300字范文 > 【ubuntu】linux新建用户并分组分配权限

【ubuntu】linux新建用户并分组分配权限

时间：2019-12-27 22:36:26

1. 涉及到的命令

adduser 用户名useradd 选项用户名usermod 选项用户名userdel 选项用户名passwd 选项用户名groupadd 选项用户组groupmod 选项用户组groupdel 选项用户组

2.用户账号管理

2.1 新建用户账号

注意新建用户最好用adduser，使用useradd,普通用户不会自动创建home目录，用户首次登录时，虽然能登录，但是还会报错：

Could not chdir to home directory /home/xxx: No such file or directory

/usr/bin/xauth: error in locking authority file /home/xxx/.Xauthority

而且很多命令不能用，如ll

推荐操作总结

addgroup groupname1 #作为主组addgroup groupname2 #作为从组adduser username #默认操作，主组是username，shell是/bin/bashusermod -s /bin/bash -g groupname1 -G groupname2 username

2.1.1 adduser

adduser help文档

adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID][--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID][--disabled-password] [--disabled-login] [--add_extra_groups][--encrypt-home] USERAdd a normal useradduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID][--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password][--disabled-login] [--add_extra_groups] USERAdd a system useradduser --group [--gid ID] GROUPaddgroup [--gid ID] GROUPAdd a user groupaddgroup --system [--gid ID] GROUPAdd a system groupadduser USER GROUPAdd an existing user to an existing groupgeneral options:--quiet | -qdon't give process information to stdout--force-badname allow usernames which do not match theNAME_REGEX[_SYSTEM] configuration variable--extrausersuses extra users as the database--help | -h usage message--version | -v version number and copyright--conf | -c FILE use FILE as configuration file

创建用户组

addgroup groupname或者adduser --group groupname

创建用户，

adduser username1

结果如下图，需要输入密码，并再次输入确认，之后的啥Full Name，Room Number啥的可以不填直接enter,enter就是默认值，最好输入y确认就好了

添加已存在用户到已存在组

注意：这里是groupname是username1的从组

adduser username1 groupname

2.1.2 useradd

useradd help文档

Usage: useradd [options] LOGINuseradd -Duseradd -D [options]Options:--badnamesdo not check for bad names-b, --base-dir BASE_DIR base directory for the home directory of thenew account--btrfs-subvolume-home use BTRFS subvolume for home directory-c, --comment COMMENT GECOS field of the new account-d, --home-dir HOME_DIR home directory of the new account-D, --defaultsprint or change default useradd configuration-e, --expiredate EXPIRE_DATE expiration date of the new account-f, --inactive INACTIVE password inactivity period of the new account-g, --gid GROUPname or ID of the primary group of the newaccount-G, --groups GROUPS list of supplementary groups of the newaccount-h, --helpdisplay this help message and exit-k, --skel SKEL_DIR use this alternative skeleton directory-K, --key KEY=VALUE override /etc/login.defs defaults-l, --no-log-init do not add the user to the lastlog andfaillog databases-m, --create-home create the user's home directory-M, --no-create-homedo not create the user's home directory-N, --no-user-group do not create a group with the same name asthe user-o, --non-unique allow to create users with duplicate(non-unique) UID-p, --password PASSWORD encrypted password of the new account-r, --system create a system account-R, --root CHROOT_DIR directory to chroot into-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files-s, --shell SHELL login shell of the new account-u, --uid UID user ID of the new account-U, --user-group create a group with the same name as the user-Z, --selinux-user SEUSERuse a specific SEUSER for the SELinux user mapping--extrausers Use the extra users database

最简单，按默认操作创建新用户

useradd username1

设置新用户home目录，默认目录就是/home/username

useradd -d /home/username1 username1

设置新用户登录的shell，shell意思是贝壳，就是说Linux系统内核的壳，用户默认的shell就是/bin/sh，bash是sh的增强版本，sh是bash的缩减版，具体区别参考：sh和bash

useradd -s /bin/bash username1

设置新用户分组，前提是username1之前没创建过。默认分组是用户名自身

useradd -g groupname1 -G groupname2,groupname3 username1

如果一个用户同时属于多个用户组，那么用户可以在用户组之间切换，以便具有其他用户组的权限。

用户可以在登录后，使用命令newgrp切换到其他用户组，这个命令的参数就是目的用户组。例如上面的用户的username1他的主组是groupname1,登录进去默认就是属于groupname1，如果想获得groupname2的权限就得手动切换

newgrp groupname2

2.2 查看用户、用户组信息

查看当前用户所属组，第一个是当前所在组，其他的是属于的可选的组

groups

查看所有的组

cat /etc/group

查看所有的用户

cat /username

2.3 修改用户账号

usermod help文档

Usage: usermod [options] LOGINOptions:-b, --badnamesallow bad names-c, --comment COMMENT new value of the GECOS field-d, --home HOME_DIR new home directory for the user account-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE-f, --inactive INACTIVE set password inactive after expirationto INACTIVE-g, --gid GROUPforce use GROUP as new primary group-G, --groups GROUPS new list of supplementary GROUPS-a, --append append the user to the supplemental GROUPSmentioned by the -G option without removingthe user from other groups-h, --helpdisplay this help message and exit-l, --login NEW_LOGIN new value of the login name-L, --locklock the user account-m, --move-homemove contents of the home directory to thenew location (use only with -d)-o, --non-unique allow using duplicate (non-unique) UID-p, --password PASSWORD use encrypted password for the new password-R, --root CHROOT_DIR directory to chroot into-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files-s, --shell SHELL new login shell for the user account-u, --uid UID new UID for the user account-U, --unlock unlock the user account-v, --add-subuids FIRST-LAST add range of subordinate uids-V, --del-subuids FIRST-LAST remove range of subordinate uids-w, --add-subgids FIRST-LAST add range of subordinate gids-W, --del-subgids FIRST-LAST remove range of subordinate gids-Z, --selinux-user SEUSERnew SELinux user mapping for the user account

修改用户分组，前提是用户username11已存在

usermod -g groupname1 -G groupname2,groupname3 username1

修改用户名字账号名字

usermod -l newusrname username1

修改用户home目录

usermod -d /newhomepath username1