Linux adds and to remove users and user groups

This article summarizes some of the commands and parameters that Linux often USES to add or remove users and user groups. Without further ado, let's look at 1.

1. Users:

adduser phpq // new phpq user
passwd phpq // set password for phpq user

2. Establish working groups

groupadd test // new test working group

3. Create new users and add working groups at the same time

useradd-g test phpq // create new phpq users and add them to test workgroups

Note: -g belongs to the group -d home directory - SHELL used by s

4. Add workgroups to existing users

usermod -G groupname username

Or: gpasswd-a user group

5, temporary closure: in the file /etc/shadow belongs to the user's line of the second field (password) before the *. To restore the user, remove *.

Or close the user account using the following command:
passwd peter � l

Re-release:
passwd peter � u

6. Permanently delete user accounts

userdel peter

groupdel peter

usermod, G, peter, peter (mandatory deletion of the user's home directory and all files and subdirectories in the home directory)

7. Delete users from the group

Edit /etc/group find the line GROUP1 and delete A
Or by command
gpasswd -d A GROUP

8. Display user information

id user
cat /etc/passwd

This article focuses on the concepts of user (user) and user group (group) management in the Linux system. Enumeration of user (user) and user group (group) commands; Among them also to the single user multi-task, multi-user multi-task also do in order to explain.

Management overview of Linux users (user) and user groups (group)

Linux is a multi-user, multi-task operating system. We should understand the concepts of single-user multitasking and multi-user multitasking;

1. Single-user multitasking of Linux;

Single-user multitasking; For example, we log in the system with beinan. After entering the system, I need to open gedit to write documents. However, during the process of writing documents, I feel that there is less music, so I open xmms to do some music. Of course, listening to some music is not enough, MSN still has to be opened, and I want to know what some brothers are doing now. In this way, when I log in with beinan user, I execute gedit, xmms and msn, as well as the input method fcitx. That makes it a little bit easier. One beinan user, in order to get the job done, performed several tasks; Of course, the beinan user, other people can log in remotely and do other work.

2. Multi-user and multi-task of Linux;

Sometimes it may be that many users are using the same system at the same time, but not all users must do the same thing at the same time.

For example, the LinuxSir.Org server contains FTP users, system administrators, web users, regular users, etc. At the same time, some of you may be visiting the forum. Some may be uploading software package management substations, such as luma or Yuking, which manage their home page system and FTP. At the same time, there may be a system administrator maintaining the system; The main page is accessed by nobody users, who all use the same one, while the software package is uploaded by FTP users; The administrator may maintain or view the system with a normal account or super permission root account; Different users have different permissions, and different users are required to complete different tasks. It can be said that different users may accomplish different tasks.

It is worth noting that multi-user multi-task does not mean that everyone is crowded into the keyboard and monitor of one machine to operate the machine at the same time. Multi-users may do it through remote login, such as remote control of the server. As long as there is user permission, anyone can go up to operate or access the machine.

3. User role differentiation;

Users have different roles in the system. In the Linux system, due to different roles, permissions and tasks are also different. It is worth noting that the user's role is identified through UID, UID in particular; In system management, system administrator 1 must adhere to the UID only 1 feature;

root user: system only 1, is real, can log in the system, can operate any files and commands of the system, has the highest authority;
Virtual users: these users are also known as fake users or fake users, which are distinguished from real users. They do not have the ability to log on to the system, but they are indispensable to the system operation, such as bin, daemon, adm, ftp, mail, etc. These users are owned by the system itself, not added later, of course, we can also add virtual users;
Ordinary real users: this kind of users can log in the system, but can only operate the contents of their own home directory; Limited authority; Such users are added by the system administrator;

4. Security of multi-user operating system;

Multi-user systems are in fact more convenient for system administration. From a security perspective, multi-user management system more security, such as beinan user under a certain file don't want to let other users see, just set under 1 file permissions, only beinan1 a user can read can write editable, so that 1 to only beinan1 a user can operate to the private documents, Linux best under the multi-user, Linux can be a very good to protect the safety of each user, but we also have to learn to Linux, security system, if there is no safety awareness of the administrator or management technology, Such systems are not secure either.

From the point of view of the server, the system security under the multi-user is also the most important, we commonly used Windows operating system, its ability to spinning permission management can only be said to be 1, there is no way and Linux or Unix system compared;

2. User (user) and user group (group) concepts;

1. Concept of user (user);

From the previous understanding of Linux multi-user, we understand that Linux is a real multi-user operating system, so we can build several users in Linux system (user). Such as our colleagues want to use my computer, but I don't want to let he used my user name login, because there are don't want to let others see my user name (privacy) of materials and information at this time I can give him build a new user name, let him I user name to open, this is in line with the operating rules from the perspective of computer security;

Of course, the conceptual understanding of users (user) does not stop there. In the Linux system, there are still some users who are used to complete specific tasks, such as nobody and ftp. When we access ftp anonymously, we use the user ftp or nobody; If you want to know some accounts of Linux system, please check /etc/passwd;

2. Concept of user group (group);

A user group (group) is a collection of users with the same characteristics (user). Such as sometimes we need to make multiple users with the same privileges, such as view, modify some 1 files or execute a command, then we need to user groups, we define the users to user groups, with 1 by modifying the file or directory permissions, we let the user group with one set of operation privileges, such user group of the user permissions on this file or directory has the same, this is our group by defining and modify the file permissions to implement;

Example: we have to make 1 some users have permission to view a document, such as a timeline, and write the schedule will have to read and write permissions of execution, we want more users to know the contents of this schedule, and don't let them change, so we can put these users to a group, and then to modify the file permissions, let the user groups can be read, so that the user group of the following each user is readable;

