Linux Account Management

The Linux Newbie Guide

⇒

Fundamentals

Advanced

Supplement

Command Index

ENG⇒中

Account Management

1.0 Account Management
Understanding account-related configuration files
/etc/passwd
/etc/shadow
passwd : Changing passwords
useradd : Adding an account
userade l: Deleting an account
vipw : Modifying /etc/passwd
usermod : Modifying an account
1.1 Personal Account Modification
chfn : Change finger command display information
chsh : Change login shell
finger : Querying an account
1.2 Other Account-related Commands
id : Displaying account ID
who/w : Displaying logged-in user information
lastlog : Account login query

ENG⇒中 ENG⇒中
1.0 Account Management

Most users should have already created accounts through a graphical user interface during Linux installation. However, managing accounts through the command-line interface allows for finer adjustments, such as setting the password expiration date, specifying the home directory location, and choosing the default shell. It also provides an opportunity to understand the underlying principles.

Linux is a multi-user and multi-tasking operating system, allowing multiple users and groups to use it simultaneously. Therefore, managing and maintaining user accounts is a fundamental and necessary task for system administrators, especially considering that many Linux servers may not have a graphical user interface and can only be managed through command-line methods.

Understanding account-related configuration files
Understanding Account Configuration Files Since account management falls under the responsibility of system administrators, it's important to log in as the "root" user to perform most operations. Account settings are mostly maintained and modified in two important configuration files: "/etc/passwd" and "/etc/shadow." Therefore, it is necessary to first understand the definitions of these two configuration files closely related to user accounts.

/etc/passwd
File "/etc/passwd" is a configuration file that traditionally stored user account information, including login passwords. However, the permissions of "/etc/passwd" are set to "rw- r-- r--," allowing anyone to read it. Having such an important file easily accessible like this poses a security risk, as it can be easily compromised. To address this issue, a more secure approach was introduced, and the sensitive information in "/etc/passwd" was moved to a shadow file called "/etc/shadow."

Now, since "/etc/passwd" no longer contains password information, let's see what it actually stores. We can observe the file by examining the first and last few lines using the head and tail commands, as shown below:

$ head -n3 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
$ tail -n3 /etc/passwd
gdm:x:42:42::/var/gdm:/sbin/nologin
aaa:x:500:500::/home/aaa:/bin/bash
bbb:x:501:501::/home/bbb:/bin/bash

The contents of "/etc/passwd" are structured in rows with fields separated by colons ":". Each row contains 7 pieces of information, in the following format:

User Name:	Password:	UID:	GID:	Remark:	Home Directory:	Shell
↑	↑	↑	↑	↑	↑	↑
1	2	3	4	5	6	7

Here is a detailed explanation of the contents:

User Name :
This field records the username of the account. Typically, the superuser account (root) is listed in the first row, followed by system accounts (used for system services and commands like sync or shutdown, and finally, user accounts (intentionally chosen with high visibility, such as "aaa" or "bbb").
Password :
Why is the password field only represented by "x"? In the early days of UNIX, passwords were stored in this field directly. However, this practice posed a security risk as the passwords could be easily accessed. To address this, tools like the "Shadow Suite" were developed. The command pwconv (password convert) can be used to move the passwords to the shadow file ("/etc/shadow"). The "x" in this field indicates that the password is stored in the shadow file.
UID (User ID) :
The User ID represents the unique identifier for each user. The general rules for assigning UIDs are as follows:
- ID=0:
  Superuser's ID (root).
- ID=0~499
- ID > 500:
Each user account has a corresponding UID, which should ideally be unique. Generally, a lower UID indicates a higher priority.
GID (Group ID):
The Group ID represents the identifier for the user's group. It follows similar rules as UID but pertains to groups instead of individual users.
Remark :
This field allows for additional information or comments about the user. For example, if multiple people have the same name (e.g., "michael"), the remark field can be used to distinguish them (e.g., "michael Jordan," "michael jackson"). It can be left blank if not needed.
Home Directory :
The home directory specifies the user's designated directory (using absolute path notation) where they store their personal files and configurations.
Shell:
The shell field denotes the default shell for the user upon login. UNIX/Linux systems offer various shell options, so the choice of shell can be customized based on the user's needs.

