3-组账号管理
2016.6.7
组账号概述
- 组账号:
- 基本组(私有组)
- 附加组(公共组)
- GID:组标识号
组账号文件
- /etc/group:保存组账号基本信息
- /etc/gshadow:保存组账号的密码信息
实例——基本组:
[root@test1 home]# tail -2 /etc/passwd
jason:x:502:502::/home/jason:/bin/bash
test101:x:5200:5200::/home/test81:/bin/dash
添加组账号groupadd
- 格式
- groupadd [-g GID] 组账号名
- -g:指定这个组的ID号
[root@test1 home]# groupadd --help
Usage: groupadd [options] GROUP
Options:
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
(non-unique) GID
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
实例——添加组账号名为psychology,组ID为1001:
[root@test1 home]# groupadd -g 1001 psychology
[root@test1 home]#
[root@test1 home]# tail /etc/group
stapsys:x:157:
stapdev:x:158:
sshd:x:74:
tcpdump:x:72:
slocate:x:21:
test:x:500:
bourn:x:501:
jason:x:502:
test100:x:5200:
psychology:x:1001:
[root@test1 home]#
[root@test1 home]# tail /etc/gshadow
stapsys:!::
stapdev:!::
sshd:!::
tcpdump:!::
slocate:!::
test:!!::
bourn:!::
jason:!::
test100:!::
psychology:!::
[root@test1 home]#
添加、删除组成员gpasswd
- 用途:设置组账号密码(极少用)、添加/删除组成员
- 格式 :gpasswd [选项]... 组账号名
- -a:向组内添加一个用户
- -d:从组内删除一个用户成员
- -M:定义组成员列表,以逗号分隔
[root@test1 home]# gpasswd --help
gpasswd: unrecognized option '--help'
Usage: gpasswd [option] GROUP
Options:
-a, --add USER add USER to GROUP
-d, --delete USER remove USER from GROUP
-r, --remove-password remove the GROUP's password
-R, --restrict restrict access to GROUP to its members
-M, --members USER,... set the list of members of GROUP
-A, --administrators ADMIN,...
set the list of administrators for GROUP
Except for the -A and -M options, the options cannot be combined.
实例:
建立用户
[root@test1 jason]# cd /home
[root@test1 home]# ls
bourn jason teacher test test81
[root@test1 home]#
[root@test1 home]# useradd test1
Creating mailbox file: File exists
[root@test1 home]# useradd test2
[root@test1 home]# passwd test2
Changing password for user test2.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@test1 home]#
[root@test1 home]# useradd test3
[root@test1 home]# passwd test3
Changing password for user test3.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
给用户分组 [root@test1 home]# gpasswd -a test1 psychology Adding user test1 to group psychology [root@test1 home]# gpasswd -a test2 psychology Adding user test2 to group psychology [root@test1 home]# gpasswd -a test3 psychology Adding user test3 to group psychology [root@test1 home]# tail /etc/group tcpdump:x:72: slocate:x:21: test:x:500: bourn:x:501: jason:x:502: test100:x:5200: psychology:x:1001:test1,test2,test3 test1:x:5201: test2:x:5202: test3:x:5203:
从group中过滤出来psycho
```bash
[root@test1 home]# grep "psychology" /etc/group
psychology:x:1001:test1,test2,test3
实例——从用户组中删除某个具体的用户:
删除用户的命令
[root@test1 home]# gpasswd -d test1 psychology
Removing user test1 from group psychology
[root@test1 home]# gpasswd -d test2 psychology
Removing user test2 from group psychology
查看删除后的group的状态
[root@test1 home]# tail /etc/group
tcpdump:x:72:
slocate:x:21:
test:x:500:
bourn:x:501:
jason:x:502:
test100:x:5200:
psychology:x:1001:test3
test1:x:5201:
test2:x:5202:
test3:x:5203:
查看删除后passwd的状态
[root@test1 home]# tail /etc/passwd
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
test:x:500:500:test:/home/test:/bin/bash
bourn:x:501:501::/home/bourn:/bin/bash
jason:x:502:502::/home/jason:/bin/bash
test101:x:5200:5200::/home/test81:/bin/dash
test1:x:5201:5201::/home/test1:/bin/bash
test2:x:5202:5202::/home/test2:/bin/bash
test3:x:5203:5203::/home/test3:/bin/bash
[root@test1 home]# groupadd -g 1002 lumina
[root@test1 home]#
[root@test1 home]# gpasswd -a test2 lumina
Adding user test2 to group lumina
[root@test1 home]#
[root@test1 home]# tail -5 /etc/group
