linux system is a multi-user multi-task time-sharing operating system, a user want to use any system resources, must first apply for an account to the system administrator. Using linux operating system, usually when we encounter multi-user management.
such as:
Add user accounts, delete, modify,
User password management
User group management
1. Add a new user
Syntax: useradd Options Username
Parameter Description:
-c comment Specifies the description of a comment.
-d directory Specifies the user's home directory, if this directory does not exist, you can use the -m option, you can create a home directory.
-g group of users specify the user group they belong to.
-G group of users, user groups, specify additional groups the user belongs.
-s Shell file specifies a user's login Shell.
-u user specifies the user number user number, if there are -o option, you can re-use other user identification number.
useradd -d /home/ztl -m ztl
Explanation: This command creates a user sam, where -d and -m option is used to generate a home directory / usr / sam (/ usr as the default user's home directory is the parent directory) as the login name sam.
useradd -s /bin/sh -g group -G adm,root gem
Explanation: This command creates a GEM user, the user's login Shell is / bin / sh, a user group it belongs to the group, but also belong to the root and adm user groups, the user group is a group wherein the primary group.
There may be a new group: #groupadd group: groupadd adm
Increase user account is in the / etc / passwd file, a record increase for new users, while updating other system files such as / etc / shadow, / etc / group and so on.
Linux provides integrated systems management tools userconf, which can be used for unified management of user accounts.
2. View users, user groups
cat / etc / passwd # can view a list of all users w # can view the current list of active users cat / etc / group # View User Groups
groups # View the group's members currently logged in user groups #test view the test user's groups, and group members whoami # View the currently logged on user name
3. Delete Account
If a user account is no longer used, can be removed from the system. To delete a user account is / etc / passwd and other system files to delete the user record, if necessary, delete the user's home directory.
userdel username Options
Common option is -r, its role is to delete along with the user's home directory.
userdel -r ztl
Explanation: This command deletes user ztl records in a system file (mostly / etc / passwd, / etc / shadow, / etc / group, etc.), as well as delete user's home directory.
4. Modify Account
Modify user account is about to change the attributes of a user based on the actual situation, such as the number of users, home directories, user groups, such as Shell login.
Modify existing user information usermod command using the following format:
usermod options Username
Common options include -c, -d, -m, -g, -G, -s, -u and -o, etc., meaning these options with useradd command options, as you can specify a new value for the resource users.
In addition, some systems can use the options: -l new user name
This option specifies a new account, the original user name soon changed to a new user name.
E.g:
usermod -s /bin/ksh -d /home/z -g developer sam
Explanation: This command sets the user's login sam Shell modified to ksh, the main directory to / home / z developer to user groups
5. User password management
An important part of user management is user password management. Just create a user account without a password, the system is locked but can not use, you must assign a password before you can use even specify an empty password.
Specify and modify user passwords Shell command is passwd. Superuser can specify a password for yourself and other users, ordinary users can only use it to modify their own password. Format command is:
passwd username option
Options can be used:
- -l Lock password, which disables the account.
- -u password to unlock.
- -d the account without a password.
- -F forced to change password when users log in next time.
If the default user name, then modify the current user's password.
For example, assume that the current user is a SAM, the following command to modify the user's own password:
$ passwd
If the super user, you can specify any user's password using the following form:
# passwd sam
Demo:
[root@admin ~]# passwd sam Changing password for user sam. New password: BAD PASSWORD: it is too simplistic/systematic BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully.
The above examples Hint: The password is too simple, do not ignore it, continue to enter the password on OK.
When ordinary users to change their passwords, passwd command will check the original password, and then verify that require users to enter a new password twice, enter the same password twice if, then the password assigned to the user; and the super user to specify a password for the user when you do not need to know the original password.
For reasons of system security, the user should select the more complex the password, for example, preferably using an 8-bit password, the password includes uppercase, lowercase letters and numbers, and should name, birthday, etc. differ.
When you specify an empty password for the user, execute the following command in the form:
# passwd -d sam
This command deletes the user sam's password when they next sign this user sam, the system does not ask for a password.
