Shulou(Shulou.com)06/01 Report--

Most people do not understand the knowledge points of this article "how to use Linux user groups", so the editor summarizes the following content, detailed content, clear steps, and has a certain reference value. I hope you can gain something after reading this article. Let's take a look at this "how to use Linux user groups" article.

One user, one user group?

In the Linux system, most user accounts are set to the same user name as the user group name. The user jdoe is assigned a user group named jdoe and becomes the only member of the new user group. As shown in this example, the user's login name, user id and user group id are added to the / etc/passwd and / etc/group files when creating a new account:

$sudo useradd jdoe$ grep jdoe / etc/passwdjdoe:x:1066:1066:Jane Doe:/home/jdoe:/bin/sh$ grep jdoe / etc/groupjdoe:x:1066:

The configuration in these files enables the system to convert between the two user id forms, text (jdoe) and number (1066)-- jdoe is 1006 and 1006 is jdoe.

The UID (user id) and GID (user group id) assigned to each user are usually the same and are incremented sequentially. If Jane Doe is the most recently added user in the above example, both the user id and the user group id assigned to the next new user are likely to be 1067.

GID = UID?

UID and GID may be inconsistent. For example, if you use the groupadd command to add a user group without specifying the user group id, the system will assign the next available user group id (in this case, 1067). The next user added to the system will have a UID of 1067 and a GID of 1068.

You can avoid this problem by specifying a smaller user group id when adding a user group instead of accepting the default value. In the following command, we add a user group and provide a GID that is less than the range of GID values used for user accounts.

$sudo groupadd-g 500 devops

You can specify a shared user group when creating an account, if this is more appropriate for you. For example, you might want to add new developers to the same DevOps user group instead of one user group per person.

$sudo useradd-g staff bennyg$ grep bennyg / etc/passwdbennyg:x:1064:50::/home/bennyg:/bin/sh primary and secondary user groups

There are actually two types of user groups: primary user group primary group and secondary user group secondary group.

The primary user group is the user group saved in the / etc/passwd file, which is configured when the account is created. When a user creates a file, the user's primary user group is associated with the file.

$whoamijdoe$ grep jdoe / etc/passwdjdoe:x:1066:1066:John Doe:/home/jdoe:/bin/bash ^ | +-main user group $touch newfile$ ls-l newfile-rw-rw-r-- 1 jdoe jdoe 0 Jul 16 15:22 newfile ^ | +-main user group

Those user groups that are joined once the user has an account are secondary user groups. The secondary user group membership is displayed in the / etc/group file.

$grep devops / etc/groupdevops:x:500:shs,jadep ^ | secondary user group of +-shs and jadep

The / etc/group file assigns a group name to the user group (for example, 500 = devops) and records the secondary user group members.

Preferred criteria

Each user is a member of his own primary user group and can be a member of any number of secondary user groups, a guideline that allows users to more easily separate personal files from files that need to be shared with colleagues. When a user creates a file, members of different user groups to which the user belongs do not necessarily have access. The user must associate the file with the secondary user group with the chgrp command.

Nowhere is as good as your own home catalog.

An important detail when adding a new account is that the useradd command does not necessarily add a home directory / home home directory for new users. If you only want to add a home directory to the user at some point, you can add the-m option to the useradd command (think of it as the "home" option).

$sudo useradd-m-g devops-c "John Doe" jdoe2

The options in this command are as follows:-m create a home directory and generate the initial file in it-g specify the user group to which the user belongs-c add account description information (usually the user's name) if you want to always create a home directory, you can edit the / etc/login.defs file to change the default working mode. Change or add the CREATE_HOME variable and set it to yes:

$grep CREATE_HOME / etc/login.defsCREATE_HOME yes

Another way is to set an alias with your own account so that useradd always has the-m option.

$alias useradd='useradd-m'

Be sure to add the alias to your ~ / .bashrc file or similar startup file to make it permanent.

Learn more about / etc/login.defs

The following command lists all the settings in the / etc/login.defs file. The following grep command hides all comments and blank lines.

$cat / etc/login.defs | grep-v "^ #" | grep-v "^ $" MAIL_DIR / var/mailFAILLOG_ENAB yesLOG_UNKFAIL_ENAB noLOG_OK_LOGINS noSYSLOG_SU_ENAB yesSYSLOG_SG_ENAB yesFTMP_FILE / var/log/btmpSU_NAME suHUSHLOGIN_FILE. Hushlogin ENV _ SUPATH PATH=/usr/local/sbin:/usr/local/bin: / usr/sbin:/usr/bin:/sbin:/binENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/gamesTTYGROUP ttyTTYPERM 0600ERASECHAR 0177KILLCHAR 025UMASK 022PASS_MAX_DAYS 99999PASS_MIN_DAYS 0PASS_WARN_AGE 7UID_MIN 1000UID_MAX 60000GID_MIN 1000GID_MAX 60000LOGIN_RETRIES 5LOGIN_TIMEOUT 60CHFN_RESTRICT rwhDEFAULT_HOME yesCREATE_HOME yes

Note that the various settings in this file determine the range of values for the user's id as well as the duration of the password and other settings (such as umask).

How to display the user groups to which a user belongs

Users may be members of multiple user groups for a variety of reasons. User group membership gives users access to files and directories owned by the user group, which is sometimes critical. To generate a list of the user groups to which a user belongs, use the groups command.

$groups jdoejdoe: jdoe adm admin cdrom sudo dip plugdev lpadmin staff sambashare

You can type the groups command with no arguments to list your own user groups.

How to add users to user groups

If you want to add an existing user to another user group, you can emulate the following command:

$sudo usermod-a-G devops jdoe

You can also specify a comma-separated list of user groups to add one user to more than one user group:

$sudo usermod-a-G devops,mgrs jdoe

The parameter-a means "add", and-G specifies the list of user groups.

You can edit the / etc/group file to remove the user name from the user group membership list, thereby removing the user from the user group. The usermod command may also have an option to remove a member from a user group.

Fish:x:16:nemo,dory,shark | the above Vfish:x:16:nemo,dory is about the article "how to use Linux user groups". I believe you all have some understanding. I hope the content shared by the editor will be helpful to you. If you want to learn more about related knowledge, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.