man useradd can view the following useful information
1, User profile
1.1 user information file / etc/passwd
root: x:0:0:root:/root:/bin/bash
| field | Effect |
|---|---|
| 1st field | User name |
| 2nd field | Password flag x: indicates that the user has a password, and finally goes to / etc/shadow to find the password. If it is not written, it means that there is no password |
| 3rd field | Uid (user ID) 0: super user, 1-499: system user (pseudo user) 500-65535: ordinary user |
| 4th field | GID (user initial group ID) |
| 5th field | User specification |
| 6th field | Home directory normal user / home / user name /, super user / root/ |
| 7th field | Shell after login |
If you want to change an ordinary user into a super user, you only need to change its UID to 0
Initial group: it means that the user has the relevant permissions of this user group as soon as he / she logs in. Each user's initial group can only have one. Generally, the same group name as the user's is used as the initial group of this user
Additional groups: users can join multiple other user groups and have the permissions of these groups. Additional groups can have multiple
1.2 shadow file / etc/shadow
root:$61pgb5fLa1pgb5fLa1pgb5fLajtjmHA2rocUmD1qwrbe6EuSPC11wW8wDuK2qAudUnBZ3iKg.MaYNRLKUf1Mp0OilcXwA74msPaeUp/3OIL4sf/:18267:0:99999:7:::
| field | Effect |
|---|---|
| 1st field | User name |
| 2nd field | Encryption password. If the password bit is "!" or "*", you cannot log in without a password |
| 3rd field | The date of the last modification of the password, using January 1, 1970 as the standard time, with a time stamp of 1 for each passing day |
| 4th field | When the password is modified again, the interval between two password changes (compared with the third field) 0: it means that the interval is not needed when the password is modified again |
| 5th field | Password validity (compared with the third field) |
| 6th field | Warning days before password change expires (compared to field 5) |
| 7th field | Grace days after password expiration (compared with field 5) 0: effective immediately after password expiration, - 1: password will never expire |
| 8th field | Account expiration time, expressed by time stamp |
| 9th field | Retain |
1.3 group information file / etc/group and group password file / etc/gshadow
/etc/group
root: x:0:
| field | Effect |
|---|---|
| 1st field | Group name |
| 2nd field | Group password flag |
| 3rd field | GID |
| 4th field | Additional users in group |
/etc/gshadow
cdrom:*::panxiong
| field | Effect |
|---|---|
| 1st field | Group name |
| 2nd field | Group cipher |
| 3rd field | Group administrator user name |
| 4th field | Additional users in group |
2, User management related parts
Related files added by users
- User's home directory
- Normal user / home / user name /, the owner and the group belong to this user, and the permission is 700
- Super user / root /, the owner and its group amount to root user, and the permission is 550
- User's mailbox
- /var/spool/mail / user name/
- User template directory
- /etc/skel/
When creating a home directory, the original files are copied from the / etc/skel / directory
- /etc/skel/
3, User management command
- Frequently used commands
# 1. User add command: useradd # useradd [option] user name # -u UID: manually specify the UID number of the user # -d home directory: manually specify the home directory of the user # -c user description: manually specify the user's description # -g group name: manually specify the initial group of the user # -G group name: Specifies the additional groups of users. Multiple additional groups can be separated by commas # -s shell: manually specify the user's login shell. The default is / bin/bash useradd px # After creating a user, the system automatically modifies or adds the following files: # grep px /etc/passwd # grep px /etc/shadow # grep px /etc/group # grep px /etc/gshadow # ll -d /home/px # ll /var/spool/mail/px useradd -u 550 -G root,bin -d /px -c "test user" -s /bin/bash px # # 2. Change user password: passwd # passwd [option] user name # -S: Query the password status of the user password. Available to root only # -l: If the user is locked temporarily, there is no way to log in remotely. The principle is to add the password of related user under / etc/shadow!!. Available to root only # -u: Unlock users. Available to root only # --stdin: the data output by the pipeline character can be used as the user's password # Change the password of the current user passwd passwd -S px # Output px 01/06/2020 0 99999 7 -1 # User name password setting time (01 / 06 / 2020) password modification interval time (0) password validity period (99999) # Warning time (7) password does not expire (- 1) echo "123" | passwd --stdin px # 3. Modify user information: usermod # usermod [option] user name # -u UID: modify the UID number of the user # -c user description: modify the user's description information # -G group name: modify the user's additional group # -50: Temporarily lock users # -U: Unlock user lock # Modify user description usermod -c "test user" px # Add px user to root group usermod -G root px # Lock user usermod -L px # Unlocking users usermod -U px # 4. Change user password status: chage # chage [option] user name # -l: List user's detailed password status # -d date: date of last change of password (shadow 3 field) # -m days: password change interval again (4 fields) # -M days: password validity (5 fields) # -W days: warning days before password expiration (6 fields) # -I days: days of grace after password (7 fields) # -E days: account expiration time (8 fields) # This command actually sets the password modification date to 0 (shadow 3 field), so that the user will change the password as soon as he logs in chage -d 0 px # 5. Delete user: userdel # userdel [-r] user name # -r: Delete the user's home directory while deleting the user # 6. User switching command: su # su [option] user name # -: the option only uses "-" to switch with the environment variables of the user # -c command: execute the command only once without switching user identity su - root # Do not switch to root, but execute the useradd command to add px user su - root -c "useradd px" # 7. View user ID # id username id px # Output: uid=0(root) gid=0(root) groups=0(root)
Two commands, useradd and adduser, are used to create users under Linux. The differences between them are as follows:
1. When using useradd, if you do not add any parameter options later, for example, the user created by "sudo useradd test" will be the default "three no" user: no Home Directory, no password, and no system Shell.
2. When using adduser, the user creation process is more like a man-machine conversation. The system will prompt you to enter various information, and then help you create a new user based on these information.
adduser will prompt for a password, and useradd will not.
adduser will create a user directory, for example, / home/freebird freebird is the user, useradd will not
dduser will create a user directory, for example, / home/freebird freebird is the user, useradd will not
adduser will ask for full name, room number, phone number and other user information. useradd will not
In Linux, adduser is more suitable for primary users, because you don't need to remember those tedious parameter options, as long as you follow the system's prompts step by step, the disadvantage is that the whole creation process is relatively complex and long; and useradd is more suitable for users with some high-level experience, often one line of command plus parameters can solve many problems, so it's very convenient to create .
-
Delete user manually:
# 1. Delete relevant contents in / etc/passwd vim /etc/passwd # 2. Delete relevant contents in / etc/shadow vim /etc/shadow # 3. Delete / etc/group vim /etc/group # 4. Delete relevant contents in / etc/gshadow vim /etc/gshadow # 5. Delete mailbox rm -rf /var/spool/mail/User name/ # 6. Delete home directory rm -rf /home/User name/
-
User defaults file
# 1. /etc/default/useradd file vim /etc/default/useradd - GROUP=100 # User default group - HOME=/home # User home directory - INACTIVE=-1 # Password expiration grace days (shadow file 7 field) - EXPIRE= # Password expiration time (field 8 of shadow file) - SHELL=/bin/bash # Default shell - SKEL=/etc/skel # templates directory - CREATE_MAIL_SPLLO=yes # Set up mailbox or not # 2 /etc/login.defs PASS_MAX_DAYS 99999 # Password validity (5) PASS_MIN_DAYS 0 # Password change interval (4) PASS_MIN_LEN 5 # Password minimum 5 digits (PAM) PASS_WANR_AGE 7 # Password expiration warning (6) UID_MIN 500 # Minimum and maximum UID range UID_MAX 60000 ENCRYPT_METHOD SHA512 # Encryption mode
4, User group management commands
# 8. Add user group # groupadd [option] group name # -g GID: specify group ID groupadd group1 # 10. Modify user group # groupmod [option] group name # -g GID: modify group ID # -n new group name: modify group name # Change group name group1 to newgrp groupmod -n newgrp group1 # 11. Delete user group # groupdel group name groupdel newgrp # 12. Add users to the group or delete them from the group # gpasswd option group name # -a user name: add users to the group # -d user name: remove the user from the group # Add user px to newgrp group gpasswd -a px newgrp # Remove user px from newgrp group gpasswd -d px newgrp