You can also lock the passwd command with -l (lock) the options for a user, you can not log in, such as:
# passwd -l sam
Original Source: https: //www.cnblogs.com/selectztl/p/9523151.html
Linux users, groups, file permissions study notes
Reference URL: http: //www.sourcejoy.com/other_dev_tech/linux-user-and-file-manage.html
recent plan more carefully to learn about linux operating system. First, a little catching up users, groups, file permissions these three important knowledge.
Learning these things, we must first master the knowledge of linux permissions system.
linux permissions system is mainly composed of users, user groups and permissions.
That is, a user login and use a linux user. represented by interior linux UID.
User Group is the group of users. Internal linux represented by GID.
Permissions are read, write, execute three permission.
linux user information stored in the / etc / passwd file, in addition, / etc / shadow file is stored in the user's password information.
/ etc / passwd file formats:
Username: Password: UID: the GID: User information: the HOME directory path: user shell
wherein UID is 0 user root, 1 ~ 499 users of the system, 500 or more for the average user
/ etc / shadow save the user password information, including encrypted passwords, password expiration, password expiration prompted number of days.
User group information stored in / etc / group file.
Following format:
User group name: group password: GID: the group accounts (plurality of accounts by commas)
after the user logs, / etc / passwd file for the user's GID The initial user group.
The initial user of the fact that the user group will not / etc group reflected /.
View the current user of the user group command:
[the root @ local opt] #groups
the root bin daemon SYS ADM Disk Wheel
information output, the first user group of the current user group active user (current user group)
handover active user group command:
[the root @ local opt] # newgrp name of the user group
to leave the new active user group, enter the exit enter.
New User command:
[root @ local opt] # useradd-user name -g initial user group -G other user groups (modify / etc / group) -c -u user instructions specified UID
finished building the user needs to set a password for the user:
[root @local opt] #passwd username
users to modify their own password command:
[root @ local opt] #passwd
modify user information command:
[root @ local opt] #usermod parameters username
parameters:
-c Description
-g initial user group name group
-e expiration date format: YYYY-MM-DD
-G group name other user groups
-l modify the user name
-L locked account (in / etc / shadow password file corresponding to the user in front of the password string with two exclamation mark (! !))
-U unlock
delete user command:
[root @ local opt] #userdel [-r] username
where -r parameter to delete the user's home directory.
In fact, there are probably other places in the user file system, to complete their file and delete a user must first locate the file belongs to him:
[root @ local opt] #find / -user user name
and then delete, then run userdel delete users.
View available shell commands:
[root @ local opt] #chsh the -l
modify their shell command:
[root @ local opt] #chsh -s
see yourself or someone UID / GID information:
[root @ local opt] #id [ user name]
return valid user information in the groups for the group
to add the user group command:
[root @ local opt] # groupadd user group name
to modify user group names command:
[root @ local opt] -n name #groupmod
delete a user group command:
[root opt @ local] #groupdel name of the user group
set the user group password command:
[root @ local opt] #gpasswd user group name
if gpasswd add parameters, there are other features
to set user group administrator command:
[root @ local opt] #gpasswd -A user name of the user group name
is added to the account of a set of commands:
[the root @ local opt] -M #gpasswd user name of the user group name
delete a command to the account from the group consisting of:
[root @ local opt] #gpasswd -d user name of the user group name
passwd operating parameters:
the -l Lock user
-u unlock the user
-n number of days a password can not be another day
-x number of days the number of days the password expires
a few days -w warning a few days
file permissions knowledge
first look instance:
[root @ local opt] #ls -al
LS -al command lists all files, including hidden files. Hidden file filename first character '.'
-Rw-R & lt - r--. 1 the root 81 08-02 14:54 the gtkrc the root-1.2-gnome2
-rw -------. 1 the root the root 189 14:54 ICEauthority 08-02
-rw -------. 1 the root the root 35 08-05 10:02 .lesshst
drwx ------. 3 4096 08-02 14:54 .metacity the root the root
drwxr-XR -x 3 root root 4096 08-02 14:54 nautilus
column definition list is as follows:
[authority attribute information] [connections] [owner] [user group owner] [size] [last modification time] [filename ]
permissions list property is 10 characters:
the first character indicates the file type, d is the directory - file for the normal l b is connected to the interface device may store c input device is a keyboard, a mouse, etc.
