细说Linux的用户和组之管理命令详解
Linux系统以组Group方式管理用户
用户和组的配置和管理命令主要有:
用户管理
主要命令
useradd 新建用户
usermod 修改用户
userdel 删除用户
newusers 新建用户(批量)
passwd 修改用户密码
chsh 设置用户的shell
chage 设置用户密码有效期
newgrp 将用户添加至某个组
id 打印用户id和所属组id
who 打印当前登录用户
whoami 打印当前用户名称和id
命令详情如下(从命令手册截取):
useradd
NAME 名称
useradd - create a new user or update default new user information
SYNOPSIS 用法
useradd [options] LOGIN
useradd -D
useradd -D [options]
DESCRIPTION 概述
When invoked without the -D option, the useradd command creates a new
user account using the values specified on the command line plus the
default values from the system. Depending on command line options, the
useradd command will update system files and may also create the new
user′s home directory and copy initial files.
By default, a group will also be created for the new user (see -g, -N,
-U, and USERGROUPS_ENAB).
usermod
NAME
usermod - modify a user account
SYNOPSIS
usermod [options] LOGIN
DESCRIPTION
The usermod command modifies the system account files to reflect the
changes that are specified on the command line.
userdel
NAME
userdel - delete a user account and related files
SYNOPSIS
userdel [options] LOGIN
DESCRIPTION
The userdel command modifies the system account files, deleting all entries
that refer to the user name LOGIN. The named user must exist.
newusers
NAME
newusers - update and create new users in batch
SYNOPSIS
newusers [options new_users]
DESCRIPTION
The newusers command reads a file of user name and clear-text password pairs
and uses this information to update a group of existing users or to create new
users. Each line is in the same format as the standard password file (see
passwd(5)) with the exceptions explained below:
pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
pw_name
This is the name of the user.
It can be the name of a new user or the name of an existing user (or an
user created before by newusers). In case of an existing user, the user′s
information will be changed, otherwise a new user will be created.
passwd
NAME
passwd - update user’s authentication tokens
SYNOPSIS
passwd [-k] [-l] [-u [-f]] [-d] [-n mindays] [-x maxdays] [-w warndays] [-i
inactivedays] [-S] [--stdin] [username]
DESCRIPTION
The passwd utility is used to update user’s authentication token(s).
This task is achieved through calls to the Linux-PAM and Libuser API. Essen-
tially, it initializes itself as a "passwd" service with Linux-PAM and utilizes
configured password modules to authenticate and then update a user’s password.
chsh
NAME
chsh - change your login shell
SYNOPSIS
chsh [-s shell] [-l] [-u] [-v] [username]
DESCRIPTION
chsh is used to change your login shell. If a shell is not given on the command line, chsh prompts for one.
VALID SHELLS
chsh will accept the full pathname of any executable file on the system. However, it will issue a warning if the
shell is not listed in the /etc/shells file. On the other hand, it can also be configured such that it will only
accept shells listed in this file, unless you are root.
chage
NAME
chage - change user password expiry information
SYNOPSIS
chage [options] [LOGIN]
DESCRIPTION
The chage command changes the number of days between password changes
and the date of the last password change. This information is used by
the system to determine when a user must change his/her password.
newgrp
NAME
newgrp - log in to a new group
SYNOPSIS
newgrp [-] [group]
DESCRIPTION
The newgrp command is used to change the current group ID during a
login session. If the optional - flag is given, the user′s environment
will be reinitialized as though the user had logged in, otherwise the
current environment, including current working directory, remains
unchanged.
newgrp changes the current real group ID to the named group, or to the
default group listed in /etc/passwd if no group name is given. newgrp
also tries to add the group to the user groupset. If not root, the user
will be prompted for a password if she does not have a password (in
/etc/shadow if this user has an entry in the shadowed password file, or
in /etc/passwd otherwise) and the group does, or if the user is not
listed as a member and the group has a password. The user will be
denied access if the group password is empty and the user is not listed
as a member.
