In the previous chapter, we learned about the contents and functions of each configuration file of Linux users, and manually adding a user by manually modifying the user configuration file. However, in the actual work process, we do not add users by manually modifying the configuration, but manage users through various commands of user management.
1、 Add user command:
In Linux system, you can use
useraddCommand to create a new user. The basic format of this command is as follows:
Useradd [options] username – D view default parameters
Common options of this command and their meanings are as follows:
u: uid, the uid of the specified user. In the previous chapter, we learned that the uid range of ordinary users is 500-60000
d: Host Directory
cIn user’s description, corresponding to:
/etc/passwdIn part 5 of the document, enter user instructions that are easy to understand
g: group name, specifying the group to which the user belongs
G: group name, specifying the additional group to which the user belongs
sManually specify the login shell of the user. We learned in the previous chapter that the default is:
e: Specifies the expiration date of the user. The format is “yyyy-mm-dd”
For example, now you want to create a user that belongs to
rootGroup, and then add a user description to this user:
$ useradd -g root -c "this is my test user" testuser
After executing this command, we created a system called
testuserOur users, let’s have a look
/etc/passwdFile, you will find that there is already a newly added user information in it:
If you want to log in with this user, we can set a secret for this user:
$ passwd testuser
Generally, we can create new users without manually specifying any parameter content, because using the default value of Linux can meet our requirements.
useraddThere are two default value files that the command refers to when adding users. They are
/etc/login.defs。 We have already introduced these two documents in the previous chapter. Here we will only briefly review them
$ useradd -D
GR0UP=100: this option is used to establish the default group of users, that is, when adding each user, the initial group of users is the user group with GID of 100. However, this is not the case with CentOS. When adding a user, a group with the same user name will be automatically established as the initial group of this user. In other words, this option will not take effect. There are two default user groups in Linux: one is the private user group mechanism. The system will create a user group with the same user name as the user’s initial group; The other is the public user group mechanism. The system uses the user group with GID of 100 as the initial group of all new users. At present, we use the private user group mechanism.
HOME=/home: refers to the default location of the user host directory, just created
testuserThe user’s home directory is
INACTIVE=-1: whether the account has expired, that is, the seventh field of the / etc / shadow file. The default value here is – 1 and never expires.
EXPIRE=: indicates the password expiration time, that is, the eighth field of the / etc / shadow file. The default value is blank, which means that all new users have no expiration time and are permanently valid.
SHELL=/bin/bash: indicates that the default shell for all newly created users is / bin / bash
SKEL=/etc/skel: after creating a new user, the user’s home directory is not an empty directory, but has. Bash_ Profile,. Bashrc and other files are automatically copied from the / etc / Skel directory.
CREATE_MAIL_SPOOL=yes: refers to creating a mailbox for a new user. The default is create. In other words, for all new users, the system will create a new mailbox in the / var / spool / mail / directory, which is the same as the user name. Testuser’s mailbox is located in / var / spool / mail / testuser.
So we can understand
useraddThe internal system process of creating user by command should be as follows:
1. The system first reads / etc / login.defaults and / etc / default / useradd, and adds users according to the rules defined in these two configuration files, that is, adds user data to / etc / passwd, / etc / group, / etc / shadow and / etc / gshadow files
2. Then, the system will automatically create a host directory in the directory set by the / etc / default / useradd file, and finally copy all files in the / etc / Skel directory to this directory. At this point, a new user is created.
2、 Modify user password command:
In the above explanation of adding user commands, we have already used them
passwdCommand, let’s explain this command in detail.
The basic format of this command is as follows:
Passwd [options] username
Common options of this command and their meanings are as follows:
d: delete password information
wCorresponding to the number of days of warning before the password expires:
/etc/shadowThe 6th field in each line of the file
S: displays the password information, that is, the content of this user’s password in the / etc / shadow file, which is only available to root user
l: stop using the account, that is, invalidate the password, which is only available to the root user
u: Unlock user, same as above
lParameter, available only to root user
xSet the validity period of the user’s password
/etc/shadowThe fifth field of each line password in the file
nCorresponding to how long the user cannot change the password again after changing the password
/etc/shadowThe 4th field of each line password in the file
1. For example, set the newly added user
$ passwd testuser $new password: # enter the password, which will not be displayed in clear text $retype new password: # enter the password again $passwd: all authentication tokens updated successfully. # prompt password modification succeeded
2. Display the user’s password information:
$ passwd -S testuser#Note the parameters here
testuser PS 2020-06-17 0 99999 7 -1 (Password set, SHA512 crypt.) #User name: Password: setting time: password modification interval (0): password validity (99999): warning time (7): password does not expire (- 1)
The password modification interval, password validity, warning time and password grace time here actually come from the configuration file
/etc/shadowSettings for. The password encryption method shown here is
SHA512, from CentOS 6.3, the encryption method has been changed from
MD5Encryption update to
3. Lock user
$ passwd -l testuser
After locking the user, we check the user’s password information and find that the last prompt is
Password locked., it clearly shows that the password has been locked. How does the system lock users? Let’s check
/etc/shadowSee the file below:
$ grep "testuser" /etc/shadow
Let’s take a closer look and add a password in front of the password bit
!!Just invalidate the password.
4. Unlock user
Since users can be locked, users can also be unlocked:
$ passwd -u testuser
After executing the command to unlock the user, the user state returns to normal.
Today, I explained the two most basic commands of Linux user management, one is to add a user and the other is to modify a user password. The next chapter continues to explain other commands of Linux user management.