Unix 简明教程

Unix / Linux - User Administration

在本章中,我们将详细讨论 Unix 中的用户管理。

In this chapter, we will discuss in detail about user administration in Unix.

Unix 系统上有三种类型的帐户 -

There are three types of accounts on a Unix system −

Root account

这也是 superuser ,将拥有对系统的完整和不受限制的控制。超级用户可以在没有任何限制的情况下运行任何命令。此用户应被假定为系统管理员。

This is also called superuser and would have complete and unfettered control of the system. A superuser can run any commands without any restriction. This user should be assumed as a system administrator.

System accounts

系统帐户是为特定组件的运行而必需的,例如邮件帐户和 sshd 帐户。这些帐户通常在系统上需要一些特定功能,对它们的任何修改都可能对系统产生不利影响。

System accounts are those needed for the operation of system-specific components for example mail accounts and the sshd accounts. These accounts are usually needed for some specific function on your system, and any modifications to them could adversely affect the system.

User accounts

用户账户为用户及其用户组提供对系统的交互式访问权限。一般用户通常被分配到这些账户,并且通常对关键系统文件和目录的访问权限有限。

User accounts provide interactive access to the system for users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.

Unix 支持组账户的概念,其逻辑上分组了多个账户。每个账户都将成为另一个组账户的一部分。Unix 组在处理文件权限和进程管理中扮演着重要角色。

Unix supports a concept of Group Account which logically groups a number of accounts. Every account would be a part of another group account. A Unix group plays important role in handling file permissions and process management.

Managing Users and Groups

有四个主要的用户管理文件 −

There are four main user administration files −

  1. /etc/passwd − Keeps the user account and password information. This file holds the majority of information about accounts on the Unix system.

  2. /etc/shadow − Holds the encrypted password of the corresponding account. Not all the systems support this file.

  3. /etc/group − This file contains the group information for each account.

  4. /etc/gshadow − This file contains secure group account information.

使用 cat 命令检查以上所有文件。

Check all the above files using the cat command.

下表列出了大多数 Unix 系统上可用于创建和管理账户及组的命令 −

The following table lists out commands that are available on majority of Unix systems to create and manage accounts and groups −

Sr.No.

Command & Description

1

useradd Adds accounts to the system

2

usermod Modifies account attributes

3

userdel Deletes accounts from the system

4

groupadd Adds groups to the system

5

groupmod Modifies group attributes

6

groupdel Removes groups from the system

您可以使用 Manpage Help 查看此处提到的每个命令的完整语法。

You can use Manpage Help to check complete syntax for each command mentioned here.

Create a Group

我们现在了解如何创建组。为此,我们需要在创建任何账户之前创建组,否则,我们可以使用系统中的现有组。我们已将所有组列在 /etc/groups 文件中。

We will now understand how to create a group. For this, we need to create groups before creating any account otherwise, we can make use of the existing groups in our system. We have all the groups listed in /etc/groups file.

所有默认组都是特定于系统账户的组,不建议将其用于普通账户。因此,以下是如何创建新组账户的语法 −

All the default groups are system account specific groups and it is not recommended to use them for ordinary accounts. So, following is the syntax to create a new group account −

 groupadd [-g gid [-o]] [-r] [-f] groupname

下表列出了参数 −

The following table lists out the parameters −

Sr.No.

Option & Description

1

-g GID The numerical value of the group’s ID

2

-o This option permits to add group with non-unique GID

3

-r This flag instructs groupadd to add a system account

4

*-f * This option causes to just exit with success status, if the specified group already exists. With -g, if the specified GID already exists, other (unique) GID is chosen

5

groupname Actual group name to be created

如果您未指定任何参数,则系统会使用默认值。

If you do not specify any parameter, then the system makes use of the default values.

以下示例使用大多数管理员都极易接受的默认值创建了 developers 组。

Following example creates a developers group with default values, which is very much acceptable for most of the administrators.

