In Linux, there are two types of accounts: user accounts and group accounts

User accounts include physical people and logical objects. For example, an account for an application to perform work is also a user account

A group account is a logical unit used to gather a specific user to manage access to a file for all of its members


1. Account information

(1) User account information

The user account information is recorded in the /etc/passwd file, where each line represents the account information of a user

Each row with: division of different field records, such as the root administrator and row is: root: x: 0-0: root: / root: / bin/bash

Each field represents the following meaning:

  • Name: user account name
  • Password: usually not in plain text, generally usedxsaid
  • UID: Each user account has a unique identifier, called a UID
  • GID: Each group account also has a unique identifier, called a GID
  • User information: Additional information about the account
  • Working directory: the primary working directory of the user, except for the root account/rootThe default value of other accounts is/home/username
  • Login terminal: the terminal used by the user to log in. The default value is/bin/bash, you can usechshCommand to change the login terminal

For security reasons, the /etc/passwd file does not record the password. The real password is encrypted and recorded in the /etc/shadow file

(2) Group account information

The basic unit of account management is group. The group account information is recorded in the /etc/group file. Each line represents a group account information

For example, the row where the root administrator group resides is root:x:0:user1,user2

Each field represents the following meaning:

  • Name: Group account name
  • Password: usually not in plain text, generally usedxsaid
  • GID: unique identifier of a group account
  • User list: User accounts under this group, used between different accounts.separated

Similarly, there is a /etc/gshadow file for group accounts to improve password security

2. Add an account

(1) Add a user account

You can run the useradd [options] account name command to add a user account. The common parameters are as follows:

parameter describe
-e Specifies the validity period of the account
-d Specify the login directory for the account
-s Login terminal for the specified account
-g Specify the GID
-u Specify the UID

(2) Add a group account

You can run the groupadd [options] account name command to add a group account. The parameters are as follows:

parameter describe
-g Specify the GID
-o Duplicate Gids are allowed

3. Modify the account

(1) Modify user accounts

You can run the usermod [options] account name command to change the account. The common parameters are as follows:

parameter describe
-l Example Change the user name of an account
-e Change the validity period of an account
-d Change the login directory of an account
-s Change the login terminal of an account
-f Change the validity period of the password
-g Modify the GID
-u Modify the UID

(2) Change the group account

You can run groupmod [options] account name command to change the group account. The common parameters are as follows:

parameter describe
-g Modify the GID
-o Duplicate Gids are allowed

4. Delete the account

(1) Delete user accounts

Deleting a user account is complicated. You need to perform the following steps one by one

  1. in/etc/passwdDelete the corresponding user record from the file
  2. in/etc/shadowDelete the corresponding user record from the file
  3. in/etc/groupDelete the group record with the same name as the user from the file
  4. Delete the user’s main working directory

(2) Delete the group account

To delete a group account, run the groupdel account name command. However, no user in the group can log in to the system

5. Password management

Common users can change only their own passwords, while administrators can manage passwords of all users. The common operations are as follows

  • Change password: Change the login password

    Run the passwd command to change your password, and run the passwd username command to change the password of a specified user

  • Delete password: after deleting the password, users can directly log in without entering the password

    Run the passwd -d username command or leave the password fields in the /etc/paswswd and /etc/shadow files blank

  • Lock password: The user cannot log in after the account is locked

    Run the passwd -l username command, or add # to the front of the account in the /etc/passwd file

  • Open password: Open the locked password so that the user can continue to log in

    Run the passwd -u username command, or remove # from the front of the account line in the /etc/passwd file