1. Linux user management commands
1.1 useradd command
useraddCommand is used to create a new user account. Its name useraddis the abbreviation of " User Add ", which means adding a user.
useraddBasic syntax of the command: useradd [options] username
Among them, [选项]is optional, and different options can be used to achieve different functions. 用户名is the name of the user account to be created.
Commonly used options are as follows:
-d <目录>: directory , specifies the user's home path. If not specified, the user's home path defaults to: /home/username.-g <组名>: group , specifies the initial primary group to which the user belongs. If not specified, a group with the same name will be automatically created and added.
1.2 userdel command
userdelThe command is used to delete user accounts in Linux systems. Its name userdelis the abbreviation of " User Delete ", which means to delete a user.
userdelBasic syntax of the command: userdel [options] username
where 用户名is the name of the user account to be deleted
Commonly used options are as follows:
-r: recursive , delete the user's home directory (home directory) and mail directory at the same time.-f: force , forcefully delete the user, even if the user is currently logged in or the user's process is still running
When you use userdelthe command to delete a user, the user account information will be deleted, but the user's home directory will not be deleted by default. If you want to delete it together with the home directory, you can use -rthe option.
Extended analysis:
The deleted files are as follows
- Basic user information: stored in the /etc/passwd file;
- User password information: stored in the /etc/shadow file;
- Basic information of user groups: stored in the /etc/group file;
- User group password information: stored in the /etc/gshadow file;
- User personal files: The home directory is located in /home/username by default, and the mailbox is located in /var/spool/mail/username.
1.3 passwd command
The passwd command is used to set the user's password. Its name passwd is the abbreviation of " password ", which means "password".
Basic syntax of passwd command: passwd [options] [username]
Commonly used options are as follows
-l: lock , lock the user account and prohibit the user from logging in.-u: unlock , unlock the user account and allow the user to log in.-d: delete , disables the user password, allowing users to log in without a password.-e: expire , forcing the user to change the password the next time they log in.-S: status , displays the password status information of the user account.-x <天数>: expiredate, sets the number of days for password expiration. After the set number of days has passed, the user needs to change the password.-n <天数>: mindays , set the number of days for the minimum password validity period, that is, the password must be maintained for at least a certain number of days before it can be modified.-i <天数>: inactive , sets the maximum number of days for the password validity period, that is, the password must be modified after the specified number of days.-w <天数>: warndays , the number of days in advance to issue password expiration warnings to users.
1.4 chage command
chageThe command is used to modify the user's password expiration information. It allows administrators to change the user's password expiration time, password expiration time, account lockout time, etc.
Basic syntax of chage command: chage [options] username
Among them, [选项]is optional, used to specify the option to be modified, and 用户名is the user name of the user to be modified.
Commonly used options are as follows:
-l: list , displays the password expiration information of the specified user.-d <日期>: lastday , sets the date when the user's password was last changed. The date format is YYYY-MM-DD.-E <日期>: expiredate , set the user's account expiration date. The date format is YYYY-MM-DD.-M <天数>: maxdays , sets the user's password validity period, that is, the number of days between which the password must be changed.-I <天数>: inactive , set the user's account lock time, that is, how many days after the password expires, the user is prohibited from logging in.-m <天数>: mindays , set the number of warning days before the user's password expires, that is, how many days before the password expires to remind the user to change the password.
1.5 usermodCommands
usermodThe command is used to modify the properties of a user account. It can modify the user's user name, user ID, primary group to which the user belongs, the user's home directory, the user's login shell and other attributes. Its name usermodis the abbreviation of " User Modify ", which means "user modification".
usermodBasic syntax of the command: usermod [options] username
Among them, 选项is optional, used to specify the attribute to be modified, and 用户名is the name of the user account to be modified.
Commonly used options are as follows:
-l: login , modify the user name, that is, modify the user's login name to a new name.-u: uid , modify the user ID, that is, modify the user's unique identifier to a new value.-g: gid , modify the user's primary group, that is, modify the primary group to which the user belongs to a new group.-d: home , modify the user's home directory, that is, modify the user's home directory path to a new path.-s: shell , modify the user's login shell, that is, change the user's default /bin/bash to a new shell.-aG: append groups , add users to additional groups, that is, add users to specified additional groups.
1.6 id command
idThe command is used to display the user identity information of the current user or a specified user. Its name id is the abbreviation of " identity ", which means "identity".
idBasic syntax of the command: id [options] [username]
Among them, [选项]is optional and can use different options to achieve different functions. [用户名]It is the username of the user whose identity information is to be displayed. If no username is specified, the identity information of the current user is displayed by default.
Commonly used options are as follows:
-u: user , displays the user ID (UID) of the user.-g: group , displays the initial primary group ID (GID) to which the user belongs.-G: groups , displays the additional group IDs (comma-separated list) to which the user belongs.-n: name , displayed as user name instead of user ID.-r: real , displays the actual user ID (i.e. root user).-a: all , displays all the identity information of the current user.
1.7 su command
suThe command is a command to switch user identities in Linux. Its name su is the abbreviation of " Switch User ", which means "switch user".
