1、添加新用户
2、解析/etc/passwd文件
3、解析/etc/shadow文件
4、修改用户的账号
5、删除用户
6、用户的临时禁用
7、用户默认配置文件/etc/login.defs
8、使用newusers命令批量添加用户
解析/etc/passwd文件
文件中列出了所有用户的信息,每个用户占用一行,行中各字段含义如下。
如root:x:0:0:root:/root:/bin/bash
root是用户名
x是密码,由于现在的系统大多采用shadow技术,该字段通常只存放一个特殊的字符“x”,真正的密码已经转移到/etc/shadow文件中。
0是UID,用户标识号
0是GID,用户组标识号
root是个人信息描述
root是登录目录
/bin/bash是登录shell
[root@weekend110 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
saslauth:x:498:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
hadoop:x:500:500::/home/hadoop:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
[root@weekend110 ~]#
解析/etc/shadow文件
每行共有9个字段,各字段之间用“:”分隔。
以root:$6$CJ2JpEVwiFb/rXxm$g23LGxlgpVn3y21OcqGeiPzNSmWIIxZtBtnsnxAn660MUJkKb3Bph0AJG.8FTxVrj0rDirFDFdRT/QJEtivYs/:17000:0:99999:7:::
bin:*:15980:0:99999:7:::为列root是用户名
$6$CJ2JpEVwiFb/rXxm$g23LGxlgpVn3y21OcqGeiPzNSmWIIxZtBtnsnxAn660MUJkKb3Bph0AJG.8FTxVrj0rDirFDFdRT/QJEtivYs/是已加密的密码
17000是从1970年1月1日到上次修改密码的天数
0是至少在设定的天数内密码是不能修改的
99999是在设定的天数之后必须重新设置密码
7是在密码失效前,提前提醒用户密码即将失效的天数
:是设定密码过期之后,如果该账号仍没有被使用,则停用该账号的天数
:是设定账号失效的时间。
:是系统保留
[root@weekend110 ~]# cat /etc/shadow
root:$6$CJ2JpEVwiFb/rXxm$g23LGxlgpVn3y21OcqGeiPzNSmWIIxZtBtnsnxAn660MUJkKb3Bph0AJG.8FTxVrj0rDirFDFdRT/QJEtivYs/:17000:0:99999:7:::
bin:*:15980:0:99999:7:::
daemon:*:15980:0:99999:7:::
adm:*:15980:0:99999:7:::
lp:*:15980:0:99999:7:::
sync:*:15980:0:99999:7:::
shutdown:*:15980:0:99999:7:::
halt:*:15980:0:99999:7:::
mail:*:15980:0:99999:7:::
uucp:*:15980:0:99999:7:::
operator:*:15980:0:99999:7:::
games:*:15980:0:99999:7:::
gopher:*:15980:0:99999:7:::
ftp:*:15980:0:99999:7:::
nobody:*:15980:0:99999:7:::
dbus:!!:17000::::::
usbmuxd:!!:17000::::::
vcsa:!!:17000::::::
rpc:!!:17000:0:99999:7:::
rtkit:!!:17000::::::
avahi-autoipd:!!:17000::::::
abrt:!!:17000::::::
rpcuser:!!:17000::::::
nfsnobody:!!:17000::::::
haldaemon:!!:17000::::::
gdm:!!:17000::::::
ntp:!!:17000::::::
apache:!!:17000::::::
saslauth:!!:17000::::::
postfix:!!:17000::::::
pulse:!!:17000::::::
sshd:!!:17000::::::
tcpdump:!!:17000::::::
hadoop:$6$Cvq2IR2v$A46ZOXcaVxcxinqer6P3fmaNp0J3wfUTAiYxikugi6q5l8UI3uv9j5VS6EyS4w85Vsd9dIGVsXOog2nHbaPCV0:17000:0:99999:7:::
mysql:!!:17084::::::
[root@weekend110 ~]#
修改用户的账号
删除用户
这里,不多赘述。很简单
用户的临时禁用
如果不想删除用户,只是临时禁止该用户登录系统,则可以用户的临时禁用。通过对/etc/passwd或/etc/shadow文件的修改来实现。
例如,可以直接修改/etc/passwd文件中希望禁用的用户记录行,在该用户行的行首添加“#”
也可以直接修改/etc/shadow文件中的密码字段,在希望禁用的用户所对应的密码字段前添加“*”或“!”
如果想重新启动该账号,只需回复上面所做的操作,即可。
用户默认配置文件/etc/login.defs
[root@weekend110 ~]# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
## *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500
UID_MAX 60000#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512 [root@weekend110 ~]#
/etc/login.defs文件中存储的是用户的默认设置。
使用newusers命令批量添加用户
管理员有时需要一次性创建大量用户账号,例如,在新学期开学或成立新的部门时。如果仍采用useradd命令逐一创建,不仅浪费时间而且也很可能在录入期间产生错误。
通常在此情况下,可以利用脚本程序来完成批量用户的添加和修改。