In Linux systems, user management is a fundamental skill for system maintenance. Just as each person has different identities and permissions in reality, the Linux system differentiates the permissions of different operating subjects through users and groups, ensuring system security and resource isolation. This article will take you through the core knowledge of Linux user management from basic concepts to practical operations.
一、用户与组的基本概念¶
In the Linux system, each user has a unique identity identifier (UID). Each user by default belongs to a primary group (GID) and can be attached to multiple other groups. The role of groups is to classify multiple users, making it easier to manage permissions uniformly (for example, all developers belong to the “dev” group, and group permissions only need to be set once).
- User: The identity to log in to the system, such as
root(administrator), regular usersalice,bob, etc. - Group: A collection of users. Users in the same group share the same group permissions.
- Three elements of permissions: The permissions of files/directories are divided into three categories—owner (the user himself), owning group (users in the group), and other users (users not in the group and not the owner).
二、创建用户¶
Creating a user requires administrative privileges (via root or sudo), using the useradd command (some systems use adduser, which has similar effects but slightly different parameters).
1. Basic creation command¶
sudo useradd -m 用户名
-m: Automatically create the user’s home directory (if not specified, some systems may not create it by default).- Example: Create user
aliceand automatically generate a home directory:
sudo useradd -m alice
2. Set password¶
After creating the user, a password must be set, otherwise the user cannot log in:
sudo passwd alice
After entering the password and pressing Enter, the password will be stored encrypted (not displayed in plain text).
3. View user information¶
Use the id command to confirm if the user was created successfully:
id alice
Sample output: uid=1001(alice) gid=1001(alice) groups=1001(alice), indicating that the UID of user alice is 1001, and the GID is 1001 (primary group).
4. Switch user login¶
Use the su - command to switch to the newly created user:
su - alice
At this time, the prompt becomes alice@hostname:~$, indicating that the login has been successful with the identity of alice.
三、删除用户¶
Deleting a user uses the userdel command, which requires careful operation (to avoid accidental data deletion).
1. Basic deletion command¶
sudo userdel 用户名
- Without parameters: Only delete user information, home directory is retained (need to delete manually).
- With
-rparameter: Delete the user’s home directory and related files at the same time:
sudo userdel -r alice
Precautions¶
- It is recommended to back up relevant data before deleting a user (such as files in the user directory).
- If the user is still logged in, log out or force quit first (can be terminated via
pkill -9 -u alice).
四、权限分配:文件与用户的关系¶
Permission allocation is the core of user management, determining whether a user can access, modify, or run files/directories. Linux permissions are represented by numbers or letters. For example, rwxr-xr-x has the following meaning:
1. Permission notation¶
- Letter method:
r(read, 4),w(write, 2),x(execute, 1). - Three types of users:
u(owner),g(owning group),o(other users). - Number method: Convert
r/w/xto 4/2/1 and sum them to represent permissions. For example: rwx= 4+2+1=7 (owner permissions)rx= 4+1=5 (group/other user permissions)
2. Modify file permissions: chmod command¶
Example 1: Modify with letter method (more intuitive)¶
# Add execute permission to the owner of file test.txt
chmod u+x test.txt
# Remove write permission from the owning group
chmod g-w test.txt
# Add read permission for other users
chmod o+r test.txt
Example 2: Modify with number method (concise and efficient)¶
# Owner read+write+execute, owning group read+execute, other users read (permissions 754)
chmod 754 test.txt
3. Modify file owner/owning group: chown and chgrp¶
- Modify owner (requires administrative privileges):
sudo chown alice:dev test.txt # Modify the owner to alice and the owning group to dev at the same time
- Modify owning group:
sudo chgrp dev test.txt # Only modify the owning group to dev
4. Batch operations on directories: Recursively modify permissions¶
For directories, use the -R parameter to recursively modify all subfiles/directories:
# Set all subfiles/directories of directory dir to owner read+write+execute, other users read only
sudo chmod -R 754 dir
五、sudo权限:临时管理员权限¶
Regular users cannot execute system-level commands (such as installing software, modifying system configurations) by default and need to obtain temporary administrative privileges via sudo.
1. Configure sudo permissions¶
By default, sudo requires the user to belong to the wheel group (CentOS) or sudo group (Ubuntu). Add the user to the group:
sudo usermod -aG wheel alice # Add to wheel group for CentOS
# Or for Ubuntu/Debian: sudo usermod -aG sudo alice
2. Use sudo to execute commands¶
alice@hostname:~$ sudo apt update # Update software sources (administrative privileges)
[sudo] password for alice: # Enter alice's password
3. Forbid ordinary users to use sudo¶
If you need to restrict users, you can edit the /etc/sudoers file (it is recommended to use sudo visudo to avoid syntax errors):
sudo visudo
Find the line root ALL=(ALL:ALL) ALL, and comment out users who do not need sudo permissions.
六、总结¶
The core of Linux user management is creating and deleting users and allocating permissions reasonably. Key commands to remember:
- Create user: sudo useradd -m 用户名 (add -m to create home directory) + passwd 用户名 (set password).
- Delete user: sudo userdel -r 用户名 (-r to delete home directory).
- Modify permissions: chmod (letter/number method), chown/chgrp (modify owner/group).
- Temporary privilege escalation: sudo (requires the user to be in the sudo group).
Beginners can create users and modify permissions through practice to gradually familiarize themselves with Linux’s multi-user security mechanism. Be careful to avoid deleting important users or incorrectly allocating permissions to ensure stable system operation.