man useradd can view useful information related to the following
First, the user profile
1.1 User Information file: / etc / passwd
root: x:0:0:root:/root:/bin/bash
| Field | effect |
|---|---|
| The first one field | user name |
| The first two fields | Password sign x: on behalf of this user has a password, will eventually go to / etc / shadow in the password find, if you do not write, on behalf of no password |
| The first three fields | UID (user ID) 0: superuser, 1-499: the system user (pseudo-users) 500-65535: normal user |
| The first four fields | The GID (initial user group ID) |
| The first five fields | User Comments |
| The sixth field | Ordinary users home directory: / home / username / superuser: / root / |
| The first seven field | Shell after login |
If you want to become a regular user superuser, and need to be rewritten to UID 0
initial group: refers to a user logs immediately have the appropriate permissions to this user group, each user's initial group only one, is the general and the user's user group the same name as the user's initial group
additional groups: that users can join a number of other groups, and these groups have rights, additional groups can have multiple
1.2 shadow file: / etc / shadow
root:$6 jtjmHA2rocUmD1qwrbe6EuSPC11wW8wDuK2qAudUnBZ3iKg.MaYNRLKUf1Mp0OilcXwA74msPaeUp/3OIL4sf/:18267:0:99999:7:::
| Field | effect |
|---|---|
| The first one field | user name |
| The first two fields | Encryption password, if the password is a bit "!!" or "*" stands for no password, can not log in |
| The first three fields | Last password change date, using 1 January 1970 as the standard time, every passing day timestamp plus 1 |
| The first four fields | When modifying the password again, twice the interval modification password (and field compared 3rd) 0: representatives modify the password again, no time interval |
| The first five fields | The password is valid (and compared to the first three fields) |
| The sixth field | Modify the number of days before password expiration warning (and 5 field compared) |
| The first seven field | Grace Days after password expires (and the field compared to 5) 0: represents the password expires with immediate effect, -1: represents the password never expires |
| The first eight field | Account expiration time, use the timestamp indicates |
| The first nine field | Retention |
1.3 workgroup information file / etc / group and group password file / etc / gshadow
/etc/group
root: x:0:
| Field | effect |
|---|---|
| The first one field | group name |
| The first two fields | Group password flag |
| The first three fields | GUIDE |
| The first four fields | Additional user group |
/etc/gshadow
cdrom:*::panxiong
| Field | effect |
|---|---|
| The first one field | group name |
| The first two fields | Set password |
| The first three fields | Group administrator user name |
| The first four fields | Additional user group |
Second, the user management-related parts
Users to add relevant documents
- The user's home directory
- Average user: / home / username /, owner and group are user permissions 700
- Superuser: / root /, the amount of both owner and group root user privileges is 550
- User's mailbox
- / Var / spool / mail / username /
- User Template directory
- / etc / skel /
when creating a home directory, which the original document is copied from / etc / skel / directory in the past
- / etc / skel /
Third, user management commands
- Common Commands
