Linux user group相关操作

[root@rancher-9 data]# usergroup boy
[root@rancher-9 data]# usergroup: command not found
[root@rancher-9 data]# groupadd boy
[root@rancher-9 data]# cat /etc/group
组名:组密码：组Id：用户列表
[root@rancher-9 data]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
chrony:x:996:
cgred:x:995:
docker:x:994:
mysql:x:27:
jenkins:x:993:
test_001:x:1000:test_00102,test_00103
test_02:x:1001:
test_003:x:1002:
test_004:x:1003:
boy:x:1004:
test_00102:x:1005:
test_00103:x:1006:
[root@rancher-9 data]# 

 

group 命令格式

The options which apply to the groupadd command are:

       -f, --force
           This option causes the command to simply exit with success status if the specified group already exists. When used with -g, and the specified GID already exists, another (unique)
           GID is chosen (i.e.  -g is turned off).

       -g, --gid GID
           The numerical value of the group's ID. This value must be unique, unless the -o option is used. The value must be non-negative. The default is to use the smallest ID value greater
           than or equal to GID_MIN and greater than every other group.

           See also the -r option and the GID_MAX description.

       -h, --help
           Display help message and exit.

       -K, --key KEY=VALUE
           Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple -K options can be specified.

           Example: -K GID_MIN=100  -K GID_MAX=499

           Note: -K GID_MIN=10,GID_MAX=499 doesn't work yet.

       -o, --non-unique
           This option permits to add a group with a non-unique GID.

一个用户可以属于多个组，创建每一个用户的时候，都会为该用户创建属于自己的组，也可以指定该用户同时属于多个其他的组

 创建用户时把用户添加到其他的用户组，用户组必须先存在才行

[root@rancher-9 data]# useradd -g group_1,group_2,gourp_n test_user_001
useradd: group 'group_1,group_2,gourp_n' does not exist

##先创建3个用户组
[root@rancher-9 data]# groupadd group_1
[root@rancher-9 data]# groupadd group_2
[root@rancher-9 data]# groupadd group_n

##添加用户的时候顺带把用户添加到其他的用户组里面
[root@rancher-9 data]# useradd -G group_1,group_2,group_n test_user_001
##查看用户组文件---》里面可以看到一个用户组有多少用户加入进来了
[root@rancher-9 data]# cat /etc/group
test_001:x:1000:test_00102,test_00103
test_02:x:1001:
test_003:x:1002:
test_004:x:1003:
boy:x:1004:
test_00102:x:1005:
test_00103:x:1006:
group_1:x:1007:test_user_001
group_2:x:1008:test_user_001
group_n:x:1009:test_user_001
test_user_001:x:1010:
[root@rancher-9 data]# 
##查看用户的用户组
[root@rancher-9 data]# id test_user_001
uid=1006(test_user_001) gid=1010(test_user_001) groups=1010(test_user_001),1007(group_1),1008(group_2),1009(group_n)

给用户组创建密码

gpasswd 命令解释

NAME
       gpasswd - administer /etc/group and /etc/gshadow

SYNOPSIS
       gpasswd [option] group

DESCRIPTION
       The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.

       System administrators can use the -A option to define group administrator(s) and the -M option to define members. They have all rights of group administrators and members.

       gpasswd called by a group administrator with a group name only prompts for the new password of the group.

       If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password.

   Notes about group passwords
       Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.

OPTIONS
       Except for the -A and -M options, the options cannot be combined.

       The options which apply to the gpasswd command are:

       -a, --add user
           Add the user to the named group.

       -d, --delete user
           Remove the user from the named group.

       -h, --help
           Display help message and exit.

       -Q, --root CHROOT_DIR
           Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

       -r, --remove-password
           Remove the password from the named group. The group password will be empty. Only group members will be allowed to use newgrp to join the named group.

       -R, --restrict
           Restrict the access to the named group. The group password is set to "!". Only group members with a password will be allowed to use newgrp to join the named group.

       -A, --administrators user,...
           Set the list of administrative users.

       -M, --members user,...
           Set the list of group members.

CAVEATS
       This tool only operates on the /etc/groupand /etc/gshadow files.  Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server

往一个已经存在的组里面增加用户(一次只能添加一个)

[root@rancher-5 etc]# gpasswd -a test_user_8 group_1
Adding user test_user_8 to group group_1

在/etc/group里group_1可以看到已经添加进去的用户

[root@rancher-5 etc]# cat /etc/group
other group details ......
group_1:x:1001:test_user_5,test_user_6,test_user_7,test_user_8

把用户组里某个用户移除

[root@rancher-5 etc]# gpasswd -d test_user_8 group_1
Removing user test_user_8 from group group_1