Taking the example of the "aaa" account, the entry in the "/etc/passwd" file "aaa:x:500:500::/home/aaa:/bin/bash" represents the following information from left to right: username ("aaa"), password field ("x" indicating it is stored in the shadow file), UID and GID (both set to 500), home directory ("/home/aaa"), no remark specified, and the default shell upon login ("/bin/bash").

/etc/shadow
The "/etc/shadow" file serves as the shadow file for the account passwords stored in "/etc/passwd." It primarily contains the password information. Let's examine its contents:

# ls -l /etc/passwd /etc/shadow ←Checking the permissions of these two files
-rw-r--r-- 1 root root 1736 2011-11-03 01:47 /etc/passwd
-r-------- 1 root root 1147 2011-11-03 01:47 /etc/shadow
↑Both files are owned by "root," but only "root" has read access to "/etc/shadow."
# head -n3 /etc/shadow ←Make sure to read this as "root."
root:$1$iTcAPoAy$a28ghr3y112Dxtp1AGpzF0:15280:0:99999:7:::
bin:*:15280:0:99999:7:::
daemon:*:15280:0:99999:7:::
# tail -n3 /etc/shadow
gdm:!!:15280:0:99999:7:::
aaa:$1$01Mc6F6n$09JiVXW1PrT5JANipdaCr/:15280:0:99999:7:::
bbb:$1$oXtIbeRn$u92TjWY.Okkr8SQY2kthr1:15280:0:99999:7:::

By observing, we can see that "/etc/shadow" also uses colons ":" as separators, but it records 9 pieces of password information. The format is as follows:

User Name:	Password:	Last:	May:	Must:	Warn:	Expire:	Disable:	Reserved:
↑	↑	↑	↑	↑	↑	↑	↑	↑
1	2	3	4	5	6	7	8	9

詳細內容如下:

User Name:
This field represents the account username, which is the same as in "/etc/passwd."
Password :
The actual password for the account is stored in this field. However, it is encrypted using ASCII characters, making it challenging to retrieve the original password unless you are an expert at decryption. If this field is empty, it means that no password is required for login. If the field starts with "!" or "!!," it indicates that the account is locked (cannot be logged into).
Last (Last Password Change:):
This field records the date of the last password change. Instead of directly recording the date, UNIX/Linux systems typically use the "UNIX Epoch Time," which is January 1, 1970, 00:00 as the reference point. In the example provided, "15280" for the "aaa" account means that the password was last changed 15,280 days after the UNIX Epoch Time, which corresponds to November 3, 2011. [note:1.0]
May (Password Expiration):
This field indicates the number of days before the password can be changed again after it has been modified or initially set. For example, if a new employee is on a trial period for a month, and you do not want them to change their password during that time, you can set this field to "30." A value of "0" means the password can be changed at any time.
Must (Password Expiration Warning):
It functions similarly to the requirement for changing a password within a specified time period when obtaining a bank's debit card. If this field contains "99999," it means that the password is set to never expire.
When a password expiration time is set, the system will notify the user with a message like "Your password will expire in N days" when they log in. This serves as a reminder for the user to change their password before it expires.
Warn (Account Inactivity Days):
This field allows for a grace period after the password expiration date, during which the user can still log in and change their password to make it valid again. If not used, this field remains blank. It is commonly used for situations where an employee may be traveling or ill before their password expiration date, ensuring they can still access their account upon return without burdening the system administrator.
Expire (Account Expiration):
Similar to the "Password Expiration" field, this field represents the number of days after which the account becomes invalid. It uses the "UNIX Epoch Time" format. If not used, this field remains blank. It is often employed for temporary contract employees, where the account becomes invalid after a specific time period.
Disable (Expiration Time):
The configuration in this field is similar to the third field, represented by the number of days since the UNIX Epoch Time[note:1.0.]It is commonly used for time-limited contract employees, where the account becomes inactive once the specified time period has passed. If not used, this field remains blank.
For example, if an employee's contract is set to expire on December 30, 2012, you can calculate the number of days between that date and the UNIX Epoch Time. To do this, you can use the command "date -d '2012/12/30' +%s" to obtain the number of seconds since the UNIX Epoch Time for the given date. Then, you divide this timestamp by 86400 (the number of seconds in a day), round the result, and take the integer value as the answer.

