Linux user and user group management
Understand the meaning of users and groups
A major feature of Linux: multi-user, multi-tasking.
The so-called multi-user multi-tasking means that at the same time, multiple users can log in to the same system to perform different tasks without affecting each other.
Suppose there are three users: root, lbb, and mvv. The three users log in to the same system at the same time. Root modifies the configuration file, lbb creates the directory, and mvv accesses the database. Each user is independent without interfering with each other. Execute their own tasks, and each user cannot cross the line to access the directory that other users are operating or perform tasks under other users. It can be seen that different users have different permissions. Linux divides permissions and Management to achieve multi-user, multi-task operating mechanism.
Users and their role division in Linux
There are three types of accounts:
Super user (administrator): enjoys the highest authority and has all the authority in the system (usually root), UID is 0.
System user: also known as "pseudo-user", who cannot log in to the system. Its main function is to support the operation of the system and facilitate system management. The uid number is less than 1000.
Ordinary users: restricted by authority, can only operate files in their own directory, and can log in to the system. If the uid is greater than 1000, use the bin/bash command to log in to the shell.
When any account is created, a group with the same name will be created in the system.
1. User overview
1.1. Basic concept of user/group
Every process (program that runs) on the system runs as a specific user.
Each file is owned by a specific user.
Access to files and directories is restricted by the user.
2. User management
The management of user accounts mainly involves adding, modifying and deleting user accounts.
Adding a user account is to create a new account in the system, and then assign resources such as user number, user group, home directory, and login Shell to the new account. The account just added is locked and cannot be used.
1.Check if the user exists: [root@linux-server ~]# id user01 #View the user's uid, gid, and group uid=1001(user01) gid=1003(user01) groups=1003(user01) Primary group Affiliated group uid The system uses to identify the account user identify gid The system uses to identify the group group identify 2.Check out the account you are currently using: [root@linux-server ~]# whoami View my current account
2.1 Add user
Adding a user account is to add a record for a new user in the /etc/passwd file, and update other system files such as /etc/shadow, /etc/group, etc. at the same time.
The /etc/shadow file stores encrypted user passwords, and only the root user has read permission.
The /etc/group file stores the relevant content of the user group.
useradd Options Username Common options: -g User Group: Specify the user group to which the user belongs. -G User Groups: Specifies additional groups to which the user belongs. -d Directory: Specify the user's home directory, if this directory does not exist, it will be used at the same time-m option to create the directory. -s Shell file: login for specified user Shell.
[root@CentOS7 ~]# useradd hhh #Add user hhh [root@CentOS7 ~]# useradd -g hr kkk #Specify the main group as hr [root@CentOS7 ~]# useradd -G hr,root jack #Specify multiple additional groups [root@CentOS7 ~]# useradd -d /oyy/tom -m tom #specified home directory
2.2 Delete user
userdel Options Username Commonly used options are-r，Its function is to delete the user's home directory together. [root@CentOS7 ~]# userdel -r tom Note: The primary group with the same name of the user will also be deleted (if the name is different, it will not be deleted, and if the same name is not the primary group, it will not be deleted either)
2.3 Modify account
To modify a user account is to change the relevant attributes of the user according to the actual situation, such as user ID, home directory, user group, login Shell, etc.
To modify the information of an existing user, use the usermod command, the format of which is as follows:
usermod Options Username The meaning of the option and useradd The options in the command are basically the same, except: -L --lock Lock the user account, the user will not be able to log in -U --unlock unlock user account [root@linux ~]# usermod -g it jack #Change the user group of user jack to it [root@linux ~]# usermod -s /sbin/nologin tom #Restrict user jack to log in [root@linux ~]# usermod -L rose #lock user rose [root@linux ~]# passwd -S rose #View the password status of user rose rose LK 2022-12-10 0 99999 7 -1 (Password is locked.) [root@linux ~]# usermod -U rose #Unlock user rose
2.4 Management of user passwords
An important part of user management is the management of user passwords. The user account has no password when it is first created, but it is locked by the system and cannot be used. It must be assigned a password before it can be used, even if an empty password is assigned.
The Shell command to specify and modify user password is passwd. Superusers can specify passwords for themselves and other users. Ordinary users can only use it to modify their own passwords, and there are complex restrictions on passwords. The format of the command is:
passwd Options Username Available options: -l Lock the password, that is, disable the account, and the user cannot log in. -u Password to unlock. -d Make the account without a password. -f Force users to change their passwords the next time they log in. [root@linux ~]# passwd jack #Enter the password twice after pressing Enter, and specify the password of the user jack [root@linux ~]# echo 'jack123' | passwd --stdin jack #Specify the password directly for the user jack
3. User group management
Each user has a user group, and the system can centrally manage all users in a user group. Different Linux systems have different regulations on user groups. For example, a user under Linux belongs to a user group with the same name, and this user group is created at the same time as the user is created.
The management of user groups involves adding, deleting and modifying user groups. The addition, deletion, and modification of groups are actually updates to the /etc/group file.
3.1 Add a new user group
groupadd Options User Group Available options are: -g GID Specifies the group identification number of the new user group ( GID). -o Generally with-g option is used at the same time, indicating that the new user group GID Can be used with existing user groups in the system GID same. [root@linux ~]# groupadd hr #Create a user group hr, the group identification number is the current maximum identification number plus one [root@linux ~]# groupadd -g 101 it #Create a user group it, specify the identification number as 101
3.2 Delete user group
groupdel user group [root@linux ~]# groupdel hr #delete hr user group Note: The user's primary group cannot be deleted
3.3 View user group files
[root@linux ~]# cat /etc/group #View all user groups in the system Format of file content: groupname:group password(generally with x show):gid:team member(generally do not display)
3.4 Modify user group
groupmod Options User Group Commonly used options are: -g GID Specifies a new group identification number for a user group. -o and-g option to use both, the user group's new GID Can be used with existing user groups in the system GID same. -n New user group Change the name of the user group to a new name [root@linux ~]# groupmod -g 102 -n web it #Change the identification number of the user group it to 102, and the group name to web
3.5 Group member management
Note: Only for existing users.
gpasswd Option User User Group Commonly used options are: -a Add account to group -d remove user from group [root@linux ~]# gpasswd -a rose hr #Remove user xiaoming from group hr [root@linux ~]# gpasswd -d jack hr #Add user xiaohong to group hr