useradd 命令详解#
useradd 是 Linux 系统中用于创建新用户的命令。它可以创建用户账号、设置用户主目录、指定用户组等,是系统管理员进行用户管理的重要工具。
入门#
基本用法#
# 创建新用户
useradd username
# 创建用户并指定主目录
useradd -d /home/custom username
# 创建用户并指定用户组
useradd -g groupname username
# 创建用户并指定用户 ID
useradd -u 1001 username常用选项#
| 选项 | 说明 |
|---|---|
-d | 指定用户主目录 |
-g | 指定初始用户组 |
-G | 指定附加用户组 |
-m | 创建用户主目录 |
-s | 指定用户 shell |
-u | 指定用户 ID |
-p | 指定密码(加密) |
基本示例#
# 创建新用户
useradd testuser
# 创建用户并设置密码
useradd testuser
passwd testuser
# 创建用户并创建主目录
useradd -m testuser
# 创建用户并指定 shell
useradd -s /bin/bash testuser中级#
用户创建选项#
# 创建用户并创建主目录
useradd -m username
# 创建用户并指定主目录
useradd -d /custom/home username
# 创建用户并指定 shell
useradd -s /bin/bash username
# 创建用户并指定用户 ID
useradd -u 1001 username
# 创建用户并指定用户组
useradd -g groupname username
# 创建用户并指定附加组
useradd -G group1,group2 username用户属性设置#
# 创建用户并设置注释
useradd -c "Full Name" username
# 创建用户并设置过期日期
useradd -e 2024-12-31 username
# 创建用户并设置密码过期天数
useradd -f 30 username
# 创建系统用户
useradd -r username
# 创建用户但不创建主目录
useradd -M username用户管理#
# 查看用户信息
id username
# 查看用户详细信息
finger username
# 查看用户主目录
echo ~username
# 查看用户 shell
grep username /etc/passwd | cut -d: -f7
# 查看用户组
groups username高级#
高级用户创建#
# 创建用户并复制骨架文件
useradd -m -k /etc/skel username
# 创建用户并指定 UID 和 GID
useradd -u 1001 -g 1001 username
# 创建用户并指定多个附加组
useradd -G group1,group2,group3 username
# 创建用户并设置登录 shell
useradd -s /bin/zsh username
# 创建用户并设置家目录权限
useradd -m -k /etc/skel -K HOME_MODE=0700 username批量用户创建#
#!/bin/bash
# 批量创建用户脚本
# 从文件创建用户
create_users_from_file() {
local user_file=$1
while IFS=',' read -r username password; do
if [ -n "$username" ]; then
echo "Creating user: $username"
useradd -m $username
if [ $? -eq 0 ]; then
echo "$username:$password" | chpasswd
echo "User $username created successfully"
else
echo "Failed to create user $username"
fi
fi
done < $user_file
}
# 批量创建用户
batch_create_users() {
local user_list=$1
for username in $user_list; do
echo "Creating user: $username"
useradd -m $username
if [ $? -eq 0 ]; then
echo "User $username created successfully"
else
echo "Failed to create user $username"
fi
done
}
# 主函数
main() {
case "$1" in
file)
create_users_from_file "$2"
;;
batch)
batch_create_users "$2"
;;
*)
echo "Usage: $0 {file|batch}"
exit 1
;;
esac
}
main "$@"用户模板#
#!/bin/bash
# 用户模板脚本
# 创建用户模板
create_user_template() {
local username=$1
local template=$2
echo "Creating user from template: $template"
case "$template" in
developer)
useradd -m -s /bin/bash -G developers,docker $username
;;
admin)
useradd -m -s /bin/bash -G sudo,adm $username
;;
web)
useradd -m -s /bin/bash -G www-data,ftp $username
;;
*)
echo "Unknown template: $template"
return 1
;;
esac
if [ $? -eq 0 ]; then
echo "User $username created from template $template"
else
echo "Failed to create user $username"
return 1
fi
}
# 自定义用户模板
create_custom_template() {
local username=$1
local shell=$2
local groups=$3
echo "Creating user with custom template"
useradd -m -s $shell -G $groups $username
if [ $? -eq 0 ]; then
echo "User $username created successfully"
else
echo "Failed to create user $username"
return 1
fi
}
# 主函数
main() {
case "$1" in
template)
create_user_template "$2" "$3"
;;
custom)
create_custom_template "$2" "$3" "$4"
;;
*)
echo "Usage: $0 {template|custom}"
exit 1
;;
esac
}
main "$@"大师#
用户管理系统#
#!/bin/bash
# 用户管理系统
CONFIG_FILE="/etc/user_manager/config.conf"
LOG_FILE="/var/log/user_manager/manager.log"
mkdir -p $(dirname $LOG_FILE)
# 加载配置
source $CONFIG_FILE
# 创建用户
create_user() {
local username=$1
local password=$2
local groups=$3
local shell=${4:-/bin/bash}
echo "Creating user: $username"
# 检查用户是否已存在
if id $username &>/dev/null; then
echo "User $username already exists"
return 1
fi
# 创建用户
useradd -m -s $shell $username
if [ $? -ne 0 ]; then
echo "Failed to create user $username"
log_message "Failed to create user $username"
return 1
fi
# 设置密码
if [ -n "$password" ]; then
echo "$username:$password" | chpasswd
if [ $? -ne 0 ]; then
echo "Failed to set password for $username"