Setting an expiration date using the "disable" field ensures that an account becomes inactive once the specified period has elapsed. This feature is commonly used for managing time-limited access or temporary user accounts, such as those created for contract employees.[note 1.1]
Reserved :
This field is currently reserved and not utilized.。

^ back on top ^

passwd : Changing passwords
Changing Password: The command to change a password is passwd. To change your own password, simply use passwd without specifying a username. Here's an example:

Example: (Testing password change with a regular user, changing own password)

[aaa@localhost ~]$ passwd ←Changing own password
Changing password for user aaa.
Changing password for aaa.
(current) UNIX password: ←Enter current password
New UNIX password:←Enter new password
Retype new UNIX password:←Re-enter new password (to avoid typos, it prompts for confirmation)
Passwd: all authenticatin tokens updated successfully.

The passwd command has special permissions with the SUID (Set User ID) permission, which temporarily elevates the user's privileges to root, allowing them to modify "/etc/shadow" (similarly, commands like chfn or chsh have the same special privileges). While it is possible to manually modify "/etc/shadow" as the Superuser to achieve the same result as the passwd command, it involves dealing with the 9 fields, which can be error-prone. Using passwd simplifies the process for you.

The passwd command has additional or advanced options that are typically applicable only to the Superuser. Here is an example of one such option:

Syntax:passwd [-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function	註
passwd/ change password/ Any	-d	Deletes the password, equivalent to removing the content in the 5th field of "/etc/shadow"	only applicable for the Superuser
	-l(lowercase L)	Lock account (add "!" or "!!" before the password field in "/etc/shadow")	only applicable for the Superuser
	-u	Unlock the locked account (remove the "!" or "!!" added before the "/etc/shadow" password column)	only applicable for the Superuser
	-f	If you have not set a password but used -l to lock the account, if you want to unlock the locked account at this time, you must cooperate with the option -u and use -fu to forcibly unlock the locked account	only applicable for the Superuser
	-n	Set the number of days that the password cannot be modified, the same as modifying the fourth column in "/etc/shadow" by yourself	only applicable for the Superuser
	-x	Set the valid number of days for the password, the same as modifying the fifth column in "/etc/shadow" by yourself	only applicable for the Superuser
	-w	Set the number of days to issue a warning before the password is about to expire, the same as modifying the sixth column in "/etc/shadow" by yourself	only applicable for the Superuser
	-i	Set the allowable time for password expiration, the same as modifying the seventh column in "/etc/shadow" by yourself	only applicable for the Superuser
	-S	Simple info for output password	only applicable for the Superuser
	--stdin	Use Standard Input Redirection to create passwords	only applicable for the Superuser
	--help	Displays the command's built-in help and usage information

For regular users, the passwd command can only change their own passwords. To change someone else's password, lock an account, set password expiration, or perform advanced management tasks, Superuser privileges are required. The usage for these cases is passwd username.

For example, if someone is on a leave of absence, the Superuser can use the vipw command to add a "!" or "!!" at the beginning of the password field (second field) in "/etc/shadow" to temporarily lock the account (preventing login). The "!" or "!!" is then removed when the person resumes work. However, it is recommended to use the passwd -l and passwd -u commands to simplify this process without directly editing "/etc/shadow".

Here is an example of using advanced options (applicable only to the Superuser):

# useradd guest; passwd –d guest ←Create a temporary guest account without requiring a password
# passwd aaa ←Change the password for the "aaa" account
# passwd -l aaa ←Lock the "aaa" account (equivalent to adding "!" or "!!" at the beginning of the password field in "/etc/shadow")
# passwd -u aaa ←Unlock the "aaa" account (remove the leading "!" or "!!" in the password field)
# passwd -S bbb ←Display basic information about the password for the "bbb" account
# passwd -x 100 bbb ←Set the password expiration for the "bbb" account to 100 days (equivalent to modifying the 5th field in "/etc/shadow" to 100)

Furthermore, if a system administrator needs to create multiple accounts or change multiple passwords simultaneously, the "--stdin" option (often used in scripting languages) can be used along with input redirection and pipes to perform batch operations. Here's an exampl

Example:

# echo "123abc" | passwd --stdin aaa ← Sets the password for the "aaa" account to "123abc"

^ back on top ^

useradd : Adding an account
The useradd command is only executable by the Superuser. To create a new account with useradd, simply provide the account name as an argument. If no other options are specified, a group with the same name as the account will be created alongside it.

