First, manage user accounts
1, an overview of user accounts
and Windows systems compared to the role of Linux system user account and group account is essentially the same, the same are based on the identity of the user to control access to resources, but there is little difference in the manifestations and individual details.
1), user accounts
on Linux systems, according to the needs of the user account management system into different types, which has the authority, as the roles are varied, including the super user, general user, and the user program.
Super User: root user is the Linux system default super user account with the highest authority of the machine, similar to the Administrator user on Windows systems. Only for system management, maintenance tasks, it is recommended to use the root user login system, use only the recommended daily transaction average user account.
Ordinary users: Ordinary user account needs to be created by the root user or another administrator, with rights subject to certain restrictions, are generally used only in the user's own home directory with full permissions.
Program users: When you install a Linux system and part of the application, or add some special low-rights user account, these users are generally not allowed to log into the system, but only to maintain the normal operation of a system or program.
2), UID number
for each user account Linux system has a digital form of identification tags, known as UID, for the core systems, each user's UID as the UID number in principle as the fundamental basis for distinguishing the user should only one. UID root user account number is a fixed value 0, and the program the user account UID number as the UID number defaults 1 to 999,1000 to 60000 is assigned by default to ordinary users.
3), user account file
information Linux system user account and password are stored in the appropriate configuration files, or directly modify these files using the user management commands can manage user accounts. Associated with user profiles there are two, namely / etc / passwd, / etc / shadow. The former used to store user accounts, home directory, login SHELL and other basic information, which is used to store user passwords, account numbers and other information is valid.
passwd file configuration line format
Each row in passwd file, included with the seven colon ":" separated configuration fields, arranged left to right, each of the fields have the following meanings.
The first field: name of the user account, but also to identify the name used when logging system.
Second field: the encrypted user password string or password placeholder "x".
The third field: UID number of user accounts.
The fourth field: GID number belongs to a basic set of accounts.
The fifth field: the user's full name, you can complete descriptive information associated with the user.
The sixth field: a host directory, where user login the default working directory.
Seventh field: login shell and other information, the user completes the Shell use after landing.
shadow file configuration line format
Each row in the shadow file, comprising nine colon ":" separated configuration field, from left to right, the meaning of each field is arranged as follows.
The first field: user account name.
The second field: MD5 encrypted password string information, and when the "*" or means that the user can not log on to the system, if the field is empty, then the user can log in without a password "!."
The third field: Last Modified passwords, expressed from 1970 to 0101 the date of the last modification of the number of days a password every time.
The fourth field: the minimum number of days a password.
The maximum number of days a password: fifth field.
The sixth field: how many days in advance to warn the user password is about to expire, the default value is 7.
Seventh field: the number of days after password expiration how many days to disable this user.
Eighth fields: account deterioration during This field specifies the number of days that a user obsolete.
The ninth field: reserved field, there is no particular purpose.
2, user account management
1) useradd command
useradd command can be used to add user accounts, the basic format of the command: useradd [options] user names
, such as creating a user named lisi's
useradd frequently used options
-u: specifies the user's UID number, provided that the UID number is not in use.
-d: specifies the position of the user's home directory.
-e: Specifies the user account expiration time.
-M: do not build your home directory.
-s: Specifies the user's login Shell.
passwd command
using the passwd command to set or change the password, root password for the right to manage other accounts. Here we set the example user "wangwu" password.
In addition to using the passwd command can change the account password, but also be able to lock user accounts, unlock the user's password can also be set to null. Several options are related.
-d: Clear the specified user's password without your password.
-l: lock the user account.
-S: View user's account status.
-u: unlock the user account.
Here we have a user "lisi" an example for locking and unlocking accounts.
usermod command
for the system user account already exists, can be reset command usermod various properties. usermod command also need to specify the account name as a parameter. The following are a few of the more common options.
-u: modify the user's UID number.
-d: Modify the position of the user's home directory.
-e: Modify user account expiration time.
-s: Specifies the user's login Shell.
-L: lock the user account.
-l: change the login name of the user account.
-U: unlock the user account.
For example, we modify the user's login Shell.
userdel command
when a user account system is no longer needed, we can use the userdel command to delete them, the command also needs to specify the user name as a parameter, combined with the option "r" can be deleted along with the home directory.
At this point we remove users wangwu example for operation.
Second, management group accounts
for the user account, the account can be divided into groups corresponding to the basic groups and additional groups of two types. Each user account can be a member of multiple groups of accounts, but it is only a basic set of accounts.
1, group accounts file
associated with a group account profile has two, namely, etc / group, etc / gshadow . The basic information is saved for the former group account name, GID, and other members of the group, which is used to set the account information is stored encrypted password string and so on.
2, add, delete, modify group accounts
1), groupadd command to add a group account, you need to specify when the GID number, you can use the "-g" option. For example, we create a group account called "yun" of.
2), gpasswd command could have been used to set the group account password, but this feature is rarely used, in fact, the more command is used to manage user group members account. You need to be added, deleted user members, respectively, using the "-a" "- d" option.
For example, we add a user group members stu01 to yun, remove members of the user stu02.
3) When a group account system no longer in use, you can use groupdel command to delete.
Here we remove yun account set an example for the operation.
3, query account information
1), using the id command to quickly view the specified user account UID, GID and other identifying information.
2), using the groups command to view the specified user account belonging to those groups.
Details 3), using the finger command to query a specified user account login attributes.
Use the w command to query the user logs on the current host, login account names listed, where the terminal, landing ,, login time, place and other sources.
Third, file permissions and ownership
1), set file permissions
when setting file permissions, mainly through chomd command.
2), set file ownership
needs when setting file ownership, mainly through chomn command. Can only be set or is a group owner, the owner may be provided at the same time, is a group.
Of the owner, is a group /bdqn/kgc.txt simultaneously modified.