Shulou(Shulou.com)06/02 Report--

In this article, the editor introduces in detail "what are the commands for linux user management", the content is detailed, the steps are clear, and the details are handled properly. I hope that this article "what are the commands for linux user management" can help you solve your doubts? let's follow the editor's ideas to learn new knowledge.

This article summarizes some commands and parameters commonly used by Linux to add or remove users and user groups.

1. Build users:

Adduser phpq / / New phpq user

Passwd phpq / / set a password for phpq users

2. Set up a working group

Groupadd test / / create a new test working group

3. Add workgroups to new users at the same time

Useradd-g test phpq / / create a new phpq user and add to the test workgroup

Note:-g belongs to the group-d home directory-s SHELL used

4. Add workgroups to existing users

Usermod-G groupname username (this removes users from other groups)

Usermod-a groupname username

Or: gpasswd-a user group

If a user is added, a group is added, and then all the people in this group can sudo to the public account.

You can create a file under / etc/sudoers.d as follows, so that all users of the etl group can cut to the etl user without a password.

% etl ALL= (ALL) NOPASSWD: / bin/su etl

% etl ALL= (ALL) NOPASSWD: / bin/su-etl

For sudo, please refer to http://www.cnblogs.com/xd502djj/p/6641475.html.

5. Temporarily close: add * to the second field (password) of the line belonging to the user in the / etc/shadow file. If you want to restore the user, just remove *.

Or use the following command to close the user account:

Passwd peter-l

Re-release:

Passwd peter-u

6. Permanently delete user accounts

Userdel peter

Groupdel peter

Usermod-G peter peter (forces the deletion of all files and subdirectories under the user's home directory and home directory)

7. Remove a user from a group

Edit / etc/group to find the line GROUP1 and delete A.

Or use orders.

Gpasswd-d A GROUP

8. Display user information

Id user

Cat / etc/passwd

For more detailed explanations of users and user groups, please refer to

Detailed explanation of Linux users and user groups

This paper mainly describes the corresponding concepts of user (user) and user group (group) management in Linux system; the enumeration of commands related to user (user) and user group (group); it also explains single-user multi-task and multi-user multi-task.

This article comes from the original link to PHP information: http://www.phpq.net/linux/linux-add-delete-user-group.html

Overview of Linux user (user) and user Group (group) Management

Understand Linux's concepts of single-user multi-task, multi-user multi-task

Linux is a multi-user and multi-task operating system; we should understand the concepts of single-user multi-task and multi-user multi-task.

1. Single user and multi-task of Linux

Single user multitasking; for example, we log in to the system as beinan, and after entering the system, I want to open gedit to write documents, but in the process of writing documents, I feel that there is less music, so I turn on xmms to have some music; of course, it is not enough to listen to some music, MSN still has to open, want to know what several brothers are doing now, so, when I log in with beinan users, I execute gedit, xmms and msn, and of course, the input method fcitx It's a little simple to say that a beinan user performs several tasks in order to get the job done; of course, the beinan user, other people can log in remotely and do other tasks.

2. Multi-user and multi-task of Linux

Sometimes it is possible that many users use the same system at the same time, but not all users have to do the same thing, so it is said that there are multiple users and multiple tasks.

For example, for a LinuxSir.Org server, there are FTP users, system administrators, web users, regular users, etc. At the same time, some brothers may be visiting the forum; some may be uploading software package management substations, such as luma or Yuking brothers, who are managing their home system and FTP; at the same time, there may also be system administrators maintaining the system. Nobody users are used to browse the home page, and everyone uses the same user, while FTP users are used to upload software packages; administrators may use ordinary accounts or super privilege root accounts to maintain or view the system; different users have different permissions, and different users need different users to accomplish different tasks, or different users may complete different tasks.

It is worth noting that multi-user multi-task is not when everyone joins the keyboard and monitor of a machine at the same time to operate the machine. Multi-user may do it through remote login, such as remote control of the server. As long as anyone has user rights, anyone can go up and operate or access it.

3. Distinguishing the roles of users

Users are divided into roles in the system, and in the Linux system, due to different roles, permissions and tasks are also different. it is worth noting that users' roles are identified through UID, especially UID; in system management, the system administrator must adhere to the unique characteristics of UID.

Root user: the system is unique, is real, can log in to the system, can operate any file and command, and has the highest permissions

Virtual users: these users are also called pseudo users or fake users, which are distinguished from real users. These users do not have the ability to log in to the system, but they are indispensable users for the operation of the system, such as bin, daemon, adm, ftp, mail, etc. These users are owned by the system itself, not added later. Of course, we can also add virtual users.

