~]# usermod -g group_name user_name
- Example 5: Lock account oracle1:
[root@node01 ~]# usermod -L oracle1
- Example 6: Unlock newuser1:
[root@node01 ~]# usermod -U oracle1
2.6 userdel
- Purpose: Used to delete a given user and user-related files
- usage:
[root@node01 ~]# userdel -h
用法:userdel [选项] 登录
选项:
-f, --force force some actions that would fail otherwise
e.g. removal of user still logged in
or files, even if not owned by the user
-h, --help 显示此帮助信息并推出
-r, --remove 删除主目录和邮件池
-R, --root CHROOT_DIR chroot 到的目录
-Z, --selinux-user 为用户删除所有的 SELinux 用户映射
- Example:
# 删除用户oracle1,但不删除其家目录及文件;
userdel oracle1
# 删除用户linuxde,其家目录及文件一并删除;
userdel -r oracle1
Note: It is best not to use
-r
options lightly
Finish! ! !