2,3,4 character represents the owner rights, 5,6,7 characters represent the same group owner user permissions, user rights for other 8,9,10
second character indicates the owner permission to read, if you have permission it is r, no permission was -
the third character indicates the owner write permission, if permission was w, no permission was -
the fourth character indicates the owner execute permission, if you have permission, compared with x, then no permission is -
the fifth character represents the owner of the same group of users permission to read, if you have permission, compared with r, no permission was -
the sixth character represents the owner of the same group of users write permissions, if you have permission, compared with w, then do not have permission is -
seventh character represents the owner of the same group of users execute permissions, if you have permission, compared with x, no permission was -
the eighth character represents another extraordinary group read permission, if permission was r, no permission was -
The ninth character represents another extraordinary group write permissions, if you have permission, compared w, no permission was -
the tenth character represents another extraordinary group execute permissions, if you have permission, compared with x, no permission was -
modify owned by group command:
[root @local opt] #chgrp [-R] groups filename
wherein -R recursive set
owner and group modify command file:
[the root @ local opt] #chown [-R] User [: User Group] filename
modified file access permissions command:
[root @ local opt] #chmod [-R] 0777 file name
At this point, users, files and permissions related things, a summary of 7788, and the next is, usually dare to use various commands, eager to see Benpian summarize it.
================================================== ==================
Linux View user and group methods
whois
function: find and display user information.
Syntax: whois [account name]
Supplement: whois command will look for and display user-related information specified account, as it is to the Network Solutions WHOIS database to find, so the account name must be registered on it can only be found, and name is not case-sensitive differences.
-------------------------------------------------- -------
whoami
function: first name appears to the user.
Syntax: whoami [--help] [- version ]
Additional information: user name display itself, this corresponds to instruction execution "id -un" instruction.
Parameters:
--help online help.
--version display version information.
-------------------------------------------------- -
the WHO
function: displays the current system login user information.
Syntax: who [-Himqsw] [- help ] [- version] [am i] [ log file]
added: the implementation of this directive may know there are users who log into the system, the implementation of who command separate lists Login account, use of the terminal, login time, and where to sign or display which X is being used.
Parameters:
-H or --heading show the title of each column of the columns of information.
-u or -i or --idle idle time display, if the user has any previous operation within one minute, will be marked as "." number, if the user has more than 24 hours without any action, it is marked out. " old "string.
-m and the effect of this parameter designated "am i" the same character string.
-q or --count display only the account name, and the total number of login system.
-s This argument ignores not be processed, only who is responsible for resolving compatibility issues with other versions of the directive.
-T or -w or --mesg or --message or --writable display the user's information status bar.
--help online help.
--version display version information.
-------------------------------------------------- -
W
function: display current logged user information.
Syntax: w [-fhlsuV] [User Name]
added: the implementation of this directive can login to the system that currently there are those users who, as well as the program they are performing. Alone execution w
command displays all of the users, you can also specify a user name, displays only information about a user's.
Parameters:
-f user logs on or off the display where the system.
-h does not display the title of each column of the columns of information.
-l use a detailed list format, this is the default.
-s list format using simple, does not display the user login time, the terminal phase of operation and procedures consuming CPU time.
-u Ignore the name of the implementation of the program, and the program takes information CPU time.
-V Display version information.
-------------------------------------------------- ---
finger command
function finger command is to query the user information display system is usually a user name, home directory, dead time, login time, login shell and other information. If you want to query the user information on a remote machine, you need to take after the user name "@ hostname", using [user @ host] format, but the network host to query need to run the finger daemon.
The general format of the command is:
finger [options] [users] [user @ host]
meaning of each option in the following command:
-s displays the user's login name, real name, terminal name and write status, the dead time, login time and other information.
-l addition to the information displayed by the -s option, also displays the user's home directory, login shell, mail status and other information, as well as content .plan, .project, and .forward files in the user's home directory.
