Linux用户管理以读、写、执行动作为权限,以用户组为单位,限制用户行为。对于文件的的操作,可以限制读、写、执行中的哪一种,也可以限制文件所有者、组用户、组外用户相应的权限。
所以,要建立用户,最好先确定其所在的组。
一、用户组操作
1. 创建用户组——groupadd
-
#新增deploy组 groupadd deploy
2. 修改用户组——groupmod
#将用户组deploy更名为deploy1 groupmod -n deploy1 deploy
注意是将已存在的deploy组更名为deploy1
3. 删除用户组——groupdel
-
#删除用户组deploy1 groupdel deploy1
4. 查看用户组——groups /etc/group
groups只能查看当前用户所在的组,以下是root用户所在的组。
引用
# groups root bin daemon sys adm disk wheel
要看所有用户组信息,直接查看/etc/group:
引用
# cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm
二、用户操作
1. 创建用户——useradd
引用
# useradd
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR base directory for the new user account
home directory
-c, --comment COMMENT set the GECOS field for the new user account
-d, --home-dir HOME_DIR home directory for the new user account
-D, --defaults print or save modified default useradd
configuration
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP for the new user account
-G, --groups GROUPS list of supplementary groups for the new
user account
-h, --help display this help message and exit
-k, --skel SKEL_DIR specify an alternative skel directory
-K, --key KEY=VALUE overrides /etc/login.defs defaults
-m, --create-home create home directory for the new user
account
-l, do not add user to lastlog database file
-M, do not create user‘s home directory(overrides /etc/login.defs)
-r, create system account
-o, --non-unique allow create user with duplicate
(non-unique) UID
-p, --password PASSWORD use encrypted password for the new user
account
-s, --shell SHELL the login shell for the new user account
-u, --uid UID force use the UID for the new user account
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
新建用户deploy,位于deploy组,用于部署工作:
-
#-g 组 用户 useradd -g deploy deploy
新建用户nginx,位于www组,且不可登录,用于启动nginx:
-
useradd -s /sbin/nologin -g www nginx
为用户deploy设置密码:
引用
# passwd deploy Changing password for user deploy. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
新建用户test,位于www组,并为其设置密码为1234567890:
-
useradd -g www -p 1234567890 test
2. 修改用户——usermod gpasswd
引用
# usermod
Usage: usermod [options] LOGIN
Options:
-a, --append append the user to the supplemental GROUPS
(use only with -G)
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the new
location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-Z, --selinux-user new selinux user mapping for the user account
将用户test登录目录设为/home/test,并将其添加到www组:
-
usermod -d /home/test -G www test
将用户test追加到deploy组:
-
usermod -a -G deploy test
注意:如果没有-a,将直接变更用户所在组,即将用户从原所在组中移除!
这时候用gpasswd就比较安全一些!
-
gpasswd -a test deploy
将用户test从www组中移除:
-
gpasswd -d test www
3. 删除用户——userdel
删除用户test,并移除其登录目录:
userdel -r test
时间: 2024-12-22 03:58:55