1, Classification
1. Classification by access control of account identity
① User account (identified by UID)
② Group account number (identified by GID)
2. Classification by user account
① Super user root
② System user
③ Ordinary users
3. Classification by group account (group account is used to distinguish permissions, not for login)
Basic group (private group)
Additional group (subordinate group)
2, Account file and password file
1. The local account data is stored in the local disk, including the user account data file and the group account data file
1) User account data file
/etc/passwd (user account file)
/etc/shadow (user password file)
2) Group account data file
/etc/group (group account file)
/etc/gshadow (group password file)
2. User initial profile
1) Profile source
When creating a new user, copy according to the /etc/skel template directory
2) Primary initial profile
~/. bash profile: execute every login
~/. bashrc: execute every time you enter a new Bash environment
Global configuration files: /etc/bashrc, /etc/profile
3. User account file
1) /etc/passwd save basic information of user account
2) Instance
copy[root@localhost ~]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash ... ... ...
One line per user record to: split into 7 fields Field 1: name of user account Field 2: password string or placeholder x Field 3: UID number of user account Field 4: GID number of the basic group to which it belongs Field 5: full user name Field 6: home directory Field 7: interpreter used for login
4. User password file
1) /etc/shadow save password string / validity period and other information
2) Instance
copy[root@localhost ~]# cat /etc/shadow root:$6$Jjo9h9zNw... ...J/:264:0:99999:7::: ... ... ...
One line per user record to: split into 9 fields Field 1: name of user account Field 2: encrypted password string Field 3: time when the password was last modified Field 4: minimum effective days of password, 0 by default Field 5: the longest valid days of the password, 99999 by default Field 6: warning days before password expiration, default 7 Field 7: how many days after the password expires to disable this user account Field 8: account expiration time. The default value is blank Field 9: reserved field (not used)
5. Group account file
1) /etc/group saves the basic information of the group number
2) Instance
copy[root@localhost ~]# cat /etc/group root:x:0: ... ... ...
One row per group record to: split into 4 fields Field 1: name of group account Field 2: password placeholder x Field 3: GID number of group account Field 4: list of member users of this group
6. Group password file
1) /etc/gshadow save the management information of the group account
2) Instance
copy[root@localhost ~]# cat /etc/gshadow root::: ... ... ...
One row per group record to: split into 4 fields Field 1: name of group account Field 2: encrypted password string Field 3: list of administrators in this group Field 4: list of member users of this group
3, Related commands
1. useradd command
1) Function
useradd add user
2) Format
useradd [options] user name
3) Common command options
-u: Specify UID
-d: Specify the home directory. The default is / home / user name
-G: Specify the additional group to which you belong
-s: Login interpreter for the specified user
4) Instance
copy[root@localhost ~]# useradd -u 10010 -d /opt/wangwu -s /bin/bash -G zhaolu wangwu #Add the Wangwu user, specify the UID as 10010, set the home directory as /opt/wangwu, specify the login interpreter as /bin/bash, and specify the attached group as zhaolu
2. usermod command
1) Function
usermod modify user
2) Format
usermod d[options] user name
3) Common command options
-l: Change the login name of the user account
-u: User id
-d: Home directory
-s: Login interpreter
-G: Additional group (reset additional group)
4) Instance
copy[root@localhost ~]# usermod -l wuqi -u 123456 -d /home/wangwu -s /sbin/nologin -G wangwu wangwu #Change the login name of user Wangwu to wuqi, the user id to 123456, the home directory to /home/wangwu, the additional group to Wangwu, and the login interpreter to /sbin/nologin (this interpreter is not used for login)
3. passwd command
1) Function
Set user password
2) Format
passwd [options] user name
3) Common command options
--stdin: read password from standard input (such as pipeline operation)
4) Instance
copy[root@localhost ~]# echo 123456 | passwd --stdin wangwu #Set the password to 123456 through the --stdin option to avoid the interaction process
4. userdel command
1) Function
userdel delete user
2) Format
userdel [options] username
3) Common command options
-r: delete along with home directory / user mail
4) Instance
copy[root@localhost ~]# userdel -r wangwu #Delete user wangwu
5. id command
1) Function
Query account id
2) Format
id [options] user name
3) Instance
copy[root@localhost ~]# id root uid=0(root) gid=0(root) groups=0(root)
6. groupadd command
1) Function
groupadd add group account
2) Format
groupadd [options] group name
3) Common command options
-g: Specify GID
4) Instance
copy[root@localhost ~]# groupadd -g 1234 wangwu [root@localhost ~]# grep wangwu /etc/group wangwu:x:1234:wangwu
7. gpasswd command
1) Function
gpasswd management group members
2) Format
gpasswd [options] Group name
3) Common command options
-A: Define group administrator list
-a: Add group members (only one at a time)
-d: Delete group members (only one can be deleted at a time)
-M: Define group member user list (multiple can be set)
4) Instance
copy[root@localhost ~]# gpasswd -A wuqi wangwu [root@localhost ~]# grep wangwu /etc/gshadow wangwu:!:wuqi: #ABCD set as ABCD group administrator
copy[root@localhost ~]# gpasswd -M wuqi,zhangsan,lisi wangwu [root@localhost ~]# grep wangwu /etc/gshadow wangwu:!:wuqi:zhangsan,lisi #ABCD set as a group member of the ABCD group
copy[root@localhost ~]# gpasswd -d lisi wangwu Removing user lisi from group wangwu [root@localhost ~]# grep wangwu /etc/gshadow wangwu:!:wuqi:zhangsan #Remove user delete lisi from wangwu group
copy[root@localhost ~]# gpasswd -a lisi wangwu Adding user lisi to group wangwu [root@localhost ~]# grep wangwu /etc/gshadow wangwu:!:wuqi:zhangsan,lisi #Add user lisi to wangwu group
8. groupdel command
1) Function
groupdel delete group (the deleted target group cannot be the user's basic group)
2) Format
groupdel group name
3) Instance
copy[root@localhost ~]# grep wangwu /etc/gshadow wangwu:!:wuqi:zhangsan,lisi [root@localhost ~]# groupdel wangwu [root@localhost ~]# grep wangwu /etc/gshadow #Delete the wangwu group and search again. No output is found. It is proved to be successful