用户及用户组管理操作

账号和组

1、什么是UID和GID?
UID 为UserId,即用户ID,用来标识每个用户的唯一标示符。
GID 即组ID,用来标识用户组的唯一标识符。

扩展:
用户组:将同一类用户设置为同一个组,如可将所有的系统管理员设
置为admin组,便于分配权限,将某些重要的文件设置为所有admin组
用户可以读写,这样可以进行权限分配。每个用户都有一个唯一的用
户id,每个用户组都有一个唯一的组id。
2、哪个用户控制用户的基础权限和属性
在系统中/etc/passwd和/etc/group的两个文件,决定了用户的UID
和GID以及相关的属性。
3、/etc/passwd文件结构
用户及用户组管理操作_第1张图片
图片.png
4、/etc/shadow文件结构
用户及用户组管理操作_第2张图片
图片.png
5、/etc/group文件结构
用户及用户组管理操作_第3张图片
图片.png

账号管理

1、新增与移除使用者账号
>useradd  增加账户
>passwd  修改密码
>userdel  删除账号

useradd

[root@localhost baixiaoyeer]# useradd --help
Usage: useradd [options] LOGIN

Options:
  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
                                account
  -G, --groups GROUPS           list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping

用户及用户组管理操作_第4张图片
图片.png

passwd

[root@localhost baixiaoyeer]# passwd --help
Usage: passwd [OPTION...] 
  -k, --keep-tokens       keep non-expired authentication tokens
  -d, --delete            delete the password for the named account (root only)
  -l, --lock              lock the password for the named account (root only)
  -u, --unlock            unlock the password for the named account (root only)
  -e, --expire            expire the password for the named account (root only)
  -f, --force             force operation
  -x, --maximum=DAYS      maximum password lifetime (root only)
  -n, --minimum=DAYS      minimum password lifetime (root only)
  -w, --warning=DAYS      number of days warning users receives before password expiration (root only)
  -i, --inactive=DAYS     number of days after password expiration when an account becomes disabled (root only)
  -S, --status            report password status on the named account (root only)
  --stdin                 read new tokens from stdin (root only)

Help options:
  -?, --help              Show this help message
  --usage                 Display brief usage message

用户及用户组管理操作_第5张图片
图片.png

userdel

[root@localhost baixiaoyeer]# passwd --help
Usage: passwd [OPTION...] 
  -k, --keep-tokens       keep non-expired authentication tokens
  -d, --delete            delete the password for the named account (root only)
  -l, --lock              lock the password for the named account (root only)
  -u, --unlock            unlock the password for the named account (root only)
  -e, --expire            expire the password for the named account (root only)
  -f, --force             force operation
  -x, --maximum=DAYS      maximum password lifetime (root only)
  -n, --minimum=DAYS      minimum password lifetime (root only)
  -w, --warning=DAYS      number of days warning users receives before password expiration (root only)
  -i, --inactive=DAYS     number of days after password expiration when an account becomes disabled (root only)
  -S, --status            report password status on the named account (root only)
  --stdin                 read new tokens from stdin (root only)

Help options:
  -?, --help              Show this help message
  --usage                 Display brief usage message
[root@localhost baixiaoyeer]# userdel --help
Usage: userdel [options] LOGIN

Options:
  -f, --force                   force removal of files,
                                even if not owned by user
  -h, --help                    display this help message and exit
  -r, --remove                  remove home directory and mail spool
  -Z, --selinux-user            remove SELinux user from SELinux user mapping

用户及用户组管理操作_第6张图片
图片.png

身份切换

su 一般是普通用户提升为root用户来使用,操作很简单,但需要知道root密码。

[root@localhost ~]# su --help
Usage: su [OPTION]... [-] [USER [ARG]...]
Change the effective user id and group id to that of USER.

  -, -l, --login               make the shell a login shell, 
                               clears all envvars except for TERM,
                               initializes HOME, SHELL, USER, LOGNAME and PATH
  -c, --command=COMMAND        pass a single COMMAND to the shell with -c
  --session-command=COMMAND    pass a single COMMAND to the shell with -c
                               and do not create a new session
  -f, --fast                   pass -f to the shell (for csh or tcsh)
  -m, --preserve-environment   do not reset HOME, SHELL, USER, LOGNAME
                               environment variables
  -p                           same as -m
  -s, --shell=SHELL            run SHELL if /etc/shells allows it
      --help     display this help and exit
      --version  output version information and exit

A mere - implies -l.   If USER not given, assume root.

Report su bugs to [email protected]
GNU coreutils home page: 
General help using GNU software: 
For complete documentation, run: info coreutils 'su invocation'

用户及用户组管理操作_第7张图片
图片.png

用户状态

w 查看当前用户数量

[root@localhost ~]# w
 02:08:11 up  7:50,  3 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
baixiaoy tty1     :0               Mon02   24:01m  3.03s  0.21s pam: gdm-password
baixiaoy pts/0    :0.0             Mon02   23:59m  0.00s  0.00s /bin/bash
baixiaoy pts/1    192.168.3.242    Mon02    0.00s  0.21s  0.21s sshd: baixiaoyeer [priv]
用户及用户组管理操作_第8张图片
图片.png

lastlog 查看存在账户最近登录时间

[root@localhost ~]# lastlog
Username         Port     From             Latest
root             pts/2    192.168.3.170    Wed May 16 11:04:34 -0700 2018
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
halt                                       **Never logged in**
mail                                       **Never logged in**
uucp                                       **Never logged in**
operator                                   **Never logged in**
games                                      **Never logged in**
gopher                                     **Never logged in**
ftp                                        **Never logged in**
nobody                                     **Never logged in**
dbus                                       **Never logged in**
usbmuxd                                    **Never logged in**
vcsa                                       **Never logged in**
rtkit                                      **Never logged in**
avahi-autoipd                              **Never logged in**
abrt                                       **Never logged in**
haldaemon                                  **Never logged in**
gdm                                        **Never logged in**
ntp                                        **Never logged in**
apache                                     **Never logged in**
saslauth                                   **Never logged in**
postfix                                    **Never logged in**
pulse                                      **Never logged in**
sshd                                       **Never logged in**
tcpdump                                    **Never logged in**
baixiaoyeer      pts/1    192.168.3.242    Mon May 21 02:09:26 -0700 2018

用户及用户组管理操作_第9张图片
图片.png

你可能感兴趣的:(用户及用户组管理操作)