The corresponding relationship between users and user groups is: 1 to 1. Many to 1. 1 to many or many to many;

1 to 1: a user can be a unique member of a group;
Many-to-1: multiple users can be members of a one-only group and not belong to other user groups; For example, beinan and linuxsir only belong to the beinan user group.
1 to many: a user can be a member of more than one user group; For example, beinan can be a member of the root group, the linuxsir user group, or the adm user group.
Many-to-many: multiple users correspond to multiple user groups, and several users may belong to the same group; In fact, the many-to-many relationship is an extension of the previous three; If you understand the three above, you can understand this one;

3. Configuration files, commands or directories related to users (user) and user groups (group);

1. Configuration files related to users (user) and user groups (group);

1) configuration files related to users (user);

Note: user (user) profile;
/etc/shadow note: user (user) shadow password file;

2) configuration files related to user groups (group);

Note: user group (group) profile;
/etc/gshadow note: shadow files for the user group (group);

2. Tools or commands for managing users (user) and user groups (group);

1) tools or commands for managing users (user);

useradd note: add users
adduser note: add users
passwd note: set the password for the user
usermod note: modify the user command, you can modify the login name, user's home directory, etc., through usermod;
pwcov note: users synchronize from /etc/passwd to /etc/shadow
Note: pwck verifies that the contents of user profiles /etc/passwd and /etc/shadow are legal or complete;
pwunconv note: this is the vertical reverse operation of pwcov, creating /etc/passwd from /etc/shadow and /etc/passwd, and then deleting /etc/shadow files;
finger note: tools for viewing user information
id note: view the user's UID, GID and the user groups to which they belong
chfn note: tools for changing user information
su note: user switching tool
sudo note: sudo is used to execute commands by another user (execute a command another user). su is used to switch users and then complete the corresponding tasks by switching to the user. However, sudo can directly execute commands later. But you have to edit /etc/sudoers via visudo;
visudo note: visodo is the command to edit /etc/sudoers; You can also edit /etc/sudoers using vi instead of this command.
Note: sudoedit has the same function as sudo;

2) tools or commands for managing user groups (group);

groupadd note: add user groups;
groupdel note: delete user groups;
groupmod note: modify user group information
groups note: shows the user group to which the user belongs
grpck
grpconv note: synchronize or create /etc/gshadow via the file contents of /etc/group and /etc/gshadow, create /etc/gshadow if /etc/gshadow does not exist;
grpunconv note: synchronize or create /etc/group via /etc/group and /etc/gshadow file contents, then delete the gshadow file;

3. /etc/skel

/etc/skel directory 1 is generally the directory where the user's startup files are stored. This directory is controlled by the permission of root. When we add a user, the files in this directory are automatically copied to the home directory of the newly added user. The files in /etc/skel directory are all hidden files. We can provide users with a standard, default user environment by modifying, adding, and deleting files in the /etc/skel directory.

[root@localhost beinan]# ls -la /etc/skel/
The total amount of 92
drwxr-xr-x 3 root root 4096 August 11:23:32.
drwxr-xr-x 115 root root 12288 oct 14 13:44...
-rw-r --r-- 1 root root 24 May 11 00:15.bash_logout
-rw-r --r-- 1 root root 191 May 11 00:15.bash_profile
-rw-r --r-- 1 root root 124 May 11 00:15.bashrc
-rw-r--r-- 1 root root 5619 2005-03-08 .canna
-rw-r --r-- 1 root root 438 May 18 15:23
-rw-r --r-- 1 root root 120 May 23 05:18
drwxr-xr-x 3 root root 4096 August 11:23:16.kde
-rw-r--r-- 1 root root 658 2005-01-17 .zshrc

/etc/skel directory files, 1 is generally we use useradd and adduser command to add users (user), the system automatically copied to the new user (user) home directory; If we add users by modifying /etc/passwd, we can create the user's home directory ourselves, then copy the files under /etc/skel to the user's home directory, and then use chown to change the owner of the new user's home directory;

4, /etc/ login.defs configuration file;

The etc/ login.defs file is one of the plans when creating a user, such as whether a home directory is needed when creating a user, and the scope of UID and GID; User term and so on, this file can be defined by root;

For example, Fedora /etc/ logins.defs;

# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail note: to create a user, create a user mail file in the directory /var/spool/mail;
#MAIL_FILE .mail

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999 note: the number of days in which a user's password is not expired;
PASS_MIN_DAYS 0 note: the minimum number of days between password changes;
PASS_MIN_LEN 5 note: password minimum length;
PASS_WARN_AGE 7 note:

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500 note: the minimum UID is 500, which means that when users are added, UID starts at 500;
Note: maximum UID is 60000;

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500 note: GID starts at 500;
GID_MAX 60000

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is ORed with the -m flag on
# useradd command line.
#
CREATE_HOME yes note: do you want to create a user home directory?

5. /etc/default/useradd

Rules file for adding users via useradd;

# useradd defaults file
GROUP=100
HOME=/home note: build the user's home directory in /home;
INACTIVE=-1 note: if the account expiration right is enabled, -1 means it is not enabled;
EXPIRE= note: account termination date, no setting means no enabled;
SHELL=/bin/bash note: type of SHELL used;
SKEL=/etc/skel note: add the user's directory by default; In other words, when we add users with adduser, all the files in the user's home directory are copied from this directory.

Postscript:

That's about it for user (user) and user group (group) administration; Users (user) and user groups (group) can be managed pretty much as long as they understand and master what has been said above. Since the user (user) and the user group (group) are related to the file and directory permissions in 1, the operation of the file and directory permissions will also be independently written for you to introduce;