1. Users & User Groups
Linux is a multi-user and multi-task operating system. The Linux system supports multiple users to log on at the same time. Different users can perform different tasks within their permissions without affecting each other.
Corresponding relationships between users and user groups:
- One-to-one: A user can exist in a user group and be the only member in the group
- One-to-many: A user can exist in more than one user group, which has common permissions
- Many-to-one: Multiple users may exist in a group that has the same permissions as the group
- Many-to-many: Multiple users can exist in multiple groups
2. User Management
Common user management commands for Linux: useradd, usermod, userdel, passwd
| command | describe |
|---|---|
| useradd | Create User |
| usermod | Modify User |
| userdel | delete user |
| passwd | Modify user password |
2.1 useradd
Syntax format: useradd [options] username
Function description: New users, self-built user UID s since 1000
Option parameters:
| option | describe |
|---|---|
| -u UID | UID of the specified user |
| -d Home Directory | Specify the user's home directory (absolute path) |
| -c User Description | Specifies the descriptive content of the fifth field of each user's information in the /etc/passwd file, which can be configured at will |
| -g group name | Initial group of the specified user |
| -G Group Name | Additional groups for specified users |
| -s shell | Login Shell for the specified user, default is/bin/bash |
| -e Date | Specify the expiration date for the user in the format "YYYY-MM-DD" (equivalent to the eighth field of the / etc/shadow file) |
| -o | Allow users to be created with the same UID |
| -m | Force the user's home directory to be created when the user is created (default option) |
| -r | Create a system user, that is, a user whose UID is between 1 and 499 for use by system programs |
🌟 Default Configuration: Use useradd-D to view default values for new users
[root@joel ~]# useradd -D # Default group for new users GROUP=100 # Default location of user home directory HOME=/home # Set grace days after password expires, -1 is permanent INACTIVE=-1 # Set the password expiration time, blank means permanent EXPIRE= # Set the default Shell s for new users to be/bin/bash SHELL=/bin/bash # After setting up a new user, the profile that needs to be copied into the user's home directory SKEL=/etc/skel # Set up a mailbox file for new users at / var/spool/mail/ CREATE_MAIL_SPOOL=yes
🌟 Extension command: useradd-D [options] parameter (modify configuration file)
- -b HOME: Set the location of the home directory where the user was created (absolute path), such as useradd-D-b/home
- -e EXPIRE: Set the password expiration time in yyyy-MM-dd format, such as useradd-D-e 2021-11-12
- -f INACTIVE: Set grace days for password expiration, such as useradd-D-f 7
- -g GROUP: Set the initial group of new users
- -s SHELL: Set the default shell for new users
Case demo:
When creating a new user JOEL:
- A line of data related to the JOEL user is created in the /etc/passwd file
- A password information related to the JOEL user is created in the / etc/shadow file
- A user group with the same name as JOEL is created in the / etc/group file
- A password information related to the new user group is created in the /etc/gshadow file
- Mailbox with the same name as JOEL under / var/spod/mail/path
- Copies the configuration file from the /etc/skel directory to the home directory of the JOEL user/home/JOEL
[root@joel ~]# useradd JOEL [root@joel ~]# grep "JOEL" /etc/passwd /etc/shadow /etc/group /etc/gshadow # 1001 for UID, 1002 for GID, /home/JOEL for user home directory, /bin/bash for user's login Shell /etc/passwd:JOEL:x:1001:1002::/home/JOEL:/bin/bash # No password, so yes!!, 99999 represents the number of days the password will be valid, and 7 represents the grace days after the password expires /etc/shadow:JOEL:!!:18943:0:99999:7::: /etc/group:JOEL:x:1002: /etc/gshadow:JOEL:!::
2.2 usermod
Syntax format: usermod [options] username
Function description: New users, self-built user UID s since 1000
Option parameters:
| option | describe |
|---|---|
| -c | Modify user's description information |
| -d | Modify the user's home directory |
| -e | Modify user's expiration date |
| -g | Modify the user's initial group |
| -u | Modify user's UID |
| -G | Modify additional groups of users |
| -I | Modify user's name |
| -L | Temporary Lock User |
| -U | Unlock User |
| -s | Modify user's login Shell |
Case demo:
# Add JOEL to admin user group [root@joel ~]# usermode -G amdin JOEL [root@joel ~]# grep "JOEL" /etc/passwd JOEL:x:1001:1002::/home/JOEL:/bin/bash [root@joel ~]# grep "admin" /etc/group admin:x:1000:JOEL
2.3 userdel
Syntax format: userdel [options] username
Function description: Delete user
Option parameters:
| option | describe |
|---|---|
| -r | Delete the user's home directory when deleting the user |
Case demo:
[root@joel ~]# userdel -r JOEL
2.4 passwd
Syntax format: passwd [options] username
Function description: Set user password
Option parameters:
| option | describe |
|---|---|
| -S | Query the user password status, /etc/shadow file for the contents of this user password |
| -l | Lock the user temporarily and add'!'before specifying the user's encrypted password string in the / etc/shadow file |
| -u | Unlock User |
| –stdin | User's password is the data output through the pipe character |
| -n | Set how long it will take the user to change his or her password before he or she can change it again, that is, the fourth field of each row of passwords in the /etc/shadow file |
| -x | Set the password validity period for the user, corresponding to the fifth field of each row of passwords in the / etc/shadow file |
| -w | Set the number of warning days before user password expires, for the sixth field of each row password in the / etc/shadow file |
| -i | Set the user password expiration date, corresponding to the 7th field of each line password in the / etc/shadow file |
Case demo:
[root@joel ~]# passwd admin Changing password for user admin. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: Sorry, passwords do not match.
