Linux user management: create users, delete users, manage users, user configuration

Philosophy of life 2020-11-09 10:49:56
linux user management create users

One . About users

​ Users generally refer to people who use computers , The computer gives a specific name to everyone who uses it , Users can use these names to log in and use the computer , except

Outside the crowd , Some system services also need to run with a user account with partial privileges ; So for safety reasons , User management came into being , It explicitly limits the use of

jurisdiction ,root Have the highest privilege in computer , Therefore, it is only used for management , Non privileged users can access the SU or SUDO The program gains privileges in the near future .

​ GNU/Linux User control is achieved through user access groups , Includes access to files , Control of equipment use .

​ Individuals can have many accounts , It's just different names , such as root The name is already occupied and cannot be used again , Besides , Any user may belong to a user group , This user

You can join some existing groups to gain privileges for that group .

​ GNU/Linux Every file in the system belongs to a user ( Belong to ) And a user group ( Generic group ).

​ Files have three types of access rights : read (read)、 Write (write)、 function (execute). We can target the owner of the file 、 Generic group 、 And set the corresponding access rights


​ We can go through ls perhaps stat Command query file owner 、 Membership group and permission

# You can see passwd The file's access rights are -rw-r--r--, User is root, User group is root
[root@node5 ~]# ls -l /etc/passwd
-rw-r--r-- 1 root root 1447 Oct 13 15:15 /etc/passwd
#stat The command displays more detailed information
[root@node5 ~]# stat /etc/passwd
File: ‘/etc/passwd’
Size: 1447 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 17664215 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-10-13 15:20:01.164284250 +0800
Modify: 2020-10-13 15:15:22.754277347 +0800
Change: 2020-10-13 15:15:22.755277347 +0800
Birth: -

Two . Three types of users

linux There are three types of users in :

  • ​ The super user (root):root Have the highest management authority of the system ,uid=0
  • ​ Ordinary users : from centos7 Start , System user's UID by 1-999,centos6 Of the system users UID by 1-499, from centos7 Start , Local users UID from 1000 Start ,centos6 Local users of UID from 500 Start . among UID Is the identity of each user , Similar to everyone's ID number. .
  • ​ Virtual user : Also known as pseudo users , It will not be used to log in to the system , It is mainly used to maintain the normal operation of a service . Such as :ftp,apache service .

3、 ... and . User related profile details

Profile name Configuration file storage path Configuration file details
User profile /etc/passwd The basic properties of each user are recorded , And it is readable to all users , Each record line corresponds to a user , Each row of records is separated by a colon
User group file /etc/group All information storage places of user groups , Group name cannot be duplicate
User password information file /etc/shadow because /etc/passwd The file is readable to all users , For security, change the password from passwd Separate it out and put it in this separate file , This document has only root The user has read permission , So as to ensure the password security

1./etc/passwd Meaning of each field :


[root@node5 ~]# tail -1 /etc/passwd
#elk: user name
#x: Password placeholder
#1001: User UID, It's all in numbers
#1001: Of the group to which the user belongs GID, It's all in numbers
# User description information : Give a brief description of the user's function or other
#/opt/elk: User home directory / Home directory
#/bin/bash: It is used by default after the user logs in to the system shell
# Expand , Check the system , What support shell
[root@node5 ~]# cat /etc/shells

2./etc/shadow Meaning of each field


[root@node5 ~]# grep root /etc/shadow

/etc/shadow Detailed description of each field

name title of account , This must be a valid account name in the system
password Encrypted password , It's divided into three parts , The first part is to show which hash algorithm to use ; The second part is used to encrypt hash salt; The third part is the encrypted hash
The hash algorithm :$1 Express MD5 ; $6 Express SHA-512 ; $5 SHA-256
lastchange Date of last password change , With distance 1970/1/1 The number of days
min-age Minimum number of days a password cannot be changed , It can be changed a few days after the latest change ; If 0 Express “ Minimum period requirement ”
maxage Password expiration time , Maximum number of days before password must be changed
warning Warning period when password is about to expire , In days ,0 Express “ No warning provided ”
inactive Grace days , After password expiration
expire Account expiration time , With distance 1970/1/1 Days calculation of ( The millennium bug )
blank Reserved fields

