Linux用户管理以读、写、执行动作为权限,以用户组为单位,限制用户行为。对于文件的的操作,可以限制读、写、执行中的哪一种,也可以限制文件所有者、组用户、组外用户相应的权限。
所以,要建立用户,最好先确定其所在的组。
一、用户组操作
1. 创建用户组——groupadd
-
#新增deploy组 groupadd deploy
2. 修改用户组——groupmod
#将用户组deploy更名为deploy1
groupmod -n deploy1 deploy
注意是将已存在的deploy组更名为deploy1
3. 删除用户组——groupdel
-
#删除用户组deploy1 groupdel deploy1
4. 查看用户组——groups /etc/group
groups只能查看当前用户所在的组,以下是root用户所在的组。
引用
# groups
root bin daemon sys adm disk wheel
要看所有用户组信息,直接查看/etc/group:
引用
# cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm
二、用户操作
1. 创建用户——useradd
引用
# useradd Usage: useradd [options] LOGIN Options: -b, --base-dir BASE_DIR base directory for the new user account home directory -c, --comment COMMENT set the GECOS field for the new user account -d, --home-dir HOME_DIR home directory for the new user account -D, --defaults print or save modified default useradd configuration -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP for the new user account -G, --groups GROUPS list of supplementary groups for the new user account -h, --help display this help message and exit -k, --skel SKEL_DIR specify an alternative skel directory -K, --key KEY=VALUE overrides /etc/login.defs defaults -m, --create-home create home directory for the new user account -l, do not add user to lastlog database file -M, do not create user's home directory(overrides /etc/login.defs) -r, create system account -o, --non-unique allow create user with duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new user account -s, --shell SHELL the login shell for the new user account -u, --uid UID force use the UID for the new user account -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
新建用户deploy,位于deploy组,用于部署工作:
-
#-g 组 用户 useradd -g deploy deploy
新建用户nginx,位于www组,且不可登录,用于启动nginx:
-
useradd -s /sbin/nologin -g www nginx
为用户deploy设置密码:
引用
# passwd deploy Changing password for user deploy. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
新建用户test,位于www组,并为其设置密码为1234567890:
-
useradd -g www -p 1234567890 test
2. 修改用户——usermod gpasswd
引用
# usermod Usage: usermod [options] LOGIN Options: -a, --append append the user to the supplemental GROUPS (use only with -G) -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -Z, --selinux-user new selinux user mapping for the user account
将用户test登录目录设为/home/test,并将其添加到www组:
-
usermod -d /home/test -G www test
将用户test追加到deploy组:
-
usermod -a -G deploy test
注意:如果没有-a,将直接变更用户所在组,即将用户从原所在组中移除!
这时候用gpasswd就比较安全一些!
-
gpasswd -a test deploy
将用户test从www组中移除:
-
gpasswd -d test www
3. 删除用户——userdel
删除用户test,并移除其登录目录:
userdel -r test