命令行大全

usermod

瑞兹 发表于 2020-12-14 11:41浏览次数:

在类似Unix的操作系统上,usermod命令修改用户帐户。

查看英文版

目录:

1 usermod 运行系统环境

2 usermod 描述

3 usermod 语法

4 usermod 例子

usermod 运行系统环境

Unix&Linux

usermod 描述

usermod命令使用由管理员来改变用户的系统帐户设置,如下面的选项中列出:
The usermod command is used by an administrator to change a user's system account settings, as listed in the options below:

查看英文版

查看中文版

usermod 语法

usermod [options] LOGIN

选件

-a,--append 将用户添加到补充组。仅与-G选项一起使用。
-c COMMENT--comment COMMENT 用户密码文件注释字段的新值。通常使用chfn实用程序对其进行修改。
-d--home HOME_DIR 用户的新登录目录。

如果指定了-m选项,则当前主目录的内容将移至新主目录,如果该主目录不存在,则会创建该新主目录。
-e EXPIRE_DATE,-- expiredate EXPIRE_DATE 用户帐户将被禁用的日期。日期以YYYY-MM-DD格式指定。空的EXPIRE_DATE 参数将禁用该帐户的到期。

此选项需要一个/ etc / shadow文件。如果没有,将创建一个/ etc / shadow条目。
-f INACTIVE,--expiredate EXPIRE_DATE 密码过期后直至永久禁用该帐户的天数。密码过期后,

0将禁用该帐户,而值-1将禁用该功能。

此选项需要一个/ etc / shadow文件。如果没有,将创建一个/ etc / shadow条目。
-g GROUP,-- gid GROUP 用户新的初始登录组的组名或编号。该组必须存在。

用户的上一个主组拥有的用户主目录中的任何文件都将归此新组所有。
-G,-- groups GROUP1 [ ,GROUP2, ... [ ,GROUPN ]] 包含用户作为成员的组的列表。每个组之间用逗号隔开,中间没有空格。这些组受与-g选项给定的组相同的限制。如果该用户当前是未列出的组的成员,则该用户将从该组中删除。
-l NEW_LOGIN,--login NEW_LOGIN 用户名将从LOGIN更改为NEW_LOGIN。什么都没改变。特别是,用户的主目录或邮件 后台打印程序可能应该手动重命名以反映新的登录名。
-L,--lock 锁定用户密码。这会将“  ”放在加密的密码前面,从而有效地禁用了密码。您不能将此选项与-p-U一起使用。

注意:如果要锁定帐户(不仅要使用密码访问),还应该使用-eEXPIRE_DATE设置为1(请参见上文)。
-m,-- move-home 将用户主目录的内容移动到新位置。

该选项仅与-d(或--home)选项结合使用才有效。

usermod将尝试调整文件的所有权并复制模式,ACL和扩展属性,但是此后可能需要手动更改。
-o--non-unique -u选项一起使用时,此选项允许将用户ID更改为非唯一值。
-p PASSWORD,--password PASSWORD 加密的密码,由crypt返回。

注意:不建议使用此选项,因为列出进程的用户(例如,使用ps命令)将看到密码(或加密密码)。

密码将写在本地/ etc / passwd/ etc / shadow文件中。这可能与您的PAM(可插入身份验证模块)配置中配置的密码数据库不同。

您应该确保密码遵守系统的密码策略。
-R CHROOT_DIR--root CHROOT_DIR CHROOT_DIR chroot目录中应用更改,并使用CHROOT_DIR目录中的配置文件。
-s SHELL,-- shell SHELL 用户的新登录Shell的名称。将此字段设置为空白会导致系统选择默认的登录外壳。
-u--uid UID 用户ID的新数值。

除非使用-o选项,否则该值必须唯一。该值必须为非负数。

用户的邮箱以及用户拥有的,位于用户主目录中的所有文件将自动更改文件用户ID。

用户主目录之外的文件的所有权必须手动固定。

没有支票将与关于执行UID_MINUID_MAXSYS_UID_MIN,或SYS_UID_MAX从值/etc/login.defs的。
-U,--unlock 解锁用户密码。这将删除加密密码前面的“  ”。您不能将此选项与-p-L一起使用。

注意:如果要解锁帐户(不仅要使用密码访问),还应该使用-e选项将EXPIRE_DATE设置为例如99999/ etc / default / useradd中EXPIRE值。以上)。
-Z SEUSER,-- selinux-user SEUSER 用户登录名的新SELinux用户。

空白的SEUSER将删除用户LOGIN的SELinux用户映射(如果有)。

笔记

如果更改了用户的数字用户ID,用户名或用户的主目录,则必须确保在执行此命令时,命名用户没有执行任何进程。usermod在Linux上进行检查,但仅检查用户是否根据其他系统上的utmp文件登录。

您必须手动更改任何crontab文件的所有者或作业。

您必须在NIS服务器上进行涉及NIS(网络信息服务)的任何更改。

组态

/etc/login.defs中的以下配置变量更改了此工具的行为:

Name Type Description
MAIL_DIR string 邮件假脱机目录。当邮箱的相应用户帐户被修改或删除时,需要用它来操作邮箱。如果未指定,则使用编译时默认值。
MAIL_FILE string 定义用户的邮件假脱机文件相对于其主目录的位置。
MAX_MEMBERS_PER_GROUP number 每个组条目的最大成员数。当达到最大值时,将在/ etc / group中启动新的组条目(行)(具有相同的名称,相同的密码和相同的GID)。

默认值为0,表示组中的成员数没有限制。

此功能(拆分组)允许限制组文件中的行长。确保NIS组的行不超过1024个字符非常有用。

如果需要强制执行此限制,则可以使用25

注意:并非所有工具都支持拆分组。除非确实需要,否则不应使用此变量。

档案

usermod使用以下文件:

/ etc / group 组帐户信息。
/ etc / gshadow 安全的组帐户信息。
/etc/login.defs 影子密码套件配置。
/ etc / passwd 用户帐户信息。
/ etc /shadow 安全的用户帐户信息。
usermod [options] LOGIN

Options

-a--append Add the user to the supplementary group(s). Use only with the -G option.
-c COMMENT--comment COMMENT The new value of the user's password file comment field. It is normally modified using the chfn utility.
-d--home HOME_DIR The user's new login directory.

If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist.
-e EXPIRE_DATE--expiredate EXPIRE_DATE The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. An empty EXPIRE_DATE argument will disable the expiration of the account.

This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.
-f INACTIVE--inactive INACTIVE The number of days after a password expires until the account is permanently disabled.

A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.

This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.
-g GROUP--gid GROUP The group name or number of the user's new initial login group. The group must exist.

Any file from the user's home directory owned by the previous primary group of the user will be owned by this new group.
-G--groups GROUP1[,GROUP2,...[,GROUPN]] A list of groups that contain the user as a member. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. If the user is currently a member of a group that is not listed, the user will be removed from the group.
-l NEW_LOGIN--login NEW_LOGIN The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user's home directory or mail spool should probably be renamed manually to reflect the new login name.
-L--lock Lock a user's password. This puts a "!" in front of the encrypted password, effectively disabling the password. You can't use this option with -p or -U.

Note: if you want to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1 using -e (see above).
-m--move-home Move the content of the user's home directory to the new location.

This option is only valid in combination with the -d (or --home) option.

usermod will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterwards.
-o--non-unique When used with the -u option, this option allows to change the user ID to a non-unique value.
-p PASSWORD--password PASSWORD The encrypted password, as returned by crypt.

Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes (using the ps command, for instance).

The password will be written in the local /etc/passwd or /etc/shadow file. This might differ from the password database configured in your PAM (Pluggable Authentication Module) configuration.

You should make sure the password respects the system's password policy.
-R CHROOT_DIR--root CHROOT_DIR Apply changes in the CHROOT_DIR chroot directory and use the configuration files from the CHROOT_DIR directory.
-s SHELL--shell SHELL The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
-u--uid UID The new numerical value of the user's ID.

This value must be unique, unless the -o option is used. The value must be non-negative.

The user's mailbox, and any files which the user owns and that are located in the user's home directory will have the file user ID changed automatically.

The ownership of files outside of the user's home directory must be fixed manually.

No checks will be performed with regard to the UID_MINUID_MAXSYS_UID_MIN, or SYS_UID_MAX values from /etc/login.defs.
-U--unlock Unlock a user's password. This removes the "!" in front of the encrypted password. You can't use this option with -p or -L.

Note: if you want to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from /etc/default/useradd) using the -e option (see above).
-Z SEUSER--selinux-user SEUSER The new SELinux user for the user's login.

A blank SEUSER will remove the SELinux user mapping for user LOGIN (if any).

Notes

You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed. usermod checks this on Linux, but only checks if the user is logged in according to the utmp file on other systems.

You must change the owner of any crontab files or at jobs manually.

You must make any changes involving NIS (Network Information Service) on the NIS server.

Configuration

The following configuration variables in /etc/login.defs change the behavior of this tool:

Name Type Description
MAIL_DIR string The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile-time default is used.
MAIL_FILE string Defines the location of the users' mail spool files relative to their home directory.
MAX_MEMBERS_PER_GROUP number Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID).

The default value is 0, meaning that there are no limits in the number of members in a group.

This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters.

If you need to enforce such limit, you can use 25.

Note: split groups may not be supported by all tools. You should not use this variable unless you really need it.

Files

usermod makes use of the following files:

/etc/group Group account information.
/etc/gshadow Secure group account information.
/etc/login.defs Shadow password suite configuration.
/etc/passwd User account information.
/etc/shadow Secure user account information.

查看英文版

查看中文版

usermod 例子

usermod -d /home/exampleusernew exampleuser

修改exampleuser帐户的主目录,将其更改为/ home / exampleusernew

usermod -d /home/exampleusernew exampleuser

Modifies the home directory for the exampleuser account, changing it to /home/exampleusernew.

查看英文版

查看中文版

发表评论
评论列表
共0条
点击加载更多