Basic syntax of su command: su [options] [username]
Among them, [选项]is optional, you can use different options to achieve different functions, and [用户名]is the user name of the target user to switch to.
Commonly used options are as follows:
- -: The current user is not only switched to the identity of the specified user, but also the working environment used is switched to the environment of this user (including PATH variables, MAIL variables, etc.). Use the - option to omit the user name, and it will be switched to the root user by default.
- -l: login , similar to the use of -, that is, while switching the user identity, the working environment is completely switched, but the user account to be switched needs to be added later.
- -p: preserve environment , means switching to the identity of the specified user, but not changing the current working environment (do not use the switching user's configuration file).
- -c <command>: command , only switches the user to execute the command once, and automatically switches back after execution. This option is usually followed by the command to be executed.
Switching between ordinary users and switching from ordinary users to root users require knowing the other party's password. Switching can only be achieved by entering the password correctly. Switching from root user to other users does not require knowing the other party's password, and the switch can be successful directly.
1.8 groupadd command
groupaddThe command is used to create a new user group in a Linux system. Its name groupadd is the abbreviation of " Group Add ", which means "add user group".
groupaddBasic syntax of the command: groupadd [options] group name
Among them, 选项is optional, you can use different options to achieve different functions, and 组名is the name of the user group to be created.
Commonly used options are as follows:
-g GID: gid , specifies the GID (Group ID) of the user group. If this option is not specified, an available GID is automatically assigned.-r: system , create a system user group.-f: force , force the creation of the user group, even if the user group name already exists.
1.9 groupdel command
The groupdel command is used to delete user groups in Linux systems. Its name groupdel is the abbreviation of " Group Delete ", which means "delete user group".
Basic syntax of the groupdel command: groupdel [options] group name
Among them, [option] is optional, and different options can be used to achieve different functions. groupname is the name of the user group to be deleted.
Commonly used options are as follows:
- -f: force , forcefully delete the user group, even if the group has users belonging to it.
- -r: force , delete the files of the associated user group at the same time.
1.10 groupmod command
The groupmod command is used to modify the attributes and settings of user groups. Its name groupdel is the abbreviation of " Group Modify ", which means "group modification".
Basic syntax of the groupmod command: groupdel [options] group name
Commonly used options are as follows:
-g GID: GID (Group ID) , set the GID (Group ID) of the user group. Specify a number as the new GID.-n 新组名: Group Name , modify the name of the user group.-o: Allow Duplicate GID , allowing the use of non-unique GIDs. Usually-gused with options.-p 密码: Password , set the password of the user group. The password should be encrypted.-R 根目录: Restricted , specifies the root directory, used to specify a non-default root directory.-P: Pre-Existing Group , stores the specified password in the password field instead of prompting the user for a password.-A 用户列表: Administrators , specifies the list of users attached to the user group. The list of users is comma separated.
1.11 gpasswd command
gpasswdThe command is used to manage groups. Its name gpasswdis the abbreviation of " Group Password ", which means "group password".
gpasswdBasic syntax of the command: groupdel [options] group name
Commonly used options are as follows:
-a: add , add users to the group.-d: delete , delete the user from the group.-r: remove , remove the password of the group.-A: administrators , set the administrators of the group (Administrators).-M: members , set the member list of the group.
1.12 newgrpCommands
newgrpThe command is used to switch the effective group ID (GID) of the current user, which allows the user to switch to a different group in the current session.
Its name newgrpis the abbreviation of " New Group ", which means "new group".
newgrpBasic syntax of the command: newgrp [group name]
If no group name is specified, the user is switched to his default group. After switching groups, the user will gain the permissions and access rights of the new group. It should be noted that users can only switch to groups to which they belong or as additional groups. 且newgrpThe command only takes effect for the current session and will not remain valid in new terminal sessions. To change a user group globally, use suthe command.
Replenish
To view all users and groups, you can use the following command:
- View all users: use command
cat /etc/passwdorgetent passwd - View all groups: use command
cat /etc/grouporgetent group
Among them, getentit is the abbreviation of "get entries", which means "getting entries"; cat it is the abbreviation of "concatenate", which means "connection".
2. Linux permission setting commands
2.1 Permission module of ls command
Where ① represents the file type.
- - for ordinary files;
- d is a folder (directory);
- l is a soft link (symbolic link);
Note:
A soft link (symlink, symlink) is a path pointing to another file or directory. A soft link is similar to a shortcut in the Windows operating system.
A hard link is to create a new link to an existing file. The link is similar to the copy method in the Windows operating system.
②Indicate permissions
- Read permission (r): Allows the user to read the contents of the file, that is, view the contents of the file.
- Write permission (w): Allows the user to modify or edit the file, including writing, appending, or deleting the file's contents.
- Execute permissions (x): Allow the user to execute the file, that is, run it as an executable program.
extended analysis
The ls command outputs modules. In addition to the above-mentioned permission modules, the following modules are in order.
-
Hard Link Count module: Displays the number of hard links associated with a file or directory.
