In Linux, there are two types of accounts: user accounts and group accounts
User accounts include physical people and logical objects. For example, an account for an application to perform work is also a user account
A group account is a logical unit used to gather a specific user to manage access to a file for all of its members
1. Account information
(1) User account information
The user account information is recorded in the /etc/passwd file, where each line represents the account information of a user
Each row with: division of different field records, such as the root administrator and row is: root: x: 0-0: root: / root: / bin/bash
Each field represents the following meaning:
- Name: user account name
- Password: usually not in plain text, generally used
xsaid - UID: Each user account has a unique identifier, called a UID
- GID: Each group account also has a unique identifier, called a GID
- User information: Additional information about the account
- Working directory: the primary working directory of the user, except for the root account
/rootThe default value of other accounts is/home/username - Login terminal: the terminal used by the user to log in. The default value is
/bin/bash, you can usechshCommand to change the login terminal
For security reasons, the /etc/passwd file does not record the password. The real password is encrypted and recorded in the /etc/shadow file
(2) Group account information
The basic unit of account management is group. The group account information is recorded in the /etc/group file. Each line represents a group account information
For example, the row where the root administrator group resides is root:x:0:user1,user2
Each field represents the following meaning:
- Name: Group account name
- Password: usually not in plain text, generally used
xsaid - GID: unique identifier of a group account
- User list: User accounts under this group, used between different accounts
.separated
Similarly, there is a /etc/gshadow file for group accounts to improve password security
2. Add an account
(1) Add a user account
You can run the useradd [options] account name command to add a user account. The common parameters are as follows:
| parameter | describe |
|---|---|
-e |
Specifies the validity period of the account |
-d |
Specify the login directory for the account |
-s |
Login terminal for the specified account |
-g |
Specify the GID |
-u |
Specify the UID |
(2) Add a group account
You can run the groupadd [options] account name command to add a group account. The parameters are as follows:
| parameter | describe |
|---|---|
-g |
Specify the GID |
-o |
Duplicate Gids are allowed |
3. Modify the account
(1) Modify user accounts
You can run the usermod [options] account name command to change the account. The common parameters are as follows:
| parameter | describe |
|---|---|
-l |
Example Change the user name of an account |
-e |
Change the validity period of an account |
-d |
Change the login directory of an account |
-s |
Change the login terminal of an account |
-f |
Change the validity period of the password |
-g |
Modify the GID |
-u |
Modify the UID |
(2) Change the group account
You can run groupmod [options] account name command to change the group account. The common parameters are as follows:
| parameter | describe |
|---|---|
-g |
Modify the GID |
-o |
Duplicate Gids are allowed |
4. Delete the account
(1) Delete user accounts
Deleting a user account is complicated. You need to perform the following steps one by one
- in
/etc/passwdDelete the corresponding user record from the file - in
/etc/shadowDelete the corresponding user record from the file - in
/etc/groupDelete the group record with the same name as the user from the file - Delete the user’s main working directory
(2) Delete the group account
To delete a group account, run the groupdel account name command. However, no user in the group can log in to the system
5. Password management
Common users can change only their own passwords, while administrators can manage passwords of all users. The common operations are as follows
-
Change password: Change the login password
Run the passwd command to change your password, and run the passwd username command to change the password of a specified user
-
Delete password: after deleting the password, users can directly log in without entering the password
Run the passwd -d username command or leave the password fields in the /etc/paswswd and /etc/shadow files blank
-
Lock password: The user cannot log in after the account is locked
Run the passwd -l username command, or add # to the front of the account in the /etc/passwd file
-
Open password: Open the locked password so that the user can continue to log in
Run the passwd -u username command, or remove # from the front of the account line in the /etc/passwd file