In addition to -p .plan files and .project files do not show other than the -l option.
[Example] using the finger command on the local machine.
Finger XXQ $
the Login: XXQ the Name:
Directory: / Home / XXQ Shell: / bin / bash
Last the Login Thu Jan 1 21:43 (CST) ON tty1
. No mail
. No Plan
$ finger
the Login the Name Tty Idle the Login Time Office Office Phone
* 28 Nov 1 root root 25 09:17
......
-------------------------------------- ----------------------------
/ etc / group file contains all group
all users present in / etc / shadow and / etc / passwd system name
change method of the current user belongs to the group
usermod or you can directly modify / etc / paaawd file to
------------------------------ ----------------------------------
vlock (virtual Console Lock)
function: lock the virtual terminal.
Syntax: vlock [-achv]
added: instruction execution vlock virtual terminal can be locked to prevent others to use.
Parameters:
-a or --all lock all the terminal stages of work, if you use this parameter in full-screen terminal, it will be using the keyboard
to switch terminal functions close together.
-c or --current lock the current terminal stage of work, this is the default.
-h or --help online help.
-v or --version display version information.
-------------------------------------------------- ------
the usermod
function: to modify user accounts.
Syntax: usermod [-LU] [- c < Notes>] [- d <Sign Catalog>] [- e <expiration date>] [- f <buffered Days>] [- g <group>] [- G < Groups>] [- l <account name>] [- s] [- u] [ user account]
supplementary note: usermod can be used to modify the settings of the user account.
Parameters:
-c <Note> Edit Note text user account.
-d login directory> directory to modify the user login.
-e <expiration date> account expiration date of modification.
-f <buffer days> modify the number of days after the password expires i.e. close the account.
-g <Group> Edit group the user belongs.
-G <group> Additional modifications group the user belongs.
-l <account name> Modify the user account name.
-L Lock user password, the password is invalid.
-s modify user login shell after use.
-u modify user ID.
-U unlock the password lock.
-------------------------------------------------- -----
userdel
function: delete user accounts.
Syntax: userdel [-r] [user account]
Supplement: userdel to delete a user account and related files. Without additional parameters, only delete a user account without deleting the related files.
Parameters:
-f delete user login directory and all the files in the directory.
-------------------------------------------------- --------
userconf
Function: User account setup.
Syntax: userconf [--addgroup <group>] [- adduser <user ID> <Group> <user name>] [- delgroup <group>] [- deluser <user ID>] [- help]
supplement: userconf actually a symbolic link linuxconf provides a graphical interface mode of operation, the administrator for the establishment and management of all types of accounts. Without any arguments, that is, into the graphical interface.
Parameters:
--addgroup <Groups> New Group.
--adduser <user ID> <Group> <username> new user account.
--delgroup <Group> Delete group.
--deluser <User ID> to delete user accounts.
--help Displays help.
-------------------------------------------------- ----
useradd
function: to create a user account.
Syntax: useradd [-mMnr] [- c < Notes>] [- d <Sign Catalog>] [- e <expiration date>] [- f <buffered Days>] [- g <group>] [- G < Groups>] [- S] [- U] [user account] or useradd -D [-b] [- e < expiration date>] [- f <buffered days>] [- g <group>] [- G <Groups>
] [- s] Supplement: useradd used to create a user account. After the account built, then set password passwd account. The available userdel deletes the account. Use the useradd command to establish the account is actually stored in the / etc / passwd text file.
Parameters:
-c <Notes> Notes add text. Note the text is saved in the memo field in passwd.
-d <login directory> Specifies the starting directory when the user logs in.
-D change the default value.
-e <expiration date> designated account expiration date.
-f <buffer days> specifies the number of days after the password expires i.e. close the account.
-g <group> designated group the user belongs.
-G <group> specify additional groups the user belongs.
-m automatically create the user's login directory.
-M Do not automatically create the user's login directory.
-n Cancel establish a user name in the name of the group.
-r create a system account.
After user login shell specified -s used.
-u Specifies the user ID.