############# user and user group management ###################
Linux known only UID and GID # available in / etc / passwd and / etc / group to find
##/etc/passwd 详解
[root@lgh2 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
省略。。。
Many users of the system user or pseudo-user. System users can not log on to the system, but it can not be deleted, because once deleted, users rely on these services or programs running on
can not be executed properly, it can lead to system problems
# Format
Username: Password: UID (User ID): GID (Group ID): descriptive information: Home Directory: The default Shell
Username: representatives of user identity symbol
password: "x" represents the password, the real password is stored in / etc / shadow in
UID: user id, number between 0-65535, 0 represents the root superuser 1-499 indicates the system user (pseudo-users) 500-65535 represents normal user
GID: group ID, a group represented by the initial user groups id
initial group: refers to have the appropriate permissions to this user group when users log in. Each user can have only one of the original group, and is usually the user of the same group name as the user name of the user's initial set of
additional groups, it means that the user can join a number of other groups, and these groups have rights
descriptive information: language interpretation
home directory: user's home directory is the
default Shell: Linux system using the default command interpreter is bash (/ bin / bash)
## / etc / shadow Comments
[root @ lgh2 ~] # CAT / etc / Shadow
root: $ 6 $ ma8fbbGcOsZzwVFU $ 6WxNnECNp8FjKH7a6ePicjhMWRvNCXrdonjYSn24uX5sP2A9tcD64MKOTdEkyrsdOdvoW42FhJJbJdOJ6AKL7 :: 0:. 99999: 7 :::
bin: *: 17632: 0: 99999: 7 :: :
daemon: *: 17632: 0: 99999: :::. 7
will be omitted. . .
# Format
username: encrypted password: Last modified: minor modifications interval: Password Validity: Password take several warnings days before the change: grace period after the password expires: account expiration time: Reserved fields
Username: with / etc / passwd user
encryption password: You can not manually modify, SHA512 hashing algorithm to encrypt, all pseudo-user password is "!" or "*" means no password can not login. Of course, the newly created user to set a password if you do not,
then it's also a password entry "!!", on behalf of the user without a password, you can not log on.
Last Modified: The last time the password of January 1, 1970 as a time, cumulatively resulting
minimum modification time interval: This field specifies the (last modified date password) from the third field, how long within the time you can not change the password. If it is 0, the password can be modified at any time;
password expiration: Specifies the length of the third field (the last to change your password once) how long the need to change the password again, otherwise the account password expiration phase
the number of warning days before the password needs to be changed: the first 5 field compared to when the account password is about to expire, the system will issue a warning message to this account
grace days after the password expires: also known as "password expiration date" after the failure, also can log the number of days
the account expiration time: same Like the first three fields, use the total number of days since January 1, 1970 as the time to failure accounts. This field indicates, in addition to the account specified in the field of time, regardless of whether your password expires, will not be able to use!
## / ect / group Comments
document is a user group profile, i.e., all the information of the user group are stored in this file.
[the root @ lgh2 ~] # CAT / etc / Group
the root: X: 0:
bin: X:. 1:
daemon: X: 2:
SYS: X:. 3:
ADM: X:. 4:
TTY: X:. 5:
Disk: x: 6:
omitted. . .
# Format
group name: password: GID: user group in the user list
user list of the user group: The user group is the user's initial group, the user will not be written in this field
to other fields supra
# / etc / gshadow Comments
[lgh2 the root @ ~] # CAT / etc / gshadow
the root :::
bin :::
daemon :::
omitted. . .
# Format
Group name: encrypted password: Administrator Group: Group additional user list
#cat /etc/login.defs | grep -v ^ # | grep -v "^ $"
to view some default value (account) when creating a user
# useradd-
-d # to manually specify the user's home directory. Home directory must write the absolute path
-M # does not create the home directory of
the initial group of users to manually specify the -g #
additional specified user group -G #
-c # manually specify the / etc / passwd file for each user information in the first five fields descriptive matter, can easily configure;
-u # manually specify the user UID, the UID attention range (not less than 500)
-s # Shell user's login manually specified, the default is / bin / the bash;
-e failure specified user # said period, in the format "YYYY-MM-DD". That is the eighth field / etc / shadow file;
-o # allows you to create the same user's UID. For example, the implementation of "useradd -u 0 -o usertest" command to create a user usertest
-r # to create a system user, UID is between 1 and 499,
When the / etc / default / useradd ## users create some default configuration (home directory, etc.)
can also be viewed through -D useradd
[root @ lgh2 skel] # LL -a / etc / skel / ## can be used to copy to the home directory
Total 24
drwxr XR-2 X-62 is the root the root On Apr. 11 2018..
drwxr XR-8192-X the root 91 is the root On Jun 27 04:47 ...
