细说Linux的用户和组之管理命令详解

Linux系统以组Group方式管理用户

用户和组的配置和管理命令主要有：

用户管理

主要命令
useradd     新建用户
usermod     修改用户
userdel     删除用户
newusers    新建用户（批量）
passwd      修改用户密码
chsh        设置用户的shell
chage       设置用户密码有效期
newgrp      将用户添加至某个组
id          打印用户id和所属组id
who         打印当前登录用户
whoami      打印当前用户名称和id

 

命令详情如下（从命令手册截取）：

useradd

NAME 名称
       useradd - create a new user or update default new user information

SYNOPSIS 用法
       useradd [options] LOGIN
       useradd -D
       useradd -D [options]

DESCRIPTION 概述
       When invoked without the -D option, the useradd command creates a new
       user account using the values specified on the command line plus the
       default values from the system. Depending on command line options, the
       useradd command will update system files and may also create the new
       user′s home directory and copy initial files.

       By default, a group will also be created for the new user (see -g, -N,
       -U, and USERGROUPS_ENAB).

 

 

usermod

NAME
       usermod - modify a user account

SYNOPSIS
       usermod [options] LOGIN

DESCRIPTION
       The usermod command modifies the system account files to reflect the
       changes that are specified on the command line.

 

 

userdel

NAME
       userdel - delete a user account and related files

SYNOPSIS
       userdel [options] LOGIN

DESCRIPTION
       The userdel command modifies the system account files, deleting all entries
       that refer to the user name LOGIN. The named user must exist.       
      

newusers

NAME
       newusers - update and create new users in batch

SYNOPSIS
       newusers [options new_users]

DESCRIPTION
       The newusers command reads a file of user name and clear-text password pairs
       and uses this information to update a group of existing users or to create new
       users. Each line is in the same format as the standard password file (see
       passwd(5)) with the exceptions explained below:

       pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell

       pw_name
           This is the name of the user.

           It can be the name of a new user or the name of an existing user (or an
           user created before by newusers). In case of an existing user, the user′s
           information will be changed, otherwise a new user will be created.          
           
          
passwd
NAME
       passwd - update user’s authentication tokens

SYNOPSIS
       passwd  [-k]  [-l]  [-u  [-f]] [-d] [-n mindays] [-x maxdays] [-w warndays] [-i
       inactivedays] [-S] [--stdin] [username]

DESCRIPTION
       The passwd utility is used to update user’s authentication token(s).

       This task is achieved through calls to the Linux-PAM and Libuser  API.   Essen-
       tially, it initializes itself as a "passwd" service with Linux-PAM and utilizes
       configured password modules to authenticate and then update a user’s  password.
       
      
chsh

NAME
       chsh - change your login shell

SYNOPSIS
       chsh [-s shell] [-l] [-u] [-v] [username]

DESCRIPTION
       chsh is used to change your login shell.  If a shell is not given on the command line, chsh prompts for one.

   VALID SHELLS
       chsh will accept the full pathname of any executable file on the system.  However, it will issue a warning if the
       shell is not listed in the /etc/shells file.  On the other hand, it can also be configured such that it will only
       accept shells listed in this file, unless you are root.

 

chage
NAME
       chage - change user password expiry information

SYNOPSIS
       chage [options] [LOGIN]

DESCRIPTION
       The chage command changes the number of days between password changes
       and the date of the last password change. This information is used by
       the system to determine when a user must change his/her password.

 

 

newgrp

NAME
       newgrp - log in to a new group

SYNOPSIS
       newgrp [-] [group]

DESCRIPTION
       The newgrp command is used to change the current group ID during a
       login session. If the optional - flag is given, the user′s environment
       will be reinitialized as though the user had logged in, otherwise the
       current environment, including current working directory, remains
       unchanged.

       newgrp changes the current real group ID to the named group, or to the
       default group listed in /etc/passwd if no group name is given.  newgrp
       also tries to add the group to the user groupset. If not root, the user
       will be prompted for a password if she does not have a password (in
       /etc/shadow if this user has an entry in the shadowed password file, or
       in /etc/passwd otherwise) and the group does, or if the user is not
       listed as a member and the group has a password. The user will be
       denied access if the group password is empty and the user is not listed
       as a member.

       If there is an entry for this group in /etc/gshadow, then the list of
       members and the password of this group will be taken from this file,
       otherwise, the entry in /etc/group is considered.      

