[root@rancher-9 data]# usergroup boy
[root@rancher-9 data]# usergroup: command not found
[root@rancher-9 data]# groupadd boy
[root@rancher-9 data]# cat /etc/group
组名:组密码:组Id:用户列表
[root@rancher-9 data]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
chrony:x:996:
cgred:x:995:
docker:x:994:
mysql:x:27:
jenkins:x:993:
test_001:x:1000:test_00102,test_00103
test_02:x:1001:
test_003:x:1002:
test_004:x:1003:
boy:x:1004:
test_00102:x:1005:
test_00103:x:1006:
[root@rancher-9 data]#
group 命令格式
The options which apply to the groupadd command are:
-f, --force
This option causes the command to simply exit with success status if the specified group already exists. When used with -g, and the specified GID already exists, another (unique)
GID is chosen (i.e. -g is turned off).
-g, --gid GID
The numerical value of the group's ID. This value must be unique, unless the -o option is used. The value must be non-negative. The default is to use the smallest ID value greater
than or equal to GID_MIN and greater than every other group.
See also the -r option and the GID_MAX description.
-h, --help
Display help message and exit.
-K, --key KEY=VALUE
Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple -K options can be specified.
Example: -K GID_MIN=100 -K GID_MAX=499
Note: -K GID_MIN=10,GID_MAX=499 doesn't work yet.
-o, --non-unique
This option permits to add a group with a non-unique GID.
一个用户可以属于多个组,创建每一个用户的时候,都会为该用户创建属于自己的组,也可以指定该用户同时属于多个其他的组
创建用户时把用户添加到其他的用户组,用户组必须先存在才行
[root@rancher-9 data]# useradd -g group_1,group_2,gourp_n test_user_001
useradd: group 'group_1,group_2,gourp_n' does not exist
##先创建3个用户组
[root@rancher-9 data]# groupadd group_1
[root@rancher-9 data]# groupadd group_2
[root@rancher-9 data]# groupadd group_n
##添加用户的时候顺带把用户添加到其他的用户组里面
[root@rancher-9 data]# useradd -G group_1,group_2,group_n test_user_001
##查看用户组文件---》里面可以看到一个用户组有多少用户加入进来了
[root@rancher-9 data]# cat /etc/group
test_001:x:1000:test_00102,test_00103
test_02:x:1001:
test_003:x:1002:
test_004:x:1003:
boy:x:1004:
test_00102:x:1005:
test_00103:x:1006:
group_1:x:1007:test_user_001
group_2:x:1008:test_user_001
group_n:x:1009:test_user_001
test_user_001:x:1010:
[root@rancher-9 data]#
##查看用户的用户组
[root@rancher-9 data]# id test_user_001
uid=1006(test_user_001) gid=1010(test_user_001) groups=1010(test_user_001),1007(group_1),1008(group_2),1009(group_n)
给用户组创建密码
gpasswd 命令解释
NAME
gpasswd - administer /etc/group and /etc/gshadow
SYNOPSIS
gpasswd [option] group
DESCRIPTION
The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.
System administrators can use the -A option to define group administrator(s) and the -M option to define members. They have all rights of group administrators and members.
gpasswd called by a group administrator with a group name only prompts for the new password of the group.
If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password.
Notes about group passwords
Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.
OPTIONS
Except for the -A and -M options, the options cannot be combined.
The options which apply to the gpasswd command are:
-a, --add user
Add the user to the named group.
-d, --delete user
Remove the user from the named group.
-h, --help
Display help message and exit.
-Q, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-r, --remove-password
Remove the password from the named group. The group password will be empty. Only group members will be allowed to use newgrp to join the named group.
-R, --restrict
Restrict the access to the named group. The group password is set to "!". Only group members with a password will be allowed to use newgrp to join the named group.
-A, --administrators user,...
Set the list of administrative users.
-M, --members user,...
Set the list of group members.
CAVEATS
This tool only operates on the /etc/groupand /etc/gshadow files. Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server
往一个已经存在的组里面增加用户(一次只能添加一个)
[root@rancher-5 etc]# gpasswd -a test_user_8 group_1
Adding user test_user_8 to group group_1
在/etc/group里group_1可以看到已经添加进去的用户
[root@rancher-5 etc]# cat /etc/group
other group details ......
group_1:x:1001:test_user_5,test_user_6,test_user_7,test_user_8
把用户组里某个用户移除
[root@rancher-5 etc]# gpasswd -d test_user_8 group_1
Removing user test_user_8 from group group_1