Example:

# useradd mandino ←Create an account named "mandino"
# cat /etc/passwd | grep '/home/mandino' | cut -d":" -f1 ← Verify if the "mandino" account has been added to "/etc/passwd"
mandino
# passwd mandino ←Don't forget to immediately set a password for the newly created account

After creating an account but before setting a password with passwd, if you observe the "/etc/passwd" file, you will notice that the password field (second field) displays "!!," indicating that the account is locked (since it exists but has no password yet). Therefore, the typical next step is to use passwd to set a password for the new account. Alternatively, you can use passwd -uf USER_NAME to forcibly unlock a locked account. However, since no password is set, this account can be accessed without a password. Although users of this account can set their preferred password after logging in, it is not recommended to rely on this approach.

The useradd command records the relevant information for the newly created account in "/etc/shadow" and "/etc/passwd". Advanced usage is as follows:

Syntax:useradd [-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function
useradd/ Add account/ Superuser	-c	Add a comment to a user account and simultaneously modify the fifth field of the "/etc/passwd" file
	-d PATH	Specify the home directory (PATH is an absolute path) , and modify the sixth column in "/etc/passwd" by yourself
	-D	Display or change the value of the default account, can accept the following options: [-b]home directory [-e]password expiration date (the format is YYYY-MM-DD) [-f]password expiration time [-g]preset Set group [-G]additional group (supplementary groups) [-s]set the default shell when logging in
	-e	Set the password expiration date, the same as modifying the 8th column in " /etc/shadow " by yourself
	-f	Set the allowable time for password expiration, and modify the seventh column in "/etc/shadow" by yourself (if the value is "-1", the seventh column in "/etc/shadow" will remain blank)
	-g	Set default group (group name should exist in /etc/group )
	-G	Set an additional group (the additional group name must exist in /etc/group), and the usage of the additional group refers to group management
	-m	Automatically create a home directory
	-M	Do not automatically create a home directory
	-r	Create a system account (the system account rule is that the password field will not expire & no home directory & UID less than 500)
	-s	Specifies the default shell at login
	--help	Displays the command's built-in help and usage informationl

The useradd -D command allows you to query and modify the default settings for creating new user accounts. These settings govern various aspects of account creation and can be adjusted using "useradd -D" followed by the appropriate options.

For example, running useradd -D will display the current default settings as shown below:

# useradd -D
GROUP=100 ←Group ID 100 (In some distributions like Fedora, the default group name is the same as the account name, and this setting has no effect)
HOME=/home ←Home directory
INACTIVE=-1 ←Number of days after the password expires before the account becomes inactive. A value of "-1" means the 7th field in "/etc/shadow" is left blank
EXPIRE= ←Expiration date for the password
SHELL=/bin/bash ← Default login shell
SKEL=/etc/skel ← Files to be copied to the new user's home directory during account creation (usually environment configuration files and hidden files)
CREATE_MAIL_SPOOL=yes ←Create an email spool (creates a corresponding file in the "/var/spool/mail" directory))

The actual useradd -D command shows the contents of the configuration file "/etc/default/useradd". You can manually edit this file to change the default account creation rules. However, it's recommended to use useradd -D [-option] to modify the settings to avoid potential errors.

For example, let's say during the summer, a company hires temporary workers who will be employed until September 1. You can change the default account creation rules using useradd -D [-option] as follows:

Example:

# useradd -D -b /home -e 2016-09-01

The above command changes the "/etc/default/useradd" configuration file. From now on, when you use "useradd" to create new accounts, the expiration date in the 8th field of "/etc/shadow" will be automatically set to September 1, 2016.

Here are some other examples of using "useradd" with various options:

# useradd -m -s /bin/csh joe ←Specifies that the new account "joe" will use the "C shell" as the login shell
# useradd -e 2016-10-30 frank ←Sets the expiration date for the "frank" account to October 30, 2016
# useradd -u 507 phoebe ←Specifies the UID=507 for the "phoebe" account (generally, you don't need to specify the UID explicitly)
# useradd -g qa kiwi ← Creates the "kiwi" account and assigns it to the "qa" group (the group name must already exist in "/etc/group")
# useradd -g qa kiwi -G factory ← Similar to the previous example, but additionally assigns the "factory" group as a supplementary group (the supplementary group name must already exist in "/etc/group")

^ back on top ^

useradel: Deleting an account
The userdel command is used to delete user accounts from a Linux system. It provides a convenient and straightforward way to remove user accounts, along with their home directories and email spools (if any). While you can manually edit the "/etc/shadow" and "/etc/passwd" files to remove accounts, using userdel is recommended for its simplicity and efficiency.

