preface

Linux is a multi-user, multi-task operating system. In such a system, understanding user management is often indispensable and necessary.

Three types of Linux users

Type 1: root (super administrator), whose UID is 0. This user can override many restrictions, including read/write execution. So be careful with this user because he has too many permissions.

Type 2: system users whose UID ranges from 1 to 499. System users are built-in users that are required for the proper functioning of the Linux system and are typically used for administrative services. System users, such as bin and daemon, cannot be used to log in.

The third category is common users, whose UID ranges from 500 to 65534. This type of user is created to enable users to use Linux system resources. Generally, new users are ordinary users.

User management

Viewing the Current User

Check whether the current user can use the who command (not supported on some systems) or whoami command

$ who
yangan console  Dec 28 10:53
yangan ttys005  Jan 10 13:15

$ whoami
yangan
Copy the code

Viewing User Details

To view user details, use finger (not supported on some systems) or the ID command

$ finger yanganLogin: yangan Name: hongxin xie Directory: /Users/yangan Shell: /bin/zsh On since 一 12 28 10:53 (CST) On console, Idle 13 days 2:39 (messages off) On 5 1 8 12:55 (CST) On ttys000, Idle 1:21 On since day 1 3 15:09 (CST) On TTYS003, Idle 1 day 19:19 On ttys006 (messages off) On ttys006 (messages off) On ttys010 (CST) Idle 4 days 22:46 On ttYS005 On ttYS005 1 9 13:31 On TTYS012 (messages off) No Mail. No Plan.
$ id yangan
uid=501(yangan) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm)...
Copy the code

Create a user

There are two ways to create a user: adduser and userAdd.

adduser

The adduser command creates a user in interactive mode and specifies the home directory, system shell version, and user password for the user.

$ adduser user1

Adding user `user1' ...
Adding new group `user1' (1000) ...
Adding new user `user1' (1000) with group `user1' ...
#Create a home directory
Creating home directory `/home/user1' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user1
Enter the new value, or press ENTER for the default
	Full Name []:
	Room Number []:
	Work Phone []:
	Home Phone []:
	Other []:
Is the information correct? [Y/n] y
Copy the code

If you want to skip the CHFN interaction above, i.e. fill in Full name,Room number,Work phone,Home phone, then add the –gecos parameter.

useradd

The useradd command creates a user in non-interactive mode. If the home directory is not specified, the created user has no home directory and no password.

#The case with no parameters
$ useradd user2

$ passwd user2  No password is specified, so reset
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

#Specify the parameters-d: specify the home directory. -m: create a shell if the directory does not exist. -s: specify the shell
$ useradd -d "/home/user3" -m -s "/bin/bash" user3
Copy the code

Delete user

#Deleting only users
$ userdel user1

#Delete along with the home directory
$ userdel -r user1
Copy the code

User groups

Creating a User Group

groupadd linux-test

Viewing User Groups

#The user group to which the current user belongs is displayed
$ groups
root

#Searching for user Groups
$ cat /etc/group | grep linux-test
linux-test:x:1002:
Copy the code

Deleting a User Group

groupdel linux-test

Add users to other groups

Syntax: usermod -a -g your_group your_user Example: usermod -a -g linux-test user3Copy the code

View the owning group of the user

$ id user3

uid=1001(user3) gid=1001(user3) groups=1001(user3),1002(linux-test)
Copy the code

The user is deleted from the group

$ gpasswd -d user3 linux-test
Removing user user3 from group linux-test
Copy the code

Add the user to the sudo user group

Purpose: Only users in the sudo group can use the sudo command.

1. Open sudo Visudo

2. Add the command

# Centos7Add "user ALL=(ALL) ALL" to root ALL=(ALL) ALL
# Ubuntu18.04
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALLYangan ALL=(ALL:ALL) NOPASSWD:ALL # sudo yangan2 ALL=(ALL:ALL) ALL # sudo requires a passwordCopy the code

User/user group configuration description

/etc/group

/etc/group is the configuration file of a user group. The file contains users and user groups, and displays the user group to which the user belongs.

$ cat /etc/group | grep linux-test
linux-test:x:1002:

$ usermod -a -G linux-test user3

#Many user3
$ cat /etc/group | grep linux-test
linux-test:x:1002:user3
Copy the code

The output of /etc/group can be divided into four parts:

  • The first part is the user group name, such as linux-test
  • The second part is the user group password, which was used to save the password, but now the password is in /etc/shadow, so it shows x
  • The third part is the GID, or group ID
  • The fourth section is a list of users, separated by commas. If the value is empty, the user name is the same as the user group name

/etc/passwd

/etc/passwd stores the user password.

$ cat /etc/passwd | grep 'user3'
user3:x:1001:1001::/home/user3:/bin/bash
Copy the code

The preceding information is explained as follows:

  • Field 1: User name
  • The second field: the user group password, which was used to save the password, is now in /etc/shadow, so it shows x
  • The third field is UID, which is the user ID. The default UID of the system administrator is 0. It is best to use uids above 1000 when adding users, and uids between 1 and 1000 are best reserved for the system.
  • Field 4: GID, which is the group ID
  • Field 5: Some descriptive information about the account (can be ignored for the time being)
  • The sixth field: account home directory, home directory is the default directory after you log in the system
  • Field 7: Shell used by the account

/etc/shadow

/etc/shadow is the shadow file of /etc/passwd, which stores the actual password.

$ cat /etc/shadow | grep 'user3'user3:$6$isHqGuaA$aO1F9.W17GTYIPy7OHAgV12DcY7GMlcJbgLGVhg6ZqKOrq4lxKVSoV/073zR.Kjpybcd4kcG1p/aID0QmcHs20:18637:0:99999:7 : : :Copy the code

The preceding information is explained as follows:

  • Field 1: User name
  • Field 2: Encrypted password. If the first character in this column is! Or *, indicating that this is a non-login account
  • Field 3: the date of the last password change. This is the total number of days since January 1, 1970
  • Field 4: The number of days the password cannot be changed: If this value is set, it indicates the number of days from the date the password was changed that the password cannot be changed again. If this value is 0, there is no limit
  • Field 5: The number of days that the password needs to be changed again: The password can be changed frequently to ensure security. To remind some users who do not change their passwords frequently, you can set a number of days to force users to change their passwords, that is, the number of days after the password will expire. If it is 99999, there is no limit
  • Field 6: If the number of days to change the password is set, the system will remind users of the number of days before the password will expire
  • Field 7: Forgivetime of password expiration: The number of days that the user can continue to use the password if the user has not changed the password after the date set in the fifth field expires
  • Field 8: Account expiration date, after which the account can no longer be used
  • Field 9: Reserved field

/etc/passwd VS /etc/shadow

1. Only system administrators can modify /etc/passwd, but the modification is visible to all users. Only system administrators can modify /etc/shadow, but only administrators can modify /etc/shadow.

2./etc/shadow is a shadow of /etc/passwd (like its name). The lines in the /etc/shadow file correspond to the lines in /etc/passwd.

Write in the last

Dear bosses, creation is not easy, but it needs to be honed and summarized constantly, welcome to pay attention to me, I am Yan Gan, I will share with you all kinds of practical programming knowledge and skills, your praise and attention is the biggest motivation for my progress and creation!!

reference

View all users and user groups in Linux. 2. In Linux, /etc/passwd and…