# 1. 用户添加命令:useradd # useradd [option] 用户名 # -u UID:手工指定用户的UID号 # -d 家目录:手工指定用户的家目录 # -c 用户说明:手工指定用户的说明 # -g 组名:手工指定用户的初始组 # -G 组名:指定用户的附加组,多个附加组可以用逗号分隔 # -s shell:手工指定用户的登录shell。默认是/bin/bash useradd px # 创建一个用户后,系统会自动修改或添加以下的文件: # grep px /etc/passwd # grep px /etc/shadow # grep px /etc/group # grep px /etc/gshadow # ll -d /home/px # ll /var/spool/mail/px useradd -u 550 -G root,bin -d /px -c "test user" -s /bin/bash px # # 2. 修改用户密码:passwd # passwd [option] 用户名 # -S:查询用户密码的密码状态。仅root用户可用 # -l:暂时锁定用户,远程就没有办法登录,原理是在/etc/shadow下相关用户的密码前加上了!!。仅root用户可用 # -u:解锁用户。仅root用户可用 # --stdin:可以通过管道符输出的数据作为用户的密码 # 修改当前用户的密码 passwd passwd -S px # 输出 px 01/06/2020 0 99999 7 -1 # 用户名密码设定时间(01/06/2020)密码修改间隔时间(0) 密码有效期(99999) # 警告时间(7) 密码不失效(-1) echo "123" | passwd --stdin px # 3. 修改用户信息:usermod # usermod [option] 用户名 # -u UID:修改用户的UID号 # -c 用户说明:修改用户的说明信息 # -G 组名:修改用户的附加组 # -L:临时锁定用户 # -U:解锁用户锁定 # 修改用户说明 usermod -c "test user" px # 把px用户加入root组 usermod -G root px # 锁定用户 usermod -L px # 解锁用户 usermod -U px # 4. 修改用户密码状态:chage # chage [option] 用户名 # -l:列出用户的详细密码状态 # -d 日期:修改密码最后一次更改日期(shadow 3字段) # -m 天数:再次密码修改间隔(4字段) # -M 天数:密码有效期(5字段) # -W 天数:密码过期前警告天数(6字段) # -I 天数:密码过后宽限天数(7字段) # -E 天数:账号失效时间(8字段) # 这个命令其实是把密码修改日期归0了(shadow 3字段),这样用户一登陆就要修改密码 chage -d 0 px # 5. 删除用户:userdel # userdel [-r] 用户名 # -r:删除用户的同时删除用户家目录 # 6. 用户切换命令:su # su [option] 用户名 # - :选项只使用“-” 代表连带用户的环境变量一起切换 # -c 命令:仅执行一次命令,而不切换用户身份 su - root # 不切换成root, 但是执行useradd命令添加px用户 su - root -c "useradd px" # 7. 查看用户ID # id 用户名 id px # 输出:uid=0(root) gid=0(root) groups=0(root)
Useradd and adduser will use these two commands create a user under Linux, their differences are as follows:
1. To use useradd, if the latter do not add any parameter options, such as: #sudo useradd test created out of the user will be the default "three no "user: a free Home Directory, two no password, three non-system Shell.
2. When using adduser, create a user process is more of a man-machine dialogue, the system will prompt you to enter a variety of information, and then creates a new user based on the information to help you.
adduser will be prompted to set a password, and useradd will not.
adduser will create a user directory, such as / home / freebird freebird user, useradd will not
dduser creates a user directory, such as / home / freebird freebird user, useradd will not
adduser will ask for the full name, room number, phone number and other user information , useradd will not be
in Linux, adduser more suitable for primary users, because do not have to memorize complicated parameter options, just follow the prompts to proceed step by step system on the line, the disadvantage is that the entire process of creating complex and lengthy; and more suitable for useradd some users experience high order, often add command line parameters can solve a lot of problems, so it is very easy to create.
-
Manually delete a user:
# 1. 删除/etc/passwd中相关内容 vim /etc/passwd # 2. 删除/etc/shadow中相关内容 vim /etc/shadow # 3. 删除/etc/group相关内容 vim /etc/group # 4. 删除/etc/gshadow中相关内容 vim /etc/gshadow # 5. 删除邮箱 rm -rf /var/spool/mail/用户名/ # 6. 删除家目录 rm -rf /home/用户名/ -
User Defaults file
# 1. /etc/default/useradd文件 vim /etc/default/useradd - GROUP=100 # 用户默认组 - HOME=/home # 用户家目录 - INACTIVE=-1 # 密码过期宽限天数(shadow文件7字段) - EXPIRE= # 密码失效时间(shadow文件8字段) - SHELL=/bin/bash # 默认shell - SKEL=/etc/skel # 模板目录 - CREATE_MAIL_SPLLO=yes # 是否建立邮箱 # 2 /etc/login.defs PASS_MAX_DAYS 99999 # 密码有效期(5) PASS_MIN_DAYS 0 # 密码修改间隔(4) PASS_MIN_LEN 5 # 密码最小5位(PAM) PASS_WANR_AGE 7 # 密码到期警告(6) UID_MIN 500 # 最小和最在UID范围 UID_MAX 60000 ENCRYPT_METHOD SHA512 # 加密模式
Fourth, user group management command
# 8. 添加用户组
# groupadd [option] 组名
# -g GID:指定组ID
groupadd group1
# 10. 修改用户组
# groupmod [option] 组名
# -g GID:修改组ID
# -n 新组名:修改组名
# 把组名group1修改为newgrp
groupmod -n newgrp group1
# 11. 删除用户组
# groupdel 组名
groupdel newgrp
# 12.把用户添加入组或组中删除
# gpasswd 选项 组名
# -a 用户名:把用户加入组
# -d 用户名:把用户从组中删除
# 把用户px加入newgrp组中
gpasswd -a px newgrp
# 把用户px从newgrp组中删除
gpasswd -d px newgrp