Ordinary real users: these users can log in to the system, but can only operate the contents of their own home directory; their permissions are limited; these users are added by the system administrator himself.

4. Security of multi-user operating system

In fact, multi-user system is more convenient for system management. From a security point of view, a multi-user managed system is more secure. For example, a file under the beinan user does not want other users to see, but only set the permissions of the file. Only beinan can read, write and edit. In this way, only beinan can operate on its private files. Linux performs best under multiple users, and Linux can protect the security of each user. But we also have to learn that Linux is a secure system, which is not secure without security-conscious administrators or management techniques.

From the server point of view, multi-user system security is also the most important. Our commonly used Windows operating system can only be said to be general in terms of rights management. There is no way to compare with Linux or Unix systems.

II. User (user) and user group (group) concepts

1. The concept of user

Through the previous understanding of Linux multi-user, we understand that Linux is a real multi-user operating system, so we can build several users (user) in Linux system. For example, our colleague wants to use my computer, but I don't want him to log in with my user name, because there are materials and information under my user name that I don't want others to see (that is, private content). Then I can create a new user name for him and let him use my user name to deal with it, which is in line with the operating rules from the point of view of computer security.

Of course, the concept of user is not limited to that. There are also some users in the Linux system who are used to accomplish specific tasks, such as nobody and ftp. When we visit the web program of LinuxSir.Org, we are nobody users; when we visit ftp anonymously, we use the user ftp or nobody; if you want to know some accounts of the Linux system, please check / etc/passwd

2. The concept of user group (group)

A group is a collection of users with the same characteristics (user) For example, sometimes we want multiple users to have the same permissions, such as viewing or modifying a file or executing a command, then we need a user group, and we define all users to the same user group. By modifying the permissions of the file or directory, let the user group have certain operation rights, so that the users under the user group have the same permissions on the file or directory. This is achieved by defining groups and modifying file permissions.

For example: in order to give some users the right to view a certain document, such as a schedule, and the person who wrote the schedule should have read and write permission, we want some users to know the contents of the schedule and not let them modify it. So we can put these users into a group, and then modify the permissions of the file to make the user group readable. So that every user under the user group is readable

The corresponding relationship between users and user groups is one-to-one, many-to-one, one-to-many or many-to-many.

One-to-one: a user can be the only member of a group

Many-to-one: multiple users can be members of a unique group and do not belong to other user groups; for example, beinan and linuxsir only belong to the beinan user group

One-to-many: a user can be a member of multiple user groups; for example, beinan can be a member of a root group, a linuxsir user group, or an adm user group

Many-to-many: multiple users correspond to multiple user groups, and several users can belong to the same group; in fact, the many-to-many relationship is an extension of the first three; after understanding the above three, this one can also be understood

Configuration files, commands or directories related to users (user) and user groups (group)

1. Profiles related to users (user) and user groups (group)

1) profile related to the user (user)

/ etc/passwd Note: profile of user (user)

/ etc/shadow Note: user (user) shadow password file

2) configuration files related to user groups (group)

/ etc/group Note: user Group (group) profile

/ etc/gshadow Note: shadow file of user group (group)

2. Tools or commands for managing users (user) and user groups (group)

1) tools or commands for managing users (user)

Useradd Note: add user

Adduser Note: add user

Passwd Note: set the password for the user

Usermod Note: modify user commands, you can use usermod to modify login, user's home directory, and so on.

Pwcov Note: synchronize users from / etc/passwd to / etc/shadow

Pwck Note: pwck verifies whether the contents of the user profile / etc/passwd and / etc/shadow files are legal or complete

Pwunconv Note: it is a vertical reverse operation of pwcov, which creates / etc/passwd from / etc/shadow and / etc/passwd, and then deletes the / etc/shadow file

Finger Note: view user Information tool

Id Note: check the user's UID, GID and the user group to which they belong

Chfn Note: change user Information tool

Su Note: user switching tool

Sudo Note: sudo executes commands (execute a command as another user) through another user, su is used to switch users, and then completes the corresponding tasks by switching to users, but sudo can directly execute commands later, for example, sudo does not need root password to execute root assigned execution, only root can execute corresponding commands; but it has to be edited / etc/sudoers through visudo.

Visudo Note: visodo is the command for editing / etc/sudoers; you can also use vi to edit / etc/sudoers directly without this command.

