用户和组管理的相关命令:
useradd、usermod、passwd、userdel
groupadd、groupmod、gpasswd、groupdel
chage,chsh, chfn
id,w, who, whoami
su
useradd:创建用户
-r: 创建系统用户
-uUID: 指定UID;
-gGID: 指定用户所属基本组,此组必须事先存在
-c‘COMMENT‘:
-d/PATH/TO/SOMEWHERE:指定用户的主目录路径;此位置不能事先存在,否则,其用户相关配置文件将被复制;/etc/skel
-sSHELL:设定用户的默认shell;
cat/etc/shells
-GGID,...:指定所属的附加组;
-M:不给用户创建家目录;
练习:创建用户Oracle,所属附加组database和sql,ID号为3000, 家目录为/home/database;
[[email protected] ~]# groupadd database --首先创建两个附加的组 [[email protected] ~]# groupadd sql [[email protected] ~]# useradd -G database,sql-u 3000 -d /home/database Oracle [[email protected] ~]# tail /etc/group 查看创建的用户 fuse:x:494: sshd:x:74: stapusr:x:156: stapsys:x:157: stapdev:x:158: tcpdump:x:72: slocate:x:21: database:x:500:Oracle sql:x:501:Oracle Oracle:x:3000: [[email protected] ~]# tail -1 /etc/group Oracle:x:3000: [[email protected] ~]# tail -1 /etc/passwd Oracle:x:3000:3000::/home/database:/bin/bash [[email protected] ~]#
groupadd:创建组
groupadd[OPTIONS] GROUPNAME
-gGID: 指明组ID;
-r: 创建系统组;
[[email protected] ~]# groupadd database --创建两个附加的组 [[email protected] ~]# groupadd sql [[email protected] ~]# tail -3 /etc/group database:x:500:Oracle sql:x:501:Oracle Oracle:x:3000:
su:switch user, 切换用户或以其它用户的身份执行命令;
切换方式:
suUSERNAME: 非完全切换;非登录式切换
su- USERNAME或su -l USERNAME: 完全切换;登录式切换
仅以指定用户的身份执行指定的命令:
su- USERNAME -c ‘COMMAND‘
非完全切换;非登录式切换:
[[email protected] ~]# su Oracle [[email protected] root]$ id uid=3000(Oracle) gid=3000(Oracle)groups=3000(Oracle),500(database),501(sql) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [[email protected] root]$ pwd /root [[email protected] root]$ exit
完全切换;登录式切换
[[email protected] ~]# su - Oracle [[email protected] ~]$ id uid=3000(Oracle) gid=3000(Oracle)groups=3000(Oracle),500(database),501(sql) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [[email protected] ~]$ pwd /home/database [[email protected] ~]$
usermod:用户属性修改
usermod[OPTION]... LOGIN
-uUID
-gGID
-GGID[,GID,...]:修改用户所属的附加组;同时使用-a选项;
-sSHELL
-c‘COMMENT‘
-dHOME: 修改用户的家目录为新位置时,用户原来的文件是不会被移动至新家;-m选项可实现同时将其迁至新的家目录;
-lLOGIN:
-L:lock user
-U:unlock user
[[email protected] ~]# id Oracle uid=3000(Oracle) gid=3000(Oracle)groups=3000(Oracle),500(database),501(sql) [[email protected] ~]# usermod -u 3001 Oracle [[email protected] ~]# id Oracle uid=3001(Oracle) gid=3000(Oracle)groups=3000(Oracle),500(database),501(sql)
passwd:给用户添加密码
passwd[OPTION] [UserName]
-l:lock user
-u:unlock user
-nmindays: 最短使用期限;
-xmaxdays:默认为99999天;
-wwarndays:
-iinactivedays:
--stdin:从标准输出接收用户密码;
[[email protected] ~]# passwd Oracle Changing password for user Oracle. New password: BAD PASSWORD: it is based on a dictionaryword BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updatedsuccessfully. [[email protected] ~]# [[email protected] ~]# echo ‘centos‘ | passwd--stdin Oracle Changing password for user Oracle. passwd: all authentication tokens updatedsuccessfully. [[email protected] ~]#
userdel:删除用户
userdel[-r] USERNAME
-r:删除用户的同时删除其家目录;
[[email protected] ~]# id Oracle uid=3000(Oracle) gid=3000(Oracle)groups=3000(Oracle),500(database),501(sql) [[email protected] ~]# userdel -r Oracle [[email protected] ~]# id Oracle id: Oracle: No such user
groupmod: 组属性修改
groupmod[OPTION] GROUPNAME
-nGROUP_NAME
-gGID
[[email protected] ~]# cat /etc/group | tail-n 2 database:x:500: sql:x:501: [[email protected] ~]# groupmod database -nssd --将database组名换成ssd [[email protected] ~]# cat /etc/group | tail-n 2 sql:x:501: ssd:x:500: [[email protected] ~]# groupmod -g 505 sql [[email protected] ~]# cat /etc/group | tail-n 2 --将sql的gid换成505 sql:x:505: ssd:x:500: [[email protected] ~]#
gpasswd:设定组密码
参数: -a:添加用户到组 -d:从组删除用户 -A:指定管理员 -M:指定组成员和-A的用途差不多 -r:删除密码 -R:限制用户登入组,只有组中的成员才可以用newgrp加入该组
[[email protected] ~]# gpasswd ssd
Changing the password for group ssd
New Password:
Re-enter new password:
[[email protected] ~]# cat /etc/gshadow | tail -n 2
sql:!::
ssd:$6$zE9XjK8uLG/aA$N9xUWJyWSsjPdzW0zyjV8RlafMuA1TXjfHCDMXq2hF37I6zrtHz64eh5YRy43sMjdwWY6G.wBnQMGZ9bgdiIq.::
[[email protected] ~]#
newgrp:切换基本组为指定的组
[[email protected] ~]# newgrp ssd
groupdel:删除组
[[email protected] ~]# cat /etc/group | tail -n 2
sql:x:505:
ssd:x:500:
[[email protected] ~]# groupdel ssd
[[email protected] ~]# cat /etc/group | tail -n 2
slocate:x:21:
sql:x:505:
[[email protected] ~]#
chage:修改用户账号及密码的属性
chage [OPTION]... LOGIN
参数意思: -m 密码可更改的最小天数。为零时代表任何时候都可以更改密码。 -M 密码保持有效的最大天数。 -W 用户密码到期前,提前收到警告信息的天数。 -E 帐号到期的日期。过了这天,此帐号将不可用。 -d 上一次更改的日期 -I 停滞时期。如果一个密码已过期这些天,那么此帐号将不可用。 -l 例出当前的设置。由非特权用户来确定他们的密码或帐号何时过期。
[[email protected] ~]# useradd oracle
[[email protected] ~]# cat /etc/passwd | tail-n 1
oracle:x:500:500::/home/oracle:/bin/bash
[[email protected] ~]# chage -l oracle
Last password change : Aug 27,2015
Password expires : never
Password inactive : never
Account expires :never
Minimum number of days between passwordchange : 0
Maximum number of days between passwordchange : 99999
Number of days of warning before passwordexpires : 7
[[email protected] ~]# chage -M 90 oracle
[[email protected] ~]# chage -d 0 -m 0 -M 90-W 15 oracle
[[email protected] ~]# chage -l oracle
Last password change : passwordmust be changed
Password expires : password must be changed
Password inactive :password must be changed
Account expires :never
Minimum number of days between passwordchange : 0
Maximum number of days between passwordchange : 90
Number of days of warning before passwordexpires : 15
[[email protected] ~]#