Linux User & User Group Management

Keywords: Linux bash server

1. Users & User Groups

Linux is a multi-user and multi-task operating system. The Linux system supports multiple users to log on at the same time. Different users can perform different tasks within their permissions without affecting each other.

Corresponding relationships between users and user groups:

  • One-to-one: A user can exist in a user group and be the only member in the group
  • One-to-many: A user can exist in more than one user group, which has common permissions
  • Many-to-one: Multiple users may exist in a group that has the same permissions as the group
  • Many-to-many: Multiple users can exist in multiple groups

2. User Management

Common user management commands for Linux: useradd, usermod, userdel, passwd

useraddCreate User
usermodModify User
userdeldelete user
passwdModify user password

2.1 useradd

Syntax format: useradd [options] username

Function description: New users, self-built user UID s since 1000

Option parameters:

-u UIDUID of the specified user
-d Home DirectorySpecify the user's home directory (absolute path)
-c User DescriptionSpecifies the descriptive content of the fifth field of each user's information in the /etc/passwd file, which can be configured at will
-g group nameInitial group of the specified user
-G Group NameAdditional groups for specified users
-s shellLogin Shell for the specified user, default is/bin/bash
-e DateSpecify the expiration date for the user in the format "YYYY-MM-DD" (equivalent to the eighth field of the / etc/shadow file)
-oAllow users to be created with the same UID
-mForce the user's home directory to be created when the user is created (default option)
-rCreate a system user, that is, a user whose UID is between 1 and 499 for use by system programs

🌟 Default Configuration: Use useradd-D to view default values for new users

[root@joel ~]# useradd -D

# Default group for new users
# Default location of user home directory
# Set grace days after password expires, -1 is permanent
# Set the password expiration time, blank means permanent
# Set the default Shell s for new users to be/bin/bash
# After setting up a new user, the profile that needs to be copied into the user's home directory
# Set up a mailbox file for new users at / var/spool/mail/

🌟 Extension command: useradd-D [options] parameter (modify configuration file)

  1. -b HOME: Set the location of the home directory where the user was created (absolute path), such as useradd-D-b/home
  2. -e EXPIRE: Set the password expiration time in yyyy-MM-dd format, such as useradd-D-e 2021-11-12
  3. -f INACTIVE: Set grace days for password expiration, such as useradd-D-f 7
  4. -g GROUP: Set the initial group of new users
  5. -s SHELL: Set the default shell for new users

Case demo:

When creating a new user JOEL:

  1. A line of data related to the JOEL user is created in the /etc/passwd file
  2. A password information related to the JOEL user is created in the / etc/shadow file
  3. A user group with the same name as JOEL is created in the / etc/group file
  4. A password information related to the new user group is created in the /etc/gshadow file
  5. Mailbox with the same name as JOEL under / var/spod/mail/path
  6. Copies the configuration file from the /etc/skel directory to the home directory of the JOEL user/home/JOEL
[root@joel ~]# useradd JOEL
[root@joel ~]# grep "JOEL" /etc/passwd /etc/shadow /etc/group /etc/gshadow 
# 1001 for UID, 1002 for GID, /home/JOEL for user home directory, /bin/bash for user's login Shell
# No password, so yes!!, 99999 represents the number of days the password will be valid, and 7 represents the grace days after the password expires

2.2 usermod

Syntax format: usermod [options] username

Function description: New users, self-built user UID s since 1000

Option parameters:

-cModify user's description information
-dModify the user's home directory
-eModify user's expiration date
-gModify the user's initial group
-uModify user's UID
-GModify additional groups of users
-IModify user's name
-LTemporary Lock User
-UUnlock User
-sModify user's login Shell

Case demo:

# Add JOEL to admin user group
[root@joel ~]# usermode -G amdin JOEL
[root@joel ~]# grep "JOEL" /etc/passwd
[root@joel ~]# grep "admin" /etc/group

2.3 userdel

Syntax format: userdel [options] username

Function description: Delete user

Option parameters:

-rDelete the user's home directory when deleting the user

Case demo:

[root@joel ~]# userdel -r JOEL

2.4 passwd

Syntax format: passwd [options] username

Function description: Set user password

Option parameters:

-SQuery the user password status, /etc/shadow file for the contents of this user password
-lLock the user temporarily and add'!'before specifying the user's encrypted password string in the / etc/shadow file
-uUnlock User
–stdinUser's password is the data output through the pipe character
-nSet how long it will take the user to change his or her password before he or she can change it again, that is, the fourth field of each row of passwords in the /etc/shadow file
-xSet the password validity period for the user, corresponding to the fifth field of each row of passwords in the / etc/shadow file
-wSet the number of warning days before user password expires, for the sixth field of each row password in the / etc/shadow file
-iSet the user password expiration date, corresponding to the 7th field of each line password in the / etc/shadow file

Case demo:

[root@joel ~]# passwd admin
Changing password for user admin.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
Sorry, passwords do not match.
[root@joel ~]# passwd -S admin
# User Name, Password, Set Time, Warning Time, Password Validity Period, Password Grace Time, Password Not Invalid
admin LK 2021-11-06 0 99999 7 -1 (Password locked.)

3. User Group Management

Common user group management commands for Linux: groupadd, groupmod, groupdel, gpasswd

3.1 groupadd

Syntax format: groupadd [options] user group name

Functional description: Add user groups

Option parameters:

-gSpecify GID
-rCreate System Groups

Case demo:

[root@joel ~]# groupadd -g 1003  groupdemo
[root@joel ~]# grep "groupdemo" /etc/group

3.2 groupmod

Syntax format: groupmod [options] user group name

Function description: Modify user groups

Option parameters:

-gModify GID
-nModify User Group Name

Case demo:

[root@joel ~]# groupmod -n grouptest groupdemo
[root@joel ~]# grep "grouptest" /etc/group

3.3 groupdel

Syntax format: groupdel user group name

Function description: Delete user groups

Case demo:

[root@joel ~]# groupdel grouptest
[root@joel ~]# grep "grouptest" /etc/group

3.4 gpasswd

Syntax format: gpasswd [options] user group name

Function description: User group configuration, configure a group administrator to complete user management within a group instead of root

Option parameters:

When the option is empty, the group is given a password, which is available only to root users
-A user1,...Give control of the group to user1,... Etc. user management, that is, set user1,... Etc. user as group administrator, only root user is available
-M user1,...Add user1,... To this group, only root users are available
-rRemove passwords for groups, available only to root users
-RInvalidate group password, available only to root users
-a userJoin user to group
-d userRemove user from group

Case demo:

[root@joel ~]# groupadd groupdemo

#  Set Password
[root@joel ~]# gpasswd groupdemo
Changing the password for group groupdemo
New Password: 
Re-enter new password: 
[root@joel ~]# useradd groupdemouser1

# Make groupdemouser1 the administrator of groupdemo
[root@joel ~]# gpasswd -A  groupdemouser1 groupdemo
[root@joel ~]# grep "groupdemouser1" /etc/group /etc/gshadow
[root@joel ~]# useradd groupdemouser2
[root@joel ~]# su groupdemouser1
[groupdemouser1@joel root]$ gpasswd -a groupdemouser2 groupdemo
Adding user groupdemouser2 to group groupdemo
[groupdemouser1@joel root]$ grep "groupdemouser2" /etc/group


❤️ END ❤️

Posted by Takuma on Fri, 12 Nov 2021 13:18:45 -0800