3./etc/group Detailed description of each field

[elk@node5 ~]$ tail -4 /etc/group
# First field : Group name , The name of the user group , Group name cannot be duplicate
# Second field : Password placeholder , The password exists /etc/gshadow in
# Third field : Group identification number gid, This gid The number is and /etc/passwd Corresponding to group ID in
# Fourth field : List of users in the group , There can be multiple users , Multiple users are separated by commas

4. There are two files that control the addition of user rules ,/etc/default/useradd and /etc/login.defs

[root@node5 ~]# ls /etc/default/useradd
[root@node5 ~]# ls /etc/login.defs
#egrep -v "^$|^#" It means to filter out empty lines and # Beginning line
[root@node5 ~]# egrep -v "^$|^#" /etc/login.defs
MAIL_DIR /var/spool/mail
UID_MIN 1000 # Local users UID from 1000 Start
UID_MAX 60000 # Local users UID Maximum
GID_MIN 1000 #GID from 1000 Start
GID_MAX 60000 #GID The maximum of
CREATE_HOME yes # Set up for user home Catalog
ENCRYPT_METHOD SHA512 #shadow File encryption algorithm
[root@node5 ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100 # Indicates that normal groups can be created ,users Group ID by 100. Without this one , Or you put users This group has been deleted , When you create a user again , Will prompt :#useradd: group '100' does not exist
HOME=/home # Specify user home directory , If you don't want the user's home directory in /home Next , You can change this place .
INACTIVE=-1 # Do you want to enable account expiration .passwd Document No. 7 bar . namely : Whether the password will be invalid after expiration  .INACTIVE: Invalid .-1 Means to enable
EXPIRE= # Account termination date shadow pass the civil examinations 8 bar . Date of account expiration   Namely shadow Eighth field in , You can directly set the date after which the account will be invalid ,# And ignore the password problem . This configuration item is not normally set , But if it's a paid membership system , Maybe this field can be set !
SHELL=/bin/bash # Specifies the default shell type
SKEL=/etc/skel # The template directory
CREATE_MAIL_SPOOL=yes # Do you want to create a mailbox file

Four . Create user

1. Create users to use useradd command , The format of the command is :useradd -d -u “UID” -g " The initial set of " -G " Additional group " -s " Landed shell” user

#useradd Command parameter description
#-d:-d User home directory path , Specify user home directory
#-M: Do not create the user's home directory
#-g: Set the name or number of the user's initial group ID; The group must exist ; If this option is not set ,useradd Will be based on /etc/login.defs In file
#USERGROUPS_ENAB Environment variables . Default USERGROUPS_ENAB yes Will create a group with the same name as the user name ,GID be equal to UID
#-G: List of additional groups that users want to join ; Separate groups with commas , Do not add spaces ; If not set , Users only join the initial group .( Only one primary group is allowed for a user , How much # Sub groups )
#-s: User login by default shell The path of ; After the start-up process , Login started by default shell Set here ; Please make sure to use shell Is already installed , The default is  Bash. Sometimes # To prevent some users from performing login actions , For example, the user used to perform system services . take shell Set to  /sbin/nologin You can disable users from logging in .
# Expand ,useradd Other USES
useradd [-d home] [-s shell] [-c comment] [-m [-k template]] [-f inactive] [-e expire ] [-p passwd] [-r] name
# Parameter description
#-c: Add remarks ( Add notes ), Note text is saved in passwd In the remarks column .
#-d: Specify the home directory when the user logs in , Replace system defaults /home/< user name >
#-D: Change the default value .
#-e: Specify the expiration date of the account , The date format is MM/DD/YY, for example 06/30/12. The default means permanent .
#-f: Specify how many days after the password expires to close the account . If 0 The account was immediately deactivated ; If -1 Then the account is always available . The default value is -1.
#-g: Specify the group to which the user belongs . Value can make the group name GID. The user group must already exist , The default value of period is 100, namely users.
#-G: Specify the additional group to which the user belongs .
#-m: Automatically create user login directory .
#-M: Do not automatically create the user's login directory .
#-n: Cancel the creation of a group named by user name .
#-r: Set up a system account .
#-s: Specify the... Used by the user after login shell. The default value is /bin/bash.
#-u: Designated user ID Number .

