First, the user account management
1, an overview of user accounts
Linux to control access to resources based on user identity.
2, user account management
1) user account
Superuser (the root);
general user;
Program users;
- UID (User IDentify) user identification number;
① user accounts file / etc / passwd
/ Etc / passwd file used to store user name, home directory, basic information log Shell and the like; each row corresponds to a user's account records. As shown below:
② user accounts file / etc / shadow
/ Etc / shadow file to save user's password information, the account expiration date, each row corresponds to a user's password record. As shown below:
3, add user accounts
Add user accounts common commands and options in the following format:
Application examples:
<!--创建bob用户,管理组为root,附加组为root,指定宿主目录为/bob-->
[root@01 ~]# useradd -d /bob -g root -G root bob
[root@centos01 ~]# tail -2 /etc/passwd
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
bob:x:1001:0::/bob:/bin/bash
<!--创建tom用户,不需要创建宿主目录,账户不能登录系统-->
[root@centos01 ~]# useradd -M -s /sbin/nologin tom
[root@centos01 ~]# tail -2 /etc/passwd
bob:x:1001:0::/bob:/bin/bash
tom:x:1002:1002::/home/tom:/sbin/nologin
4, set / change user password passwd
Set / change user passwords basic command syntax and format commonly used options are as follows:
Application examples:
[root@centos01 ~]# passwd bob <!--账户设置密码-->
更改用户 bob 的密码 。
新的 密码: <!--输入密码-->
无效的密码: 密码未通过字典检查 - 过于简单化/系统化
重新输入新的 密码: <!--确定密码-->
passwd:所有的身份验证令牌已经成功更新。
[root@centos01 ~]# passwd -l bob <!--锁定用户-->
锁定用户 bob 的密码 。
passwd: 操作成功
[root@centos01 ~]# passwd -S bob <!--查看用户是否锁定-->
bob LK 2020-01-11 0 99999 7 -1 (密码已被锁定。)
[root@centos01 ~]# passwd -u bob <!--解锁用户-->
解锁用户 bob 的密码。
passwd: 操作成功
[root@centos01 ~]# passwd -S bob <!--查看用户状态是否解锁-->
bob PS 2020-01-11 0 99999 7 -1 (密码已设置,使用 SHA512 算法。)
[root@centos01 ~]# passwd -d bob <!--清空账户密码-->
清除用户的密码 bob。
passwd: 操作成功
[root@centos01 ~]# userdel -r bob <!--删除账户和宿主目录-->
[root@centos01 ~]# tail -2 /etc/passwd
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
tom:x:1002:1002::/home/tom:/sbin/nologin
5, the initial user account profiles
When a new user account file derived from the / etc / skel directory is copied; initial primary user profile is as follows:
-
~ / .Bash_profile: each execution login.
-
~ / .Bashrc: executed every time you enter a new Bash environment.
- ~ / .Bash_logout: Log execute every time.
Second, the management group accounts
1, group account overview
Basic group (private group);
Additional groups (public group);
- GID: group identification number
1) group accounts file / etc / group
/ Etc / group file is used to save the set of basic account information; follows:
[root@centos01 ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
............ <!--此处省略部分内容-->
2) group accounts file / etc / gshadow
/ Etc / gshadow group accounts for recording the password information; follows:
[root@centos01 ~]# cat /etc/gshadow
root:::
bin:::
daemon:::
sys:::
adm:::
tty:::
............ <!--此处省略部分内容-->
2, add group accounts groupadd
Add a group account command of basic format is as follows:
Application examples:
[root@centos01 ~]# groupadd -g 200 accp
[root@centos01 ~]# tail -3 /etc/group
tcpdump:x:72:
test:x:1000:
accp:x:200:
[root@centos01 ~]# groupadd benet
[root@centos01 ~]# tail -3 /etc/group
dhcpd:x:177:
tom:x:1002:
benet:x:1003:
3, add, delete group members gpasswd
Set group account password, add / remove group members; basic format commonly used options and commands are as follows:
Application examples:
[root@centos01 ~]# gpasswd -a bob benet<!--将用户加入到组中(自行创建bob用户)-->
正在将用户“bob”加入到“benet”组中
[root@centos01 ~]# tail -2 /etc/group
tom:x:1002:
benet:x:1003:bob
[root@centos01 ~]# gpasswd -M tom,lisi benet <!--批量添加用户到benet组中 -->
[root@centos01 ~]# tail -2 /etc/group
benet:x:1003:tom,lisi
lisi:x:1004:
[root@centos01 ~]# gpasswd -d tom benet <!--将tom用户退出benet组-->
正在将用户“tom”从“benet”组中删除
[root@centos01 ~]# tail -2 /etc/group
benet:x:1003:lisi
lisi:x:1004:
4, delete group accounts groupdel
The basic format of the command to delete the group accounts as follows:
Application examples:
[root@centos01 ~]# groupdel benet <!--删除benet组-->
5. When you add user accounts specified group
useradd command "-g" substantially option specifies the group name of the user (number or GID); - a user option to specify a "G" additional set name (number or GID).
Application examples:
<!--创建bob用户,管理组为root,附加组为root,指定宿主目录为/bob-->
[root@centos01 ~]# useradd -d /bob -g root -G root bob
[root@centos01 ~]# tail -2 /etc/passwd
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
bob:x:1001:0::/bob:/bin/bash
6, query account information
1) id command
id to query a user identity; basic command syntax is as follows:
Application examples:
[root@centos01 ~]# id bob <!--查看用户的详细信息-->
uid=1003(bob) gid=0(root) 组=0(root),1005(benet)
2) groups command
groups command to query the user belongs; basic command syntax is as follows:
Application examples:
[root@centos01 ~]# groups bob <!--查询用户所属组-->
bob : root benet
3) finger command
For more information about the finger command to query the user account for; basic command syntax is as follows:
4) users, w and who command
users, w, and who command queries the user information logged into the host. Application examples are as follows:
[root@centos01 ~]# users
root
[root@centos01 ~]# w
01:57:23 up 53 min, 1 user, load average: 0.00, 0.01, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.100.254 01:04 3.00s 0.05s 0.00s w
[root@centos01 ~]#
[root@centos01 ~]# who
root pts/0 2020-01-17 01:04 (192.168.100.254)