Syntax:userdel [-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function
userdel/ delete account/ Superuser	-r	Together with this account's home directory and email spool are deleted
userdel/ delete account/ Superuser	--help	Displays the command's built-in help and usage information

Example:

# userdel -r john ←Delete account "john" and its home directory and email spool together

^ back on top ^

vipw : Modifying /etc/passwd
To make individual settings for user accounts, you can modify the file "/etc/passwd." However, many Linux distributions offer the kind command "vipw" to help users avoid forgetting to edit that file. This command opens and edits the "/etc/passwd" file using the vi editor. Furthermore, if the "/etc/passwd" file is modified, the helpful tool will ask if you also want to modify the "/etc/shadow" file. Only the Superuser has the privilege to execute vipw.

Since editing "/etc/passwd" and "/etc/shadow" manually can be error-prone due to the numerous fields (and because many people find the "malicious interface" of vi unpleasant), it is recommended to use usermod as introduced next for more secure account management.

usermod : Modifying an account
The usermod command is similar to a combination of useradd and passwd. It allows you to modify various aspects of a user account, such as the account name, primary group, and password expiration date. Only the Superuser has the privilege to execute this command. Here are some examples of how to use it:

Syntax:usermod [-otpiton][--option] [USER_NAME][NEW USER_NAME OLD_USER_NAME]
Command name/Function/Command user	Options	Function
usermod/ modify account/ Superuser	-a	-a -G GROUP: Adds supplementary group "GROUP" to the user account.
	-c	Modifies the comment field, similar to manually editing the 5th field in "/etc/passwd"
	-d PATH	Modifies the home directory to "PATH" (absolute path), similar to manually editing the 6th field in "/etc/passwd."
	-e	Modifies the password expiration date, similar to manually editing the 8th field in "/etc/shadow"
	-f	Modifies the password expiration warning period to "DAYS" in the "/etc/shadow" file. If the value is -1, it means the 7th field in "/etc/shadow" will be left blank (no warning will be given).
	-g GROUP	Modifies the primary group to "GROUP"
	-G GROUP	Adds the user to a supplementary group "GROUP"
	-l	Modifies the account name to "NEW_USERNAME," similar to manually editing the 1st field in both "/etc/passwd" and "/etc/shadow"
	-L	Locks the account (you can add "!" or "!!" in front of the password field in "/etc/shadow" to lock the account).
	-s	Modifies the default shell for the user at login.
	-u	Modifies the user's UID (User ID).
	-U	Unlocks a locked account.
	--help	Displays the command's built-in help and usage information

Example (logged in as root):

# usermod -l micle micheal ←Changes the account name from "micheal" to "micle."
# usermod -e 2016-10-30 micle ←Modifies the account expiration date to "October 30, 2016"
# usermod alice -G sales ←Adds the supplementary group "sales" to the "alice" account. (The supplementary group must be created first using the "groupadd" command)
# usermod alice -a -G sub_grp ←Appends the supplementary group "sub_grp" to the "alice" account

In the last example, the option "-a -G" allows you to add more than one supplementary group to the account.

^ back on top ^

1.1 Personal Account Modification
As mentioned before, most of the account management commands, except for passwd, require superuser privileges to execute. However, regular users can also make limited changes to their own account settings, such as changing their preferred shell, updating their full name, or querying account information. Below are account management commands that can be executed by regular users:

chfn : Change finger command display information
chfn allows users to modify the information displayed by the finger command. It actually changes the 5th field in "/etc/passwd," which is the comment or description section. This comment contains comma-separated fields, including the full name, company name, company phone number, home phone number, etc.