2. establish elk Account ,elk Our home directory is /opt/elk,UID by 1001, The subsidiary group was esnode,postgres,root, Default login shell by bash

[root@node5 ~]# useradd -d /opt/elk -u 1001 -g 1001 -G esnode,postgres,root -s /bin/bash elk
useradd: group '1001' does not exist
#-g: Set the name or number of the user's initial group ID; The group must exist , Default GID be equal to UID
[root@node5 ~]# useradd -d /opt/elk -u 1001 -G esnode,postgres,root -s /bin/bash elk
#id see elk User uid,gid,groups
[root@node5 ~]# id elk
uid=1001(elk) gid=1001(elk) groups=1001(elk),0(root),26(postgres),8001(esnode)
[root@node5 ~]# tail -1 /etc/passwd
#elk Hidden files in user's home directory
[root@node5 ~]# ls /opt/elk/ -a
. .. .bash_logout .bash_profile .bashrc .kshrc .zshrc
# If a group has more than one member , We can be in /etc/group The last field in the file
[root@node5 ~]# tail -4 /etc/group
# Switch to elk user , And go to the home directory
[root@node5 ~]# su - elk
[elk@node5 ~]$ pwd
[elk@node5 ~]$ ls
# sign out elk user
[elk@node5 ~]$ exit

3. establish logstash Account , But you don't create a home directory

[root@node5 ~]# useradd -M logstash
[root@node5 ~]# id logstash
uid=8002(logstash) gid=8002(logstash) groups=8002(logstash)
[root@node5 ~]# tail -1 /etc/passwd
#/etc/passwd Although it exists /home/logstash Home directory , But no home directory was created
[root@node5 ~]# ls /home/logstash
ls: cannot access /home/logstash: No such file or directory
[root@node5 ~]# tail -1 /etc/group

4. establish es Account , Also on es Account notes

#-c: Add remarks ( Add notes ), Note text is saved in passwd In the remarks column .
[root@node5 ~]# useradd -c "es The account of " es
[root@node5 ~]# id es
uid=8003(es) gid=8003(es) groups=8003(es)
[root@node5 ~]# tail -1 /etc/passwd
es:x:8003:8003:es The account of :/home/es:/bin/bash

5. Create users in addition to using useradd, You can also use adduser,

[root@node5 ~]# which useradd
[root@node5 ~]# which adduser
# You can see adduser It's just useradd The soft links
[root@node5 ~]# ll -h /usr/sbin/adduser
lrwxrwxrwx. 1 root root 7 Apr 26 2019 /usr/sbin/adduser -> useradd

5、 ... and . Set user password

1. Set user password interactively

# You can see that if a user is created , But there is no password ,/etc/shadow The second field of the file is used !! Express
[root@node5 ~]# tail -3 /etc/shadow
# Set up elk password
[root@node5 ~]# passwd elk
Changing password for user elk.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@node5 ~]# tail -3 /etc/shadow

2. A command to set the user password , No interaction

[root@node5 ~]# echo 123456 | passwd --stdin logstash
Changing password for user logstash.
passwd: all authentication tokens updated successfully.
[root@node5 ~]# tail -3 /etc/shadow

3. If you think the password is too troublesome , have access to mkpasswd Generate random password

# If you want to use mkpasswd, It needs to be installed in advance expect
[root@node5 ~]# yum -y install expect
[root@node5 ~]# which mkpasswd
#mkpasswd Parameter description of command :-l Password length -s Number of special characters -d Number of numbers
[root@node5 ~]# mkpasswd -l 12 -s 3 -d 2

4. If two users have the same password , that shadow Encrypted in hash Is it the same value ?

answer : Dissimilarity , because salt Dissimilarity .

6、 ... and . Delete user

Delete user use userdel, Add -r Parameter time , The user's home directory and /var/mail Directory below

[root@node5 ~]# ls /var/mail/
elk es esnode logstash nginx root rpc www
[root@node5 ~]#
[root@node5 ~]# userdel -r es
[root@node5 ~]#
[root@node5 ~]# ls /home/es
ls: cannot access /home/es: No such file or directory
[root@node5 ~]# ls /var/mail/
elk esnode logstash nginx root rpc www

7、 ... and . User password aging management

1.chage Command for password effectiveness management , It is used to change the expiration date of account number and password

2.chage Command parameter details

Parameters describe
-d Specify password last modified date , Date of last change , by 0 Indicates that the password is forced to be updated at the next login
-E The date the password will expire , After this day , This account will not be available ,0 It means that it will expire immediately ,-1 Never expire
-h Display help message and exit
-I( uppercase i) After the password expires , Number of days to lock account
-l List the validity period of users and passwords
-m The minimum number of days the password can be changed , Zero means the password can be changed at any time
-M The maximum number of days the password remains valid
-W Before the password expires , Number of days to receive warning messages in advance