 

id

NAME
       id - print real and effective user and group IDs

SYNOPSIS
       id [OPTION]... [USERNAME]

DESCRIPTION
       Print  user  and  group  information for the specified USERNAME, or
       (when USERNAME omitted) for the current user.

       Without any OPTION, print some useful set  of  identified  information.

AUTHOR
       Written by Arnold Robbins and David MacKenzie.

 

 

who

NAME
       who - show who is logged on

SYNOPSIS
       who [OPTION]... [ FILE | ARG1 ARG2 ]

DESCRIPTION
       Print information about users who are currently logged in.

 

 

whoami

DESCRIPTION
       Print  the user name associated with the current effective user ID.
       Same as id -un.

 

群组管理

groupadd    新建组
groupmod    修改组
groupdel    删除组
groups      打印当前用户所属的组
gpasswd     设置组密码

 

groupadd
NAME
       groupadd - create a new group

SYNOPSIS
       groupadd [options] group

DESCRIPTION
       The groupadd command creates a new group account using the values
       specified on the command line plus the default values from the
       system. The new group will be entered into the system files as
       needed.

 

 

groupmod
NAME
       groupmod - modify a group definition on the system

SYNOPSIS
       groupmod [options] GROUP

DESCRIPTION
       The groupmod command modifies the definition of the specified GROUP
       by modifying the appropriate entry in the group database.

 

groupdel

NAME
       groupdel - delete a group

SYNOPSIS
       groupdel group

DESCRIPTION
       The groupdel command modifies the system account files, deleting
       all entries that refer to group. The named group must exist.

 

 

groups
NAME
       groups - print the groups a user is in

SYNOPSIS
       groups [OPTION]... [USERNAME]...

DESCRIPTION
       Print  group memberships for each USERNAME or, if no USERNAME is specified, for
       the current process (which may differ if the groups database has changed).

 

gpasswd
NAME
       gpasswd - administer /etc/group and /etc/gshadow

SYNOPSIS
       gpasswd [option] group

DESCRIPTION
       The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every
       group can have administrators, members and a password.

       System administrators can use the -A option to define group administrator(s)
       and the -M option to define members. They have all rights of group
       administrators and members.

       gpasswd called by a group administrator with a group name only prompts for the
       new password of the group.

       If a password is set the members can still use newgrp(1) without a password,
       and non-members must supply the password.

   Notes about group passwords
       Group passwords are an inherent security problem since more than one person is
       permitted to know the password. However, groups are a useful tool for
       permitting co-operation between different users.

 

相关命令

chmod    设置文件权限
chown    设置文件的owner
chgrp     设置文件的group owner
 

chmod

NAME
       chmod - change file mode bits

SYNOPSIS
       chmod [OPTION]... MODE[,MODE]... FILE...
       chmod [OPTION]... OCTAL-MODE FILE...
       chmod [OPTION]... --reference=RFILE FILE...

DESCRIPTION
       This  manual  page  documents the GNU version of chmod.  chmod changes the file
       mode bits of each given file according to mode, which can be either a  symbolic
       representation of changes to make, or an octal number representing the bit pat-
       tern for the new mode bits.

 

chown

NAME
       chown - change file owner and group

SYNOPSIS
       chown [OPTION]... [OWNER][:[GROUP]] FILE...
       chown [OPTION]... --reference=RFILE FILE...

DESCRIPTION
       This manual page documents the GNU version of chown.  chown changes the user and/or group ownership of each given
       file.  If only an owner (a user name or numeric user ID) is given, that user is made  the  owner  of  each  given
       file,  and  the  files’  group  is not changed.  If the owner is followed by a colon and a group name (or numeric
       group ID), with no spaces between them, the group ownership of the files is changed as well.  If a colon  but  no
       group  name follows the user name, that user is made the owner of the files and the group of the files is changed
       to that user’s login group.  If the colon and group are given, but the owner is omitted, only the  group  of  the
       files  is  changed; in this case, chown performs the same function as chgrp.  If only a colon is given, or if the
       entire operand is empty, neither the owner nor the group is changed.

 

chgrp

NAME
       chgrp - change group ownership

SYNOPSIS
       chgrp [OPTION]... GROUP FILE...
       chgrp [OPTION]... --reference=RFILE FILE...

DESCRIPTION
       Change  the group of each FILE to GROUP.  With --reference, change the group of
       each FILE to that of RFILE.

以上为用户和群组管理的常用命令，可以通过man命令查看这些命令的参数、用法和详细信息。