The usage of "chfn" is as follows:

Syntax:chfn -otpiton [USER_NAME]
Command name/Function/Command user	Options	Function
chfn/ change finger information/ Any	-f	Change the full name
	-o	Change the company name
	-p	Change the company phone number
	-h	Change the home phone number
	--help	Displays the command's built-in help and usage information

Most distributions only allow the system administrator to execute the chfn command

Example:

# chfn -f "John Doe" -h "123-456-7890" john ←Sequentially change the full name and home phone of the account "john"

chsh : Change login shell
When a system administrator creates an account for you, the default shell might not be the one you prefer. In such cases, you can use the chsh command to change it to your desired shell. Here's how to use it:

Syntax:chsh[-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function
chsh/ Change login shell/ Any	-s	Specifies the login shell to be used
	-l	Lists the available shells
	--help	Displays the command's built-in help and usage information

Example:

$ chsh -l ←Lists the available shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/zsh
$ chsh -s /bin/zsh ←Sets "Z Shell" as the default shell for this account (effective after logging out and logging in again)

The chsh -s command directly modifies the "Shell" field (7th field) in "/etc/passwd," while chsh -l reads the valid shells listed in the "/etc/shells" configuration file.

A special shell is "/sbin/nologin," which is used to restrict local logins for certain accounts (e.g., system accounts) by not providing a home directory or loading a shell upon login. It is primarily used for remote logins and system accounts.

If the system is undergoing maintenance and you don't want users to log in, the superuser can create the file "/etc/nologin" using the command echo > /etc/nologin. After creating this file, all users except for the root will be prevented from logging in.

finger : Querying an account
The finger command is used to search for and display information about user accounts.

The finger command can search for both local and remote users and displays the following information:

Login Name
User Name (Full Name or other comments)
Home directory
Shell (login shell)
Login status
Mail status
~/.plan (plan file) [Note 1.0A]
~/.project (project file)
~/.forward (forwarded email)
~/.pgpkey (PGP key)

Usage examples:

Syntax:finger [-otpiton] [USER_NAME][@HOST]
Command name/Function/Command user	Options	Function
finger/ query account / Any	-l	This is the default and displays the user's full name, home directory, login shell, login status, mail status, and the content of the hidden files in the user's home directory (if they exist) 〝~/.plan〞[Note 1.0A]。〝~/.forward〞〝~/.project〞〝~/.pgpkey〞
	-m	Excludes searching by full name
	-p	Excludes displaying the content of the hidden files in the user's home directory 〝~/.plan〞〝~/.project〞〝~/.pgpkey〞
	-s	Excludes displaying the home directory, login shell, and mail status
	--help	Displays the command's built-in help and usage information

The finger command is case-insensitive when searching for accounts, and it searches for both the login name and the first name in the full name.

The finger command can also be used to query remote users by specifying the format "finger user@host" or "finger@host."

Examples:

finger john@abcd.com.tw: When using the "finger user@host" format, the default option is "-l" for the display mode.
finger @abcd.com.tw: When using the "finger @host" format, the default option is "-s" for the display mode.

Please note that the availability and output of the finger command may vary based on the specific Linux distribution and its configuration. Also, keep in mind that in modern systems, some security practices might restrict or disable the use of the finger command due to potential privacy concerns.

^ back on top ^

;

1.2 Other Account-related Commands
id : Displaying account ID
The id command displays the User ID (UID) of an account and the groups it belongs to. It is useful when you forget your own UID or need information about other accounts.

The id command has various options to provide specific information:

Syntax:id [-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function
id/display account ID / Any	-a	Displays all information about the account (this is the default value)
	-Z	Displays account information related to security context
	-g	Displays the effective Group ID (GID)
	-G	Displays the Group IDs of all group members
	-n	Displays the account or group name (used in conjunction with -g, -G, or -u options)
	-r	Opposite of -n, displays the UID/GID numbers of the account (used in conjunction with -g, -G, or -u options)
	-u	Displays the effective UID (User ID) of the account
	--help	Displays the command's built-in help and usage information

例:

$ id ←Displays all information about the account
uid=500(aaa) gid=500(aaa) grpups=500(aaa),502(sub_grp) context=unconfined_u:syst
em_r:unconfined_t:s0
$ id -G ←Queries the Group IDs of the user's group members
501 502
$ id -Gn ←ame as above, but displays group names
aaa sub_grp
$ id austin ←Also displays information for the account "austin"

^ back on top ^

who/w : Displaying logged-in user information
The who command and its sibling command w are used to display information about logged-in users on the system.