8、 ... and . Commands for viewing user related information

Parameters describe
id View user and group information
whoami View current valid user name
who Displays the user information currently logged on to the system
w w The command is used to display a list of users who have logged into the system
users Used to display the user list of all users currently logged in to the system
[root@node5 ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@node5 ~]# whoami
[root@node5 ~]# who
esnode tty1 2020-10-14 00:38
root pts/0 2020-10-13 12:37 (
root pts/1 2020-10-13 12:37 (
[root@node5 ~]# w
00:39:35 up 6 days, 4:39, 3 users, load average: 0.00, 0.01, 0.05
esnode tty1 00:38 1:03 0.01s 0.01s -bash
root pts/0 Tue12 7.00s 0.55s 0.00s w
root pts/1 Tue12 6:23m 0.07s 0.07s -bash
[root@node5 ~]# users
esnode root root

Nine . Modify basic user information

1. Modify user's basic information usermod command , The format is :usermod 【 Parameters 】 user name

Parameters describe
-u Modify the user UID
-d Modify the user's home directory
-g Modify user start group
-G Modify user add-on groups
-s Modify user login shell
-L Lock user account
[root@node5 ~]# tail -1 /etc/passwd
[root@node5 ~]# id logstash
uid=8002(logstash) gid=8002(logstash) groups=8002(logstash)
# Modify the user UID
[root@node5 ~]# usermod -u 1002 logstash
[root@node5 ~]# id logstash
uid=1002(logstash) gid=8002(logstash) groups=8002(logstash)
# Modify user start group , Modify the user GID
[root@node5 ~]# usermod -g 1002 logstash
usermod: group '1002' does not exist
[root@node5 ~]# groupmod -g 1002 logstash
[root@node5 ~]# id logstash
uid=1002(logstash) gid=1002(logstash) groups=1002(logstash)
# Modify user login shell, Set up logstash No landing
[root@node5 ~]# usermod -s /sbin/nologin logstash
[root@node5 ~]# grep logstash /etc/passwd
# modify nginx The user's affiliate group is wheel
[root@node5 ~]# id nginx
uid=8000(nginx) gid=8000(nginx) groups=8000(nginx)
[root@node5 ~]# usermod -aG wheel nginx
[root@node5 ~]# id nginx
uid=8000(nginx) gid=8000(nginx) groups=8000(nginx),10(wheel)
[root@node5 ~]# grep wheel /etc/group

2. Change user home directory , And move the contents from the previous home directory to the new home directory

[root@node5 ~]# grep elk /etc/passwd
[root@node5 ~]# su - elk
Last login: Tue Oct 13 15:01:37 CST 2020 on pts/0
[elk@node5 ~]$ pwd
[elk@node5 ~]$ ls
[elk@node5 ~]$ mkdir -p a/b/c
[elk@node5 ~]$ touch a/test.txt
[elk@node5 ~]$ tree ./
└── a
├── b
│   └── c
└── test.txt
3 directories, 1 file
[elk@node5 ~]$ exit
#-m Option will automatically create a new directory and migrate the original content to the new directory
[root@node5 ~]# usermod -m -d /home/elk elk
[root@node5 ~]# grep elk /etc/passwd
[root@node5 ~]# su - elk
Last login: Wed Oct 14 01:10:27 CST 2020 on pts/0
[elk@node5 ~]$ pwd
# I found that the original content was also transferred
[elk@node5 ~]$ tree ./
└── a
├── b
│   └── c
└── test.txt
3 directories, 1 file

3. Modify user comments

[root@node5 ~]# grep elk /etc/passwd
[root@node5 ~]# usermod -c "elk yes es,logstash,kibana Abbreviation " elk
[root@node5 ~]# grep elk /etc/passwd
elk:x:1001:1001:elk yes es,logstash,kibana Abbreviation :/home/elk:/bin/bash

Ten . Manage user groups

[root@node5 ~]# tail -4 /etc/group
[root@node5 ~]# groupadd es
[root@node5 ~]# groupadd -g 1004 kibana
[root@node5 ~]# tail -4 /etc/group
# modify es Of GID
[root@node5 ~]# groupmod -g 1005 es
[root@node5 ~]# tail -4 /etc/group
本文为[Philosophy of life]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云