Sudoedit Note: similar to sudo function

2) tools or commands for managing user groups (group)

Groupadd Note: add a user group

Groupdel note: delete a user group

Groupmod Note: modify user group information

Groups note: displays the user group to which the user belongs

Grpck

Grpconv Note: synchronize or create / etc/gshadow through the file contents of / etc/group and / etc/gshadow, or create / etc/gshadow if / etc/gshadow does not exist

Grpunconv Note: synchronize or create / etc/group with the contents of / etc/group and / etc/gshadow files, and then delete the gshadow file

3. / etc/skel directory

The / etc/skel directory is generally the directory where the user startup files are stored. This directory is controlled by root permissions. When we add users, the files in this directory are automatically copied to the newly added user's home directory; the files in the / etc/skel directory are all hidden files, that is, similar to the .file format. We can provide users with a unified, standard and default user environment by modifying, adding and deleting files in the / etc/skel directory.

[root@localhost beinan] # ls-la / etc/skel/

Total dosage 92

Drwxr-xr-x 3 root root 4096 August 11 23:32.

Drwxr-xr-x 115 root root 12288 October 14 13:44..

-rw-r--r-- 1 root root 24 May 11 00:15. Bash _ logout

-rw-r--r-- 1 root root 191 May 11 00:15. Bash _ profile

-rw-r--r-- 1 root root 124 May 11 00:15 .bashrc

-rw-r--r-- 1 root root 5619 2005-03-08 .canna

-rw-r--r-- 1 root root 438 May 18 15:23. Emacs

-rw-r--r-- 1 root root 120 May 23 05:18 .gtkrc

Drwxr-xr-x 3 root root 4096 August 11 23:16. KDE

-rw-r--r-- 1 root root 658 2005-01-17 .zshrc

The files under the / etc/skel directory are usually copied to the home directory of the newly added user (user) automatically when we use the useradd and adduser commands to add users (user). If we add users by modifying / etc/passwd, we can create the user's home directory ourselves, then copy the files under / etc/skel to the user's home directory, and then use chown to change the owner of the new user's home directory.

4. / etc/login.defs configuration file

The / etc/login.defs file is some planning when creating a user, such as whether a home directory is required when creating a user, the scope of UID and GID, the duration of the user, and so on. This file can be defined through root.

For example, the contents of the / etc/logins.defs file of Fedora

# * REQUIRED*

# Directory where mailboxes reside, _ or_ name of file, relative to the

# home directory. If you _ do_ define both, MAIL_DIR takes precedence.

# QMAIL_DIR is for Qmail

#

# QMAIL_DIR Maildir

MAIL_DIR / var/spool/mail Note: when creating a user, create a user mail file in the directory / var/spool/mail

# MAIL_FILE .mail

# Password aging controls:

#

# PASS_MAX_DAYS Maximum number of days a password may be used.

# PASS_MIN_DAYS Minimum number of days allowed between password changes.

# PASS_MIN_LEN Minimum acceptable password length.

# PASS_WARN_AGE Number of days warning given before a password expires.

#

PASS_MAX_DAYS 99999 Note: the maximum number of days that a user's password does not expire

PASS_MIN_DAYS 0 Note: the minimum number of days between password changes

PASS_MIN_LEN 5 Note: minimum password length

PASS_WARN_AGE 7 Note:

#

# Min/max values for automatic uid selection in useradd

#

UID_MIN 500Note: the minimum UID is 500. that is to say, when adding users, UID starts at 500th.

UID_MAX 60000 Note: maximum UID is 60000

#

# Min/max values for automatic gid selection in groupadd

#

GID_MIN 500Note: GID starts at 500th.

GID_MAX 60000

#

# If defined, this command is run when removing a user.

# It should remove any at/cron/print jobs etc. Owned by

# the user to be removed (passed as the first argument).

#

# USERDEL_CMD / usr/sbin/userdel_local

#

# If useradd should create home directories for users by default

# On RH systems, we do. This option is ORed with the-m flag on

# useradd command line.

#

CREATE_HOME yes Note: whether to create a user's home directory is required.

5. / etc/default/useradd file

Rules file when adding users through useradd

# useradd defaults file

GROUP=100

HOME=/home Note: build the user's home directory in / home

INACTIVE=-1 Note: whether to enable account expiration suspension.-1 means it is not enabled.

EXPIRE= Note: account termination date. If not set, it will not be enabled.

SHELL=/bin/bash Note: type of SHELL used

SKEL=/etc/skel Note: the default directory for adding users is the default location of files; that is, when we add users with adduser, all the files in the user's home directory are copied from this directory.

After reading this, the article "what are the commands for linux user management" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself to understand it. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.