Using who is useful for system administrators to determine how many users are logged in before issuing shutdown commands to prevent interrupting users who may still be working on the system.

Here is the usage of the "who" command:

Syntax:id [-otpiton][--option]
Command name/Function/Command user	Options	Function
who/ who is logged on / Any	-a	Display all information about logged-in users
	-b	Display the last system boot time
	-d	Display dead processes
	-H	Display the header line with field names.
	-r	Display the current runlevel
	-q	Display the list of logged-in users and the total number of users.
	-w or -T	Display information about users in a short format
	i am	Display information about your own login.

Example:

$ who -q ←Display the list of logged-in users and the total number of users
root alice frank austin
#user=4
$ who -r ←Display the current runlevel
run-level 5 2016-06-13 05:20
$ who -b ←Display the last system boot time
system boot 2016-06-11 05:20
$ who i am ←Display information about your own login
alice pts/0 2016-06-13 05:21 (:0)

The w command can display information about what commands the logged-in users are currently executing.

Example:

$ w
17:22:40 up 1:16, 5 users, load average: 0.06, 0.12, 0.08
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                16:07    3:59   0.06s 0.00s vi
john     tty2     -                16:37   38.00s 0.07s 0.01s man consolehelp
peter    tty4     -                16:37   38.00s 0.07s 0.01s -bash

lastlog : Account login query
lastlog 可查詢某個帳號最後登入的時間,用法如下:
astlog is a command used to query the last login time of user accounts. It provides information about the most recent login activity for specific users. The usage is as follows:

Syntax:id [-otpiton][--option] [USER_NAME]
Command name/Function/Command user	Options	Function
lastlog/account login query/ Any	-b DAYS	Displays users who last logged in before DAYS ago (from the current time)
	-t DAYS	Displays users who last logged in within the past DAYS days (from the current time)
	--u USER	Displays the last login time for the specified USER account
	--help	Displays the command's built-in help and usage information

Example:

$ lastlog -b 30 ←Displays users who last logged in more than 30 days ago
$ lastlog -t 7 ←Displays users who last logged in within the past 7 days
$ lastlog -u leona ← Displays the last login time for the account "leona"

^ back on top ^

[Note1.0]:
:To find out the current time elapsed since the "UNIX epoch," you can use the command date +%s, which will provide the number of seconds passed. For example, date -d 'YYYY/MM/DD' +%s (where YYYY is the year in the Gregorian calendar, e.g., "2012") will display the number of seconds elapsed since "January 1, 1970, 00:00."

[Note 1.0A]:
The finger command can also be used to check offline messages, similar to an ancient version of offline messaging like MSN. For instance, if you write messages in the hidden files ".project" and ".plan" located in your home directory using a text editor, they will be displayed when someone uses finger to check your account. However, to view these hidden files (except for the superuser), the person needs permission to access your home directory. Therefore, the permissions of the home directory should be set to "rwx --x --x" (711), and these two files should be readable for others (e.g., "rw- rw- r--").

If the home directory contains a ".forward" file, "finger" will display the email addresses to which emails should be forwarded. For example, if the account "john" has a ".forward" file with the following content:

$ cat ~john/.forward
aaa@localhost ←Forward to the email address 'aaa@localhost'
john@localhost ←Forward a copy to oneself (if one wants to keep a copy, as the system won't retain forwarded emails)

If forwarding is not successful despite having a ".forward" file, ensure that the "other" and "group" permissions do not have the "w" (write) permission. You can use the command "chmod go-w .forward" to remove write permissions, as the system may reject forwarding for security reasons.

Additionally, if you have multiple email accounts and don't want to check each one individually, you can use ".forward" to forward all emails to a single email account, making it more efficient.

Another hidden file, ".pgpkey," is used for "PGP keys."

[Note1.1]:
In practical applications, when setting the Linux system to UTC +8 (for example, Taipei time),'date -d '1970/01/01 08:00:00' +%s will output 0, as the "UNIX epoch" is based on UTC (Coordinated Universal Time) at "January 1, 1970, 00:00." When dealing with UNIX timestamps in different time zones, it is crucial to consider the "time difference" between the local time and UTC.