If there is an entry for this group in /etc/gshadow, then the list of
members and the password of this group will be taken from this file,
otherwise, the entry in /etc/group is considered.
id
NAME
id - print real and effective user and group IDs
SYNOPSIS
id [OPTION]... [USERNAME]
DESCRIPTION
Print user and group information for the specified USERNAME, or
(when USERNAME omitted) for the current user.
Without any OPTION, print some useful set of identified information.
AUTHOR
Written by Arnold Robbins and David MacKenzie.
who
NAME
who - show who is logged on
SYNOPSIS
who [OPTION]... [ FILE | ARG1 ARG2 ]
DESCRIPTION
Print information about users who are currently logged in.
whoami
DESCRIPTION
Print the user name associated with the current effective user ID.
Same as id -un.
群组管理
groupadd 新建组
groupmod 修改组
groupdel 删除组
groups 打印当前用户所属的组
gpasswd 设置组密码
groupadd
NAME
groupadd - create a new group
SYNOPSIS
groupadd [options] group
DESCRIPTION
The groupadd command creates a new group account using the values
specified on the command line plus the default values from the
system. The new group will be entered into the system files as
needed.
groupmod
NAME
groupmod - modify a group definition on the system
SYNOPSIS
groupmod [options] GROUP
DESCRIPTION
The groupmod command modifies the definition of the specified GROUP
by modifying the appropriate entry in the group database.
groupdel
NAME
groupdel - delete a group
SYNOPSIS
groupdel group
DESCRIPTION
The groupdel command modifies the system account files, deleting
all entries that refer to group. The named group must exist.
groups
NAME
groups - print the groups a user is in
SYNOPSIS
groups [OPTION]... [USERNAME]...
DESCRIPTION
Print group memberships for each USERNAME or, if no USERNAME is specified, for
the current process (which may differ if the groups database has changed).
gpasswd
NAME
gpasswd - administer /etc/group and /etc/gshadow
SYNOPSIS
gpasswd [option] group
DESCRIPTION
The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every
group can have administrators, members and a password.
System administrators can use the -A option to define group administrator(s)
and the -M option to define members. They have all rights of group
administrators and members.
gpasswd called by a group administrator with a group name only prompts for the
new password of the group.
If a password is set the members can still use newgrp(1) without a password,
and non-members must supply the password.
Notes about group passwords
Group passwords are an inherent security problem since more than one person is
permitted to know the password. However, groups are a useful tool for
permitting co-operation between different users.
相关命令
chmod 设置文件权限
chown 设置文件的owner
chgrp 设置文件的group owner
chmod
NAME
chmod - change file mode bits
SYNOPSIS
chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...
DESCRIPTION
This manual page documents the GNU version of chmod. chmod changes the file
mode bits of each given file according to mode, which can be either a symbolic
representation of changes to make, or an octal number representing the bit pat-
tern for the new mode bits.
chown
NAME
chown - change file owner and group
SYNOPSIS
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown [OPTION]... --reference=RFILE FILE...
DESCRIPTION
This manual page documents the GNU version of chown. chown changes the user and/or group ownership of each given
file. If only an owner (a user name or numeric user ID) is given, that user is made the owner of each given
file, and the files’ group is not changed. If the owner is followed by a colon and a group name (or numeric
group ID), with no spaces between them, the group ownership of the files is changed as well. If a colon but no
group name follows the user name, that user is made the owner of the files and the group of the files is changed
to that user’s login group. If the colon and group are given, but the owner is omitted, only the group of the
files is changed; in this case, chown performs the same function as chgrp. If only a colon is given, or if the
entire operand is empty, neither the owner nor the group is changed.
chgrp
NAME
chgrp - change group ownership
SYNOPSIS
chgrp [OPTION]... GROUP FILE...
chgrp [OPTION]... --reference=RFILE FILE...
DESCRIPTION
Change the group of each FILE to GROUP. With --reference, change the group of
each FILE to that of RFILE.
以上为用户和群组管理的常用命令,可以通过man命令查看这些命令的参数、用法和详细信息。