Shulou(Shulou.com)06/01 Report--

This article is about how to use the useradd command in Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Before we officially begin, I would like to mention three concepts. First of all, like most operating systems, Linux users need an account to log in. This article only introduces local accounts, not online accounts, such as LDAP. Second, each account has a name (username) and a corresponding number (user ID). Finally, each user is usually in a group, and each group has a name and a group ID.

As you may have thought, Linux provides a command-line tool to add users, which is the useradd command. Some versions are also called adduser. For ease of use, this command is a symbolic link to the useradd command in many distributions.

$file `which adduser` / usr/sbin/adduser: symbolic link to useradd

Take a look at useradd.

Note: the default environment described in this article is Red Hat Enterprise Linux 8.0. You may find that these files and some default values described in this article occasionally differ from some Linux distributions or other Unix operating systems (FreeBSD or Solaris).

Default processing

The basic use of useradd is fairly simple: you can add a user by providing a user name.

$sudo useradd sonny

In this example, the useradd command creates an account called sonny. This command also creates a group with the same name, and sonny is put into this group, which is also the main group of the sonny account. When the command is executed, there are other parameters, such as language and shell, depending on the settings in the configuration file / etc/default/useradd and / etc/login.defs. For a private system or a small single-service business environment, these parameters are sufficient.

The above two files control the processing of useradd, and the user's information is stored in some other files in the / etc directory, and the information is explained throughout the full text.

File description domain (bold means set by useradd command) passwd stores user account information username: unused: UID:GID: remarks: home directory: shellshadow stores security information of user account username: encrypted password: last modified time: minimum use days: maximum use days: warning days before modification: grace time after expiration: not using group storage group information group name: not enabled Custom processing with: GID: member list

When administrators need more control over their accounts, they can use the command line to customize them, such as specifying a user's ID.

User and group ID

By default, useradd tries to use the same user ID (UID) and primary group ID (GID), but not exactly. Although it is not necessary for UID to be the same as GID, it will be easier for administrators to manage if they are the same.

The following scenario is an example of how GID is different from UID. Now I'll add another account called Timmy. Compare the sonny and timmy accounts by using the getent command to show the two users and the corresponding primary group.

$getent passwd sonny timmysonny:x:1001:1002:Sonny:/home/sonny:/bin/bashtimmy:x:1002:1003::/home/timmy:/bin/bash $getent group sonny timmysonny:x:1002:timmy:x:1003:

Unfortunately, both UID and GID are different. Because the default processing is to create a user, assign the next available UID to the user, and then assign the same number to it as the primary group ID. However, when the group ID to be used is already in use, the next available GID is assigned to it. To find out the details, I guess that the 1001 GID has already been used, and confirm it with a command.

$getent group 1001book:x:1001:alan

The ID of book is 1001, so all newly created users have an offset of 1 for their GID. This is why the system administrator needs to set an instance of some more values during the user creation process. To solve this problem, I must first determine if the next available UID and GID are the same. When determining the next available value, you can use the getent group and getent passwd commands to pass the value you want to confirm through the-u parameter.

$sudo useradd-u 1004 bobby $getent passwd bobby; getent group bobbybobby:x:1004:1004::/home/bobby:/bin/bashbobby:x:1004:

Another scenario where you need to specify an ID is when accessing files on a remote system through NFS. For a given user, it is easier for the administrator to control when the ID of all NFS client and service systems are the same. I have a detailed introduction to mounting NFS using autofs in my article.

More customization

Some other parameters that specify user information are also used more frequently. Here are some general examples of parameters that you will often use.

Annotation

The comment option is an interpreted text field specified by the-c parameter, which can provide a short description or other information.

$sudo useradd-c "Bailey is cool" bailey$ getent passwd baileybailey:x:1011:1011:Bailey is cool:/home/bailey:/bin/bash group

A user can be assigned a primary group and multiple secondary groups. The-g parameter specifies the primary group name or GID. If not specified, useradd creates a primary group with the user name (demonstrated earlier). The-G (uppercase) parameter specifies the groups to which this user belongs with a comma-separated list of groups, which are secondary groups.

$sudo useradd-G tgroup,fgroup,libvirt milly$ id millyuid=1012 (milly) gid=1012 (milly) groups=1012 (milly), 981 (libvirt), 4000 (fgroup), 3000 (tgroup) Home Directory

The default processing for useradd is to create the user's home directory under the / home directory. However, the following parameters can overwrite the base directory of the home directory. -b set up another base directory where you can create a home directory. For example, specify / home2 instead of / home.

$sudo useradd-b / home2 vicky$ getent passwd vickyvicky:x:1013:1013::/home2/vicky:/bin/bash

The-d parameter can specify a home directory that is different from the user name.

$sudo useradd-d / home/ben jerry$ getent passwd jerryjerry:x:1014:1014::/home/ben:/bin/bash directory template

Specifying the-k parameter copies all files under the / etc/skel directory to the user's home directory when a new user is created. These files are usually shell configuration files, but of course they can be any files that the system administrator wants to use when creating a new user.

Shell

The-s parameter can specify shell. If not specified, the default shell is used. For example, in the following example, the shell defined in the configuration file is bash, but the user wally specifies zsh.

SHELL=/bin/bash $sudo useradd-s / usr/bin/zsh wally$ getent passwd wallywally:x:1004:1004::/home/wally:/usr/bin/zsh Security

Security is a top priority for user management, so the useradd command also provides a number of security options. You can use the-e parameter to specify the expiration time of a user in YYYY-MM-DD format.

$sudo useradd-e 20191231 sammy$ sudo getent shadow sammysam MYR: 18171 Flex 0R 999997Vol 20191231:

When the password expires, the account will automatically expire. The-f parameter specifies that the account expires several days after the password expires. If set to 0, it becomes invalid immediately.

$sudo useradd-f 30 willy$ sudo getent shadow willyWillyWillsWillsWillsWillsWillsWillsWillsWillsWillWillWillWillWillWillWillWillsWillWillWillWillWillWillWillWillWillWillWillsWillWillWillWillsWillyWillsWillyWillyWillyWillsWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWillyWilly30 willy$ sudo getent shadow WillywillyWillsWillyWillyWillsWillyWillyWillyWillWillWillWillWill

In a production environment, multiple parameters are used to create a user account. For example, to create a Perry account, I might use the following command:

$sudo useradd-u 1020-c "Perry Example"\-G tgroup-b / home2\-s / usr/bin/zsh\-e 20201201-f 5 perry

Look at the previous content to understand each option. Confirm the result with the following command:

$getent passwd perry; getent group perry; getent shadow perry; id perryperry:x:1020:1020:Perry exemplar perry gid=1020 gid=1020 (perry) groups=1020 (perry), 3000 (tgroup) thanks for your reading! This is the end of this article on "how to use useradd commands in Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.