psychology:x:1001:test3,test1
test1:x:5201:
test2:x:5202:
test3:x:5203:
lumina:x:1002:test2
[root@test1 home]#
实例——批量增加(定义组成员,用逗号隔开)
[root@test1 home]# gpasswd -M test1,test2 lumina
[root@test1 home]# tail -2 /etc/group
test3:x:5203:
lumina:x:1002:test1,test2
[root@test1 home]#
删除组账号groupdel
实例——删除组:
[root@test1 home]# groupdel lumina
[root@test1 home]# grep "lumina" /etc/group
[root@test1 home]# tail /etc/passwd
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
test:x:500:500:test:/home/test:/bin/bash
bourn:x:501:501::/home/bourn:/bin/bash
jason:x:502:502::/home/jason:/bin/bash
test101:x:5200:5200::/home/test81:/bin/dash
test1:x:5201:5201::/home/test1:/bin/bash
test2:x:5202:5202::/home/test2:/bin/bash
test3:x:5203:5203::/home/test3:/bin/bash
[root@test1 home]#
添加用户账号时指定组
useradd命令
- -g:指定用户的基本组名(或GID号)
- -G:指定用户的附加组名(或GID号)
示例:
* 指定mike的基本组为mike,并加入到ftpuser组
* 指定主目录为/ftphome/mike
* 不允许mike通过本地登录服务器
[root@test1 home]# useradd --help
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
[root@test1 home]#
示例:
[root@test1 home]# groupadd mike
[root@test1 home]# groupadd ftpuser
[root@test1 home]# mkdir -p /ftphome/mike
[root@test1 home]# useradd mike
[root@test1 home]# useradd -d /ftphome/mike -g mike -G ftpuser -s /sbin/nologin mike
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@test1 home]# tail -1 /etc/passwd
mike:x:5204:5204::/ftphome/mike:/sbin/nologin
ftphome是需要在建立用户之前建立好,而mike文件夹(即家目录)则在添加用户的同时指定就可以。
[root@test1 home]# useradd -d /ftphome/a -g mike -G ftpuser -s /sbin/nologin mike
useradd: user 'mike' already exists
[root@test1 home]# useradd -d /ftphome/a -g mike -G ftpuser -s /sbin/nologin a
修改用户账号的属性usermod
格式:
- usermode [选项]... 用户名
- -g:修改用户基本的组名(或GID号)
- -G:修改用户的附加组名(或GID号)
[root@test1 home]# usermod --help
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-Z, --selinux-user new SELinux user mapping for the user account
supplementary
adj. 补足的, 追加的, 补充的
supplementary group:附加组
实例:
查看改变gid之前a的gid:
[root@test1 home]# tail /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
test:x:500:500:test:/home/test:/bin/bash
bourn:x:501:501::/home/bourn:/bin/bash
jason:x:502:502::/home/jason:/bin/bash
test101:x:5200:5200::/home/test81:/bin/dash
test1:x:5201:5201::/home/test1:/bin/bash
test2:x:5202:5202::/home/test2:/bin/bash
test3:x:5203:5203::/home/test3:/bin/bash
mike:x:5204:5204::/ftphome/mike:/sbin/nologin
a:x:5205:5204::/ftphome/a:/sbin/nologin
错误的操作
[root@test1 home]# usermode -g 503 a
bash: usermode: command not found
[root@test1 home]# usermod -g 503 a
usermod: group '503' does not exist
解释:
1. 第一个错误是命令拼写错误。
2. 第二个错误是没有503这个组
正确的操作 [root@test1 home]# usermod -g 502 a
查看a的gid的变化:
[root@test1 home]# tail /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
test:x:500:500:test:/home/test:/bin/bash
bourn:x:501:501::/home/bourn:/bin/bash
jason:x:502:502::/home/jason:/bin/bash
test101:x:5200:5200::/home/test81:/bin/dash
test1:x:5201:5201::/home/test1:/bin/bash
test2:x:5202:5202::/home/test2:/bin/bash
test3:x:5203:5203::/home/test3:/bin/bash
mike:x:5204:5204::/ftphome/mike:/sbin/nologin
a:x:5205:502::/ftphome/a:/sbin/nologin
[root@test1 home]# tail /etc/group
test:x:500:
bourn:x:501:
jason:x:502:
test100:x:5200:
psychology:x:1001:test3
test1:x:5201:
test2:x:5202:
test3:x:5203:
mike:x:5204:
ftpuser:x:5205:mike,a
通过id来查看a的id和group信息:
[root@test1 home]# id a
uid=5205(a) gid=502(jason) groups=502(jason),5205(ftpuser)
[root@test1 home]#
实例:
[root@test1 home]# usermod -G test3 a
[root@test1 home]#
[root@test1 home]# tail /etc/group
test:x:500:
bourn:x:501:
jason:x:502:
test100:x:5200:
psychology:x:1001:test3
test1:x:5201:
test2:x:5202:
test3:x:5203:a
mike:x:5204:
ftpuser:x:5205:mike