$ groupadd developers

Modify a Group

要修改组,请使用 groupmod 语法 −

To modify a group, use the groupmod syntax −

$ groupmod -n new_modified_group_name old_group_name

要将 developers_2 组名更改为 developer,请键入 −

To change the developers_2 group name to developer, type −

$ groupmod -n developer developer_2

下面是将 financial GID 更改为 545 的方法 −

Here is how you will change the financial GID to 545 −

$ groupmod -g 545 developer

Delete a Group

我们现在将了解如何删除组。要删除现有组,您只需要 groupdel commandgroup name 。要删除 financial 组,命令为 −

We will now understand how to delete a group. To delete an existing group, all you need is the groupdel command and the group name. To delete the financial group, the command is −

$ groupdel developer

这仅删除组,而不删除与此组关联的文件。文件仍可由其所有者访问。

This removes only the group, not the files associated with that group. The files are still accessible by their owners.

Create an Account

让我们看看如何在 Unix 系统上创建新帐户。以下是创建用户帐户的语法 −

Let us see how to create a new account on your Unix system. Following is the syntax to create a user’s account −

useradd -d homedir -g groupname -m -s shell -u userid accountname

下表列出了参数 −

The following table lists out the parameters −

Sr.No.

Option & Description

1

-d homedir Specifies home directory for the account

2

-g groupname Specifies a group account for this account

3

-m Creates the home directory if it doesn’t exist

4

-s shell Specifies the default shell for this account

5

-u userid You can specify a user id for this account

6

accountname Actual account name to be created

如果您未指定任何参数,则系统会使用默认值。 useradd 命令会修改 /etc/passwd/etc/shadow/etc/group 文件,并创建主目录。

If you do not specify any parameter, then the system makes use of the default values. The useradd command modifies the /etc/passwd, /etc/shadow, and /etc/group files and creates a home directory.

以下示例创建了一个名为 mcmohd 的帐户,将其主目录设置为 /home/mcmohd ,并将组设置为 developers 。此用户已将 Korn Shell 分配给它。

Following is the example that creates an account mcmohd, setting its home directory to /home/mcmohd and the group as developers. This user would have Korn Shell assigned to it.

$ useradd -d /home/mcmohd -g developers -s /bin/ksh mcmohd

在发出上述命令之前,请确保已使用 groupadd 命令创建了 developers 组。

Before issuing the above command, make sure you already have the developers group created using the groupadd command.

创建帐号后,你可以使用 passwd 命令设置其密码,如下所示:

Once an account is created you can set its password using the passwd command as follows −

$ passwd mcmohd20
Changing password for user mcmohd20.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

当你键入 passwd accountname 时,它会给你一个更改密码选项,前提是你是超级用户。否则,你只能使用同一命令更改你的密码,但不指定你的帐号名称。

When you type passwd accountname, it gives you an option to change the password, provided you are a superuser. Otherwise, you can change just your password using the same command but without specifying your account name.

Modify an Account

usermod 命令让你能够从命令行更改现有帐号。它使用与 useradd 命令相同的参数,加上 -l 参数,它允许你更改帐号名称。

The usermod command enables you to make changes to an existing account from the command line. It uses the same arguments as the useradd command, plus the -l argument, which allows you to change the account name.

例如,要把帐号名称 mcmohd 更改为 mcmohd20 ,并相应更改主目录,你需要发出以下命令:

For example, to change the account name mcmohd to mcmohd20 and to change home directory accordingly, you will need to issue the following command −

$ usermod -d /home/mcmohd20 -m -l mcmohd mcmohd20

Delete an Account

userdel 命令可以用来删除现有用户。如果不谨慎使用,这是一个非常危险的命令。

The userdel command can be used to delete an existing user. This is a very dangerous command if not used with caution.

命令 .r 只有一个可用的参数或选项,用于移除此帐号的主目录和邮件文件。

There is only one argument or option available for the command .r, for removing the account’s home directory and mail file.

例如,要删除帐号 mcmohd20,请发出以下命令:

For example, to remove account mcmohd20, issue the following command −

$ userdel -r mcmohd20

如果你想保留主目录以备将来用,请省略 -r 选项。你可以在以后的需要时删除主目录。

If you want to keep the home directory for backup purposes, omit the -r option. You can remove the home directory as needed at a later time.