리눅스 사용자관리는 'root사용자' 혹은 'sudo 권한이 있는 사용자'에서 가능합니다.
1. 사용자 관리
1-1 사용자 추가 (useradd)
sudo useradd {USER_NAME}더보기
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
-사용예시-
ex1) sudo useradd jinsu
- 기본 사용자 생성 명령어
1-2 사용자 삭제 (userdel)
sudo useradd {USER_NAME}더보기
Usage: userdel [options] LOGIN
Options:
-f, --force force some actions that would fail otherwise
e.g. removal of user still logged in
or files, even if not owned by the user
-h, --help display this help message and exit
-r, --remove remove home directory and mail spool
-R, --root CHROOT_DIR directory to chroot into
-Z, --selinux-user remove any SELinux user mapping for the user-사용예시-
ex1) userdel jinsu
- 기본 삭제 명령 (홈디렉토리는 삭제 하지 않음)
ex2) userdel -r jinsu
- -r옵션 추가 (홈디렉토리를 포함하여 삭제)
2. 비밀번호 설정 (passwd)
sudo passwd {USER_NAME}더보기
Usage: passwd [OPTION...]
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
-사용예시-
ex) sudo passwd jinsu
- 기본 비밀번호 설정
3. 그룹 관리(groupadd/groupdel/gpasswd/groups)
3-1) 그룹 추가(groupadd)
sudo groupadd {GROUP_NAME}더보기
Usage: groupadd [options] GROUP
Options:
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
(non-unique) GID
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into-사용예시-
ex) sudo groupadd jinsu_group
- 그룹을 생성함
3-2) 그룹 제거(groupdel)
sudo groupdel {GROUP_NAME}더보기
Usage: groupdel [options] GROUP
Options:
-h, --help display this help message and exit
-R, --root CHROOT_DIR directory to chroot into-사용예시-
ex) sudo groupdel jinsu_group
- 그룹을 삭제함
3-3) 사용자에 그룹 추가 (gpasswd)
gpasswd -a {USER_NAME} {GROUP_NAME}더보기
Usage: gpasswd [option] GROUP
Options:
-a, --add USER add USER to GROUP
-d, --delete USER remove USER from GROUP
-h, --help display this help message and exit
-Q, --root CHROOT_DIR directory to chroot into
-r, --delete-password remove the GROUP's password
-R, --restrict restrict access to GROUP to its members
-M, --members USER,... set the list of members of GROUP
-A, --administrators ADMIN,...
set the list of administrators for GROUP
Except for the -A and -M options, the options cannot be combined. -사용예시-
ex) sudo gpasswd -a jinsu jinsu_group
- '-a' 옵션을 사용하여 그룹을 사용자를 추가합니다.
3-4) 사용자 소속 그룹 확인 (groups)
sudo groups ${USER_NAME}더보기
Usage: groups [OPTION]... [USERNAME]...
Print group memberships for each USERNAME or, if no USERNAME is specified, for
the current process (which may differ if the groups database has changed).
--help display this help and exit
--version output version information and exit
GNU coreutils online help: <http://www.gnu.org/software/coreutils/>
For complete documentation, run: info coreutils 'groups invocation'-사용예시-
ex) sudo groups jinsu
- 사용자의 모든 그룹을 확인함.
4) 비밀번호 만료 (chage)
4-1) 비밀번호 만료 확인
sudo chage -l {USER_NAME}더보기
Usage: chage [options] LOGIN
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS-사용예시-
ex1) chage -l jinsu
- 비밀번호 만료 일시 조회 ( 조회시 마지막 비밀번호 변경일, 비밀번호만료일 등 다양한정보를 확인 가능)
- grep 명령어를 사용하여 비밀번호 만료일만 조회 가능
* chage -l ncloud | grep "^password expires"chage -l jinsu| grep "^Password expires"
ex2) chage -E -1 -M 99999 jinsu
- 비밀번호 만료 설정 제거
이상으로 Centos7 기준 사용자및 그룹 관리하는법을 알아보았습니다.
도움이 되셨다면 공감 + ♥ 감사합니다!!