-rw-R & lt -. r-- the root 18 is the root On Apr. 1 2018 .bash_logout 10
-rw-R & lt - r--. 1 the root On Apr 10 2018 193 .bash_profile the root.
-rw-R & lt -. r-- the root the root. 1 231 On Apr 10 2018 .bashrc
#passwd
# format: passwd [options] username
-S: query the status of the user's password, the content of which is / etc / shadow file in the user's password. Only the root user can;
the -l: temporarily locked users, this option specifies the user's password is encrypted before adding strings in / etc / shadow file, the password failure "!." Only the root user is available;
-u: unlock the user, and corresponds to the -l option, the user is only root;
--stdin: symbol can be output through the data pipe as the user's password. Mainly in the batch adding users;
-n Days: Set the user modified the password, how long can not change your password again, that is, modify / etc / shadow file for the first four fields of each line password;
-x Days: Set this the password is valid the user, corresponding to / etc / shadow file in the fifth field of each row password;
-w days: set the number of warning days before the user password expires, for the first six fields / etc / shadow file each row password;
-i date: user password expiration date, the field corresponding to the 7th / etc / shadow file, each line of code.
echo “abcd1234” | passwd username --stdin
#usermod
# Format: usermod [options] user name
-c user instructions: user instructions to modify information that modifying / etc / passwd file first five field goals user information;
-d home directory: Modify the user's home directory, that is, the sixth field modify / etc / passwd file in the target user information, you need to note that the home directory must write an absolute path;
-e date: modify failure of said user in the format "YYYY-MM-DD", that is, modify / etc / shadow file destination user password eight fields of information;
-g group name: to modify the initial set of users, i.e., modify / etc / passwd file destination user information of four fields (the GID);
-u the UID: modify the user's UID, that is, modify / etc / passwd file the third field goal of user information (UID);
-G group name: modify the user's additional groups, in fact, the user add other user groups, modify / etc / group file;
the -l username: modify the user name;
-L: temporarily locked users (lock);
-U: unlock the user (unlock), and -L correspondence;
-s shell: modify the user's login shell, the default is / bin / bash.
#chage
# Format: chage [options] user name
-l: List in detail the state of the user's password;
-d Date: Modify / etc / shadow file Specifies the user password first three fields of information, which is the last password change the date in the format YYYY-MM-DD;
number -m day: modify the number of days the password minimum retention, that is, / etc / shadow file in the first four fields;
-M days: Change valid password, that is, / etc / shadow files in the fifth field;
-W days: warning before the amendment password expires a few days, which is / etc / shadow file in the first six fields;
-i days: the number of grace days after the change password expiration, which is / etc / shadow file in the seventh field;
-E date: modify account expiration date, in the format YYYY-MM-DD, that is, / etc / shadow file of eight fields.
#userdel
# format userdel -r username
The -r option means to delete the user's home directory delete users at the same time.
#id
the above mentioned id command to query the user's UID, GID and additional information group
# format: id username
#su
# Format: su [option] username
-: not only the current user switches to specify the user's identity, and used in the work environment also switch the user's environment for this purpose (including the PATH variable, MAIL variables, etc.), use the - option to omit user name, the default will switch to the root user.
-l: same - similar use, that is, while switching user identity, complete switch work environments, you need to add user accounts to be behind the switch.
-p: represents changes to the specific identity of the user, but does not change the current working environment (without the use of switch user profiles).
-m: -p and the same;
-c command: switch only executed once the user command, automatically switch back after the execution, this option is usually with a command to be executed.
su - -c "useradd user1" root
use the su command, there is - and is not - is completely different - while switching option indicates that the user's identity, even the current use of environment variables switch to the specified user
# groupadd
# Format: groupadd [options] group name
-g GID: Specifies the group ID;
-r: Create a system group.
#groupmod
# Format: groupmod [Options] group name
-g GID: Modify Group ID;
-n new group name: Modify the group name
#groupdel
# Format: groupdel group name
can not be used arbitrarily delete group command groupdel
#gpasswd
order to avoid the system administrator (root) is too busy, not been able to manage groups, we can use the command gpasswd to the group set up a group administrator,
instead of the complete root user add or remove group operation
# format: gpasswd options group name
: option is empty, it indicates to the group set a password, only the root user is available.
-A user1, ...: the control group to user1, ... such as user management, that is, setting user1, ... etc user is an administrator of the group, only the root user can
-M user1, user2 ...: the user1, ... added to this group, only the root user is available.
-r: remove the password group, only the root user is available.
-R: Let the group password failure, root users only.
-a user: The user is added to the user group.
-d user: the user to remove the user from the group.
#newgrp
active set handover user, the newgrp command to select a group from the additional group of users, the user as a new initial set
# Format: newgrp group name