-
Owner module: Displays the owner of a file or directory.
-
Group module: Displays the group to which a file or directory belongs.
-
File size module: Displays the size of the file, usually in bytes. For directories, this field displays the size of the directory itself.
-
Modified date and time module: Displays the last modified date and time of a file or directory.
-
File/Directory Name Module: Displays the name of a file or directory.
2.2 chmod command
The chmod command is used to modify the permissions of files or directories. Its name chmod is the abbreviation of " Change Mode ", which means "change mode".
Basic syntax of the chmod command: chmod [options] pattern file name
Commonly used options are as follows:
-R: Recursively apply permission changes to a directory and its subdirectories and files.
There are two common pattern formats: symbolic pattern and numeric pattern.
(1) Symbolic Mode: Symbolic mode uses symbols to represent the increase or decrease of permissions.
Its basic format: chmod user symbol permission file name
(2) Numeric Mode: Numeric mode uses three octal numbers to represent a combination of permissions. Each number represents a set of permissions, which in order are owner permissions, group permissions and other user permissions.
Its basic format: chmod number 1 number 2 number 3 file name
| number |
meaning |
| 0 |
Without any authority, that is --- |
| 1 |
Only x permissions, namely --x |
| 2 |
Only w permission, that is -w- |
| 3 |
Only w and x permissions, that is -wx |
| 4 |
Only r permission, that is, r-- |
| 5 |
Only r and x permissions, that is, rx |
| 6 |
Only r and w permissions, that is, rw - |
| 7 |
Have full permissions , i.e. rw x |
2.2 chgrp command
The chgrp command is used to change the group to which a file or directory belongs. Its name chgrp is the abbreviation of " Change Group ", which means "change group".
Basic syntax of the chgrp command: chgrp [options] group name file or directory
Commonly used options are as follows:
-R: Recursively modify the groups to which files in the specified directory and its subdirectories belong.
2.3 chown command
The chown command is used to change the owner and group of a file or directory. Its name chown is the abbreviation of " Change Owner ", which means "change owner".
Basic syntax of the chown command: chown [options] username [:group name] file or directory
Commonly used options are as follows:
-R: Recursively modify the groups to which files in the specified directory and its subdirectories belong.
2.4 sudo command
The sudo command is used to execute commands as the superuser or other specified user. Its name sudo is the abbreviation of " Superuser Do ", which means "execute as super user".
Basic syntax of sodo command: sudo [options] command
Commonly used options are as follows:
- -u Username: User, execute the command as the specified user.
- -i: Login, log in as the root user and execute the command, similar to using sudo to execute the command under the root user.
- -s: Shell, execute the command as the root user, but retain the current user's environment variables.
- -l: List, lists the list of sudo commands that the current user can execute.
- -v: Validate, refresh sudo authorization within a period of time to avoid repeatedly entering passwords when executing multiple sudo commands.
Extended analysis:
When a user runs sudoa command, they typically go through the following steps:
- When a user runs
sudothe command, the system will first check/etc/sudoersthe file to verify whether the user hassudothe permission to run the command. This file defines which users or user groups can run commands as superuser. - If the user is authorized to run
sudothe command, the system will ask the user to enter their password for verification. For security reasons, the password will not be displayed on the screen when entered. - After entering the password, the system will verify the correctness of the password. If the password verification is successful, the system will mark the user as authenticated within a certain period of time (default is 5 minutes), which means that the user does not need to enter the password again during this time period to execute other commands
sudo. - After successful verification, the system executes the user-specified command as the super user (root).
- After the command execution is completed, the results are returned to the user.
In Linux systems, /etc/sudoersfiles are used to sudoconfigure permission settings for commands. Modify this file to add user permissions or modify existing permission settings. However, special attention needs to be paid. Before modifying /etc/sudoersthe file, it is not recommended to use vim. Instead, use visudocommands to edit the file. When leaving the modification page, the system will check the syntax of the /etc/sudoers file by itself to ensure the correctness of the syntax and avoid possible errors. question.
The following are /etc/sudoersthe general steps and analysis for modifying files and adding user permission settings:
(1) Execute the following command to edit /etc/sudoersthe file.
[root@hadoop01 ~]# sudo visudo(2) Press the down arrow ("↓") to search and locate the following configuration part.
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL| parameter | meaning |
| root ALL=(ALL) ALL |
|
| %wheel ALL=(ALL) ALL |
|
| #%wheel ALL=(ALL) NOPASSWD: ALL |
|
(3) Add new user permission settings.
Add user permissions or modify existing permissions Basic format: username host=(user:group) command
username: The username to which permissions are to be granted.host: Optional parameter that specifies the host name on which the command can be run.user:group: Optional parameter that specifies the user and user group as which the command can be run.command: Specifies a command or set of commands that can be run.
In visudothe editor, press the key "i" to enter editing mode. Add under the column "root ALL=(ALL) ALL"
"Username ALL=(ALL) ALL", then press ESC to return, and enter ":wq" to save and exit the file.
For some details, please refer to: http://c.biancheng.net/view/851.html