User and group management

  1. What are users? Are users people?
  2. What does the user do?

  • The user account

    • Super administrator: root
    • Common user: Ruochen
    • System/program user: a user created for a program in the system. These users are not allowed to log in to the operating system

  • Group accounts

    • Definition: a collection of users
    • Base group: A group with the same name as the user
    • Additional group: If you add other users to a group, this group is called an additional group for other users

  • The user role

    • Linux controls access to resources based on user identity

  • UID and GID Numbers

    • User identity (UID) : indicates the user ID
    • Gid (group identity) : indicates the group ID
    • The UID of user root is 0
    • Common user UID number: 1000-60000 (RHEL7) 500+ (RHEL6)
    • System user UID number: 1-999 (RHEL7) 1-499 (RHEL6)

User related files

  • /etc/passwd Saves the user account information

      sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  ruochen:x:1000:1000:ruochen:/home/ruochen:/bin/bash
Copy the code
    • Field 1: User account name
    • Field 2: ‘x’ represents the password placeholder /etc/shadow
    • Field 3: UID number of the user account
    • Field 4: GID number of the user’s basic group account
    • Field 5: The user’s full name
    • Field 6: Host directory (the user’s home directory)
    • Field 7: user login shell information
      • /bin/bash (default login shell)
      • /sbin/nologin (Users are not allowed to login to the system)

  • /etc/shadow Saves user password information

    root: The user account name $6 $3 rb. LU2l JOMd/T5 $dwR0X/HIgpbHZtIqtWQbTYyB268B80nJAnXgQ8foZsOm8eRx7wynqTdZG485k8jKu5fnbEpHJOCChpWGndXHL1: 18050: time when the password was last changed (1970.1.1) 0: minimum valid days of the password 99999: maximum valid days of the password 7: password expiration warning time: Can I log in after the password has expired? 0 Deny 10 Allow 10 days -1 Long term: Password expiration Time: Reserved (unused)Copy the code

Group account related files

  • /etc/group Saves the basic information about the group account
  • /etc/gshadow Saves the group account password

User and group management software:

  • yum install system-config-users -y
  • [root@localhost ~]# system-config-users
  • Viewing User Information
    • [root@localhost ~]# id ruochen # id username

Command line based user and group management

Create a user

  • Useradd [option] username

    • -u: specifies the UID of an account

    • -g: Specifies the user GID

    • -s: specifies the default login shell for the account

    • -g: adds the user to the specified subsidiary group

    • -c: Adds a text description for the user

    • -d: Specifies a name different from the login name for the primary directory

    • -m: Create the user’s home directory (default)

    • -m: does not create the user home directory

    • -p passwd: specifies a default password for the user

    • -r: Creates a system account

    • -e: indicates the expiration time of the user account YYYY-MM-DD

        [root@localhost ~]# useradd susa
  [root@localhost ~]# useradd -u 3000 -s /sbin/nologin user 
Copy the code

Viewing User Information

  • id username

      [root@localhost ~]# id user
  uid=3000(user) gid=3000(user) groups=3000(user)
Copy the code

Delete user

  • userdel -r username

      [root@localhost ~]# userdel -r susa
  [root@localhost ~]# id susa
  id: susa: no such user
  [root@localhost ~]# userdel -r user
  [root@localhost ~]# id user
  id: user: no such user
  [root@localhost ~]# 
Copy the code

Modifying User Information

  • Usermod [option] username

    • -u: respecifies the UID number of a user

    • -s: specifies the login shell of the user

    • -g: Adds a user to an additional group

    • -l: Locks an account so that the user cannot log in

    • -u: unlock an account and enable the user to log in

        [root@localhost ~]# usermod -u 2000 -s /sbin/nologin harry 
  [root@localhost ~]# usermod -u 2000 -s /bin/bash  harry 
  [root@localhost ~]# id harry
  uid=2000(harry) gid=1001(harry) groups=1001(harry)
Copy the code

Create a password for the user

  • passwd username

  • echo ‘passwd’ | passwd –stdin username

      [root@localhost ~]# passwd harry
  Changing password for user harry.
  New password: 
  Retype new password: 
  passwd: all authentication tokens updated successfully.
  [root@localhost ~]# su - harry
  [harry@localhost ~]$ 

  [root@localhost ~]# usermod -L harry
  [root@localhost ~]# su - harry
  Last login: Sat May 16 22:17:41 EDT 2020 on pts/1
  [harry@localhost ~]$ 
Copy the code

Why can I log in when the user has been locked?

[root@localhost ~]# usermod -U harry
[root@localhost ~]# su - harry
Last login: Sat May 16 22:18:29 EDT 2020 on pts/1
[harry@localhost ~]$ 
Copy the code

Example Change a user password

  • chage -m 0 -M 90 -W 7 -I -1 username
  • -d 0: forces the user to log in to change the password
  • -e YYYY-MM-DD: specifies the expiration time of a password
  • -l username: Lists the current password of the user

Create a group

  • Groupadd [Option] Groupname
  • -g: indicates the GID number of the specified group

Delete the group

  • groupdel groupname

      [root@localhost ~]# groupdel manager
Copy the code

Create the following users, groups, and group membership:

  • A group called Manager
  • A user named Harry belongs to the Manager group, which is the subgroup of the user
  • A user named Natasha belongs to the Manager group, which is the subordinate group of the user
  • A user named STRLT has no interactive shell in the system and is not a member of the Manager group
  • Users Natasha, Harry, and STRLT all have their passwords set to default
[root@localhost ~]# groupadd manager
[root@localhost ~]# useradd -G manager harry
[root@localhost ~]# useradd natasha
[root@localhost ~]# usermod -G manager natasha
[root@localhost ~]# useradd -s /sbin/nologin strlt
[root@localhost ~]# echo 'default' | passwd --stdin harry
Changing password for user harry.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo 'default' | passwd --stdin natasha
Changing password for user natasha.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo 'default' | passwd --stdin strlt
Changing password for user strlt.
passwd: all authentication tokens updated successfully.
Copy the code

View the user currently logged in to the system

  • users, w, who

      [root@localhost ~]# w
Copy the code

23:16:53 up | 2:23, | 3 users, | load average: 0.19, 0.17, 0.14

  • | – | – | – | – |

Login time | run | | total user load level (1/5/15)

USER | TTY | LOGIN@ | IDLE | JCPU | PCPU | WHAT

  • | – | – | – | – | – | – |

LOGIN user used terminal | | LOGIN LOGIN time (LOGIN @ = = LOGIN AT) | | users use idle time | CPU time consumption after task execution time | task is who

root :0 20:55 ? xdm? 7:03 0.16s gdM-session-worker [PAM/GDM-pas root PTS /0 21:09 1:18m 0.32s 0.32s -bash root PTS /1 21:33 5.00s 0.22s 0.00s wCopy the code
  • whoami
    • Displays the user name under the current user
  • who am i
    • Displays the user name used for login
  • who

    • Display the current user who is actually logged in to the system (do not display the user who switched to su)

      [root@localhost ~]# who root :0 2020-05-16 20:55 (:0) root PTS /0 2020-05-16 21:09 (192.168.37.1) root PTS /1 2020-05-16 21:33 (:0) [root@localhost ~]# whoami root [root@localhost ~]# whoam I root PTS /0 2020-05-16 21:09 (192.168.37.1) [root@localhost ~]# su - ruochen [ruochen@localhost ~]$who am I root PTS /0 2020-05-16 21:09 (192.168.37.1) [ruochen@localhost ~]$ whoami ruochenCopy the code