User Management
User Account
/etc/passwd
Linux uses the /etc/passwd
file to store user account information.
Because many service processes need to read user account information, you can see that the file’s permissions are all readable.
View the account information of a user.
KEY | VALUE |
---|---|
Username | kuga |
User Password | x |
User ID | 1000 |
User Group ID | 1000 |
Remark Field | ,,, |
Directory Location | /home/kuga |
Default Shell | /bin/bash |
The system will reserve a certain range of UID, and the new user ID added to Ubuntu starts from 1000. The following command will sort by the third field UID in reverse order, then output the first 10 lines, and only display 136 fields (username, UID, directory location).
/etc/shadow
For historical reasons, the early user passwords were stored in /etc/passwd
, so the file name is passwd.
Later, because passwords are easy to crack, the current passwords have been moved to the new file /etc/shadow
.
This file is only readable by root and shadow group.
You can roughly look at the contents of this file.
These fields are generally related to password management (such as how many days must be changed), which is not expanded here.
Useradd
HOME Directory
By default, the user directory is not created.
Use the -m
parameter to create the user directory.
Use the -M
parameter to not create the user directory.
Default Configuration
Use the -D option to view the default configuration used when adding a user.
- GROUP: User default group ID.
- HOME: User directory location.
- INACTIVE: Number of days to disable the account after the password expires.
- EXPIRE: Account expiration date.
- SHELL: Default login Shell used.
- SKEL: Skeletal, the contents of this directory will be copied to the user’s home directory.
- CREATE_MAIL_SPOOL: Whether to create a mail storage file.
/etc/default/useradd
The default configuration file for the useradd
command.
If you change the SHELL to /bin/bash
, then useradd -D
will be automatically updated.
/etc/login.defs
The core configuration file for user account and login management.
Functions include: password policy, UID/GID range, HOME directory management, user and group management, login settings, etc.
Settings in the file will affect the behavior of commands such as useradd
, usermod
, passwd
, etc., it is recommended to back up before making changes.
Take a look at the USERGROUPS_ENAB
parameter separately.
If the value of USERGROUPS_ENAB
is yes:
userdel
: When deleting a user, it will also delete the empty user group.useradd
: When creating a user, it will also create a group with the same name as the user.
This is why the default parameter GROUP=100
was not used when creating a user.
Modify Conf By Cmd
Modify the default login Shell.
Modify the default group ID.
Modify the default HOME directory.
After executing the command, you will find that the file permissions have changed from 644
to 600
.
The corrected permissions are as follows.
Look at the source code, the execution process in the set_defaults(void)
method is roughly as follows:
- Use the
mkstemp
function to create a temporary file A. - Process the
/etc/default/useradd
file and copy it to A. - Backup the original
useradd
file, rename it touseradd-
. - Overwrite the A file with the original
useradd
file. - The file created by the
mkstemp
function has permissions of0600
.
Check the useradd
and its backup useradd-
files.
If you use the command to modify the default login Shell.
Check the inode of the two files again.
It is not difficult to find that the inode of useradd-
is the same as the inode of useradd
before the modification.
The issue of permissions being modified is obviously unreasonable, the command should not modify the file permissions.
You can check this pull request on GitHub.
Usermod
Modify User Login Name
Add User to a Group
The -a
means to append to the group, not to replace the current group list.
Modify User Default Shell
usermod
does not check the legality of the Shell, you can use chsh
instead.
Modify User ID
Passwd
Modify Current User PWD
Without parameters, it is to change the password of the current user.
Modify User PWD
Login Management
Disable PWD Login
The following two methods are the same, and will not disable SSH public key authentication.
After execution, the password field in the /etc/shadow
file will be prefixed with !
.
Enable PWD Login
The following two methods are the same, and can be used together.
After execution, the password field in the /etc/shadow
file will delete the !
prefix.
Disable SSH Auth
Without a login Shell, naturally the password cannot be used for login.
Enable SSH Auth
Userdel
Delete User Only
This method only deletes the user and keeps the main directory.
With Home and Mail
Not only delete the user, but also delete the main directory and mail.
If a file or directory does not exist, a prompt will appear in the terminal.
Adduser Package
This package provides two useful commands, adduser
and deluser
, which are high-level encapsulated tools.