[root@joel ~]# passwd -S admin # User Name, Password, Set Time, Warning Time, Password Validity Period, Password Grace Time, Password Not Invalid admin LK 2021-11-06 0 99999 7 -1 (Password locked.)
3. User Group Management
Common user group management commands for Linux: groupadd, groupmod, groupdel, gpasswd
3.1 groupadd
Syntax format: groupadd [options] user group name
Functional description: Add user groups
Option parameters:
| option | describe |
|---|---|
| -g | Specify GID |
| -r | Create System Groups |
Case demo:
[root@joel ~]# groupadd -g 1003 groupdemo [root@joel ~]# grep "groupdemo" /etc/group groupdemo:x:1003:
3.2 groupmod
Syntax format: groupmod [options] user group name
Function description: Modify user groups
Option parameters:
| option | describe |
|---|---|
| -g | Modify GID |
| -n | Modify User Group Name |
Case demo:
[root@joel ~]# groupmod -n grouptest groupdemo [root@joel ~]# grep "grouptest" /etc/group grouptest:x:1003:
3.3 groupdel
Syntax format: groupdel user group name
Function description: Delete user groups
Case demo:
[root@joel ~]# groupdel grouptest [root@joel ~]# grep "grouptest" /etc/group
3.4 gpasswd
Syntax format: gpasswd [options] user group name
Function description: User group configuration, configure a group administrator to complete user management within a group instead of root
Option parameters:
| option | describe |
|---|---|
| When the option is empty, the group is given a password, which is available only to root users | |
| -A user1,... | Give control of the group to user1,... Etc. user management, that is, set user1,... Etc. user as group administrator, only root user is available |
| -M user1,... | Add user1,... To this group, only root users are available |
| -r | Remove passwords for groups, available only to root users |
| -R | Invalidate group password, available only to root users |
| -a user | Join user to group |
| -d user | Remove user from group |
Case demo:
[root@joel ~]# groupadd groupdemo # Set Password [root@joel ~]# gpasswd groupdemo Changing the password for group groupdemo New Password: Re-enter new password: [root@joel ~]# useradd groupdemouser1 # Make groupdemouser1 the administrator of groupdemo [root@joel ~]# gpasswd -A groupdemouser1 groupdemo [root@joel ~]# grep "groupdemouser1" /etc/group /etc/gshadow /etc/group:groupdemouser1:x:1003: /etc/gshadow:groupdemo:$6$aiKcsEFQv$WA28tABqOdTnjz67I91CyZiME0okjes2V/mzyZj/e7FtbbLLvJrD4gPinJu8C.sa8.mmX9xUnPbdJC7XVQe7t/:groupdemouser1: /etc/gshadow:groupdemouser1:!::
[root@joel ~]# useradd groupdemouser2 [root@joel ~]# su groupdemouser1 [groupdemouser1@joel root]$ gpasswd -a groupdemouser2 groupdemo Adding user groupdemouser2 to group groupdemo [groupdemouser1@joel root]$ grep "groupdemouser2" /etc/group groupdemo:x:1002:groupdemouser2 groupdemouser2:x:1004:
❤️ END ❤️