Article directory
1. Users and groups
1. Introduction to users and groups
User Classification
Users in the Linux system are divided into three categories, namely, ordinary users, root users, and system users.
- Ordinary users refer to all real users who use the Linux system. Such users can log in to the system with usernames and passwords. Generally speaking, ordinary users can only operate in their home directory , system temporary directory or other authorized directories.
- The root user is also the root user. Its ID is 0, also known as the super user. The root account has full control over the system: it can modify and delete any files and run any commands.
- A system user refers to a user that must exist when the system is running, but it does not refer to a real user.
For example, when running the website service under RedHat or CentOS, you need to use the system user apache to run the httpd process, and when running the MySQL database service, you need to use the system user mysql to run the mysqld process. Under RedHat or CentOS, the ID range of system users is 1~499.
UID
The number used to distinguish different users is called User ID, or UID for short. The system will automatically record the corresponding relationship between "username" and UID.
GID
Different user groups are also distinguished by numbers, and the ID used to distinguish different user groups is called Group ID, or GID.
What is the connection between UID and GID? In fact, every user belongs to at least one group under Linux.
How to check your own UID and GID? To confirm your UID, you can use the following id command to get it:
[root@localhost ~]# id
uid=0(root)gid=0(root)groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
To confirm the user group you belong to, you can use the following groups command to get:
[root@localhost ~]# groups
root bin daemon sys adm disk wheel
If you want to query the current online users, you can use the command who to see all the users currently logged in the system after the user logs in.
[root@localhost ~]# who
root tty1 2012-10-22 00:13
root pts/0 2012-10-22 21:20 (192.168.179.1)
john pts/1 2012-10-22 22:35 (192.168.179.1)
2. /etc/passwd and /etc/shadow
When logging in to Linux, a user name and password must be entered. The two most important files used by the system to record user names and passwords are /etc/passwd and /etc/shadow.
User information file:
Here are the lines in /etc/passwd:
[root@localhost ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
......(略去内容)......
Each line is a 7-column string separated by 6 delimiters ":".
Password file:
LINUX saves password-related information in /etc/shadow, and by default only the root user has read permission, and other people have no possibility to read this file at all. This way of storing passwords is called a "shadow password".
/etc/shadow is also separated by a colon ":", the difference is that here are 9 columns separated by 8 colons.
Two, linux account management
1. User operation
1.1. Add new user
To create a new user named john, just enter the command useradd john
[root@localhost ~]# useradd john
The process of creating a user
- First, the system needs to record user information in /etc/passwd. Generally, a record will be added at the end of /etc/passwd and /etc/shadow, and a UID will be assigned to the user.
- Next, the home directory is automatically created for the user. The home directory is named after the created user, and the created path is in the /home directory. For example, in the above case, the directory created would be /home/john.
- Then, copy all the files under /etc/skel to /home/john.
- Finally, create a new user group with the same name as the user . That is to say, when user john is created, a user group named john is also created at the same time, and user john belongs to the john user group by default.
Here are some instructions for the /etc/skel directory.
When the system adds a user, it needs to create some default "configuration files" for this user in advance, and the default configuration is several hidden files in the /etc/skel directory. It can be said that /etc/skel is actually a "template" when creating users.
1.2. Specify UID, add belonging group, execute home directory
[root@localhost skel]# useradd -u 555 user1
When user user2 is created, the Group to which the user belongs is specified as user1.
[root@localhost skel]# useradd -g user1 user2
The d parameter specifies the user's home directory instead of using the default home directory created by the system
[root@localhost skel]# useradd -d /home/mydir3 user3
1.3. Set password: passwd
After the user is created, the user does not actually have the permission to log in to the system, because if no password is set, the second column separated by a colon in the user record in /etc/shadow will be displayed as two exclamation marks "!! ", which means that the user is not allowed to log in to the system.
Therefore, it is necessary to set the user's password at the same time. The setting command is passwd followed by the user name
//之后root用户才能执行
[root@localhost skel]# passwd john
Changing password for user john.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
1.4 Modify the user's home directory: usermod
# 添加用户设置密码
[root@localhost ~]# useradd alice
[root@localhost ~]# passwd alice
Changing password for user alice.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# 修改家目录为/home/alice_new
[root@localhost ~]# usermod -d /home/alice_new -m alice
# m参数的作用是,如果指定用户的家目录存在, 就自动创建新目录/home/alice_new,并使用该目录作为alice的新家目录。
1.5. User freezing and unfreezing
[root@localhost ~]# cat /etc/shadow | grep alice
alice:$1$Doi70VUY$Gmjq6HijgNLsm7xnys4Lw/:15642:0:99999:7:::
# 冻结
[root@localhost ~]# usermod -L alice
[root@localhost ~]# cat /etc/shadow | grep alice
alice:!$1$Doi70VUY$Gmjq6HijgNLsm7xnys4Lw/:15642:0:99999:7:::
# 解冻
[root@localhost ~]# usermod -U alice
[root@localhost ~]# cat /etc/shadow | grep alice
alice:$1$Doi70VUY$Gmjq6HijgNLsm7xnys4Lw/:15642:0:99999:7:::
1.6. Delete user
[root@localhost ~]# userdel alice
By default, when deleting a user, the original user's home directory and email information will not be deleted. You can use the -r parameter to delete the user's home directory and the user's mail at the same time.
2. User group operation
2.1. Add user group: groupadd
When adding a user, the system will create a user group with the same name as the user by default.
In fact, you can also create a user group directly. The command to add a user group is:
groupadd user group name
In Linux, use the /etc/group file to record user groups. As follows: Add a group1 group:
[root@localhost ~]# groupadd group1
[root@localhost ~]# cat /etc/group
......(略去内容)......
group1:x:503:
In the /etc/group file, each line represents a user group, and its format is 4 columns separated by 3 separators ":".
- The first column is the user group name
- The second column represents the password (but not used)
- The third column represents the numeric ID of the user group
- The fourth column is the group member, if it is empty here, it means that no user belongs to this group yet
2.2. Delete user group: groupdel
It should be noted here that if an existing user belongs to the group you are trying to delete, the operation will fail.
The groupdel command is used as follows:
[root@localhost ~]# groupdel group1
3. Check user information
1. View users: users, who, w
Linux defines all activities from different terminals as a session. From the output of the who command, it can be seen that user lianggao logs in to the system through different terminals.
As follows:
LiangdeMacBook-Pro:HDFS3 lianggao$ who
lianggao console 5 28 11:04
lianggao ttys000 5 28 11:21
lianggao ttys001 5 29 15:49
The result displayed by the command has 3 columns
- The first column is the username of the logged in user
- The second column is the terminal the user is logged into
- The third column is when the user logged in
w command
LiangdeMacBook-Pro:HDFS3 lianggao$ w
17:47 up 1 day, 6:44, 3 users, load averages: 2.69 3.12 3.06
登录用户名 登录终端 从哪里登录 登录时间 空闲时间
USER TTY FROM LOGIN@ IDLE WHAT
lianggao console - 日11 30:43 -
lianggao s000 - 日11 30:19 vim
lianggao s001 - 15:49 - w
第三列:如果用户从网络登录,则显示远程主机的主机名或IP地址。
The first line of the w command will display the current time, system uptime, number of logged-in users, and system load.