log_message "Failed to set password for $username"
return 1
fi
fi
# 添加到附加组
if [ -n "$groups" ]; then
usermod -aG $groups $username
if [ $? -ne 0 ]; then
echo "Failed to add user $username to groups"
log_message "Failed to add user $username to groups"
return 1
fi
fi
echo "User $username created successfully"
log_message "User $username created successfully"
# 发送通知
send_notification "User $username created successfully"
}
# 删除用户
delete_user() {
local username=$1
local remove_home=${2:-false}
echo "Deleting user: $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 删除用户
if [ "$remove_home" = "true" ]; then
userdel -r $username
else
userdel $username
fi
if [ $? -ne 0 ]; then
echo "Failed to delete user $username"
log_message "Failed to delete user $username"
return 1
fi
echo "User $username deleted successfully"
log_message "User $username deleted successfully"
# 发送通知
send_notification "User $username deleted successfully"
}
# 修改用户
modify_user() {
local username=$1
local option=$2
local value=$3
echo "Modifying user: $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 修改用户属性
case "$option" in
shell)
usermod -s $value $username
;;
groups)
usermod -aG $value $username
;;
home)
usermod -d $value $username
;;
password)
echo "$username:$value" | chpasswd
;;
*)
echo "Unknown option: $option"
return 1
;;
esac
if [ $? -ne 0 ]; then
echo "Failed to modify user $username"
log_message "Failed to modify user $username"
return 1
fi
echo "User $username modified successfully"
log_message "User $username modified successfully"
}
# 列出用户
list_users() {
echo "=== User List ==="
# 获取所有普通用户
awk -F: '$3 >= 1000 {print $1}' /etc/passwd
echo ""
echo "Total users: $(awk -F: '$3 >= 1000' /etc/passwd | wc -l)"
}
# 查看用户详细信息
show_user_info() {
local username=$1
echo "=== User Information: $username ==="
echo ""
# 基本信息
echo "Basic Information:"
id $username
echo ""
# 详细信息
echo "Detailed Information:"
finger $username 2>/dev/null || echo "Finger not available"
echo ""
# 用户组
echo "Groups:"
groups $username
echo ""
# 登录历史
echo "Login History:"
last $username | head -10
}
# 记录日志
log_message() {
local message=$1
local timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo "[$timestamp] $message" >> $LOG_FILE
}
# 发送通知
send_notification() {
local message=$1
if [ "$ENABLE_EMAIL_NOTIFICATIONS" = "true" ]; then
echo "$message" | mail -s "User Manager Notification" $ADMIN_EMAIL
fi
}
# 主函数
main() {
case "$1" in
create)
create_user "$2" "$3" "$4" "$5"
;;
delete)
delete_user "$2" "$3"
;;
modify)
modify_user "$2" "$3" "$4"
;;
list)
list_users
;;
info)
show_user_info "$2"
;;
*)
echo "Usage: $0 {create|delete|modify|list|info}"
exit 1
;;
esac
}
main "$@"用户审计系统#
#!/bin/bash
# 用户审计系统
AUDIT_LOG="/var/log/user_audit/audit.log"
REPORT_DIR="/var/log/user_audit/reports"
mkdir -p $(dirname $AUDIT_LOG) $REPORT_DIR
# 审计用户创建
audit_user_creation() {
local username=$1
echo "=== User Creation Audit ===" >> $AUDIT_LOG
echo "Username: $username" >> $AUDIT_LOG
echo "Timestamp: $(date)" >> $AUDIT_LOG
echo "Created by: $(whoami)" >> $AUDIT_LOG
echo "From: $(who am i | awk '{print $5}')" >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
# 用户信息
echo "User Information:" >> $AUDIT_LOG
id $username >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
# 用户组
echo "User Groups:" >> $AUDIT_LOG
groups $username >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
}
# 审计用户删除
audit_user_deletion() {
local username=$1
echo "=== User Deletion Audit ===" >> $AUDIT_LOG
echo "Username: $username" >> $AUDIT_LOG
echo "Timestamp: $(date)" >> $AUDIT_LOG
echo "Deleted by: $(whoami)" >> $AUDIT_LOG
echo "From: $(who am i | awk '{print $5}')" >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
}
# 审计用户修改
audit_user_modification() {
local username=$1
local modification=$2
echo "=== User Modification Audit ===" >> $AUDIT_LOG
echo "Username: $username" >> $AUDIT_LOG
echo "Modification: $modification" >> $AUDIT_LOG
echo "Timestamp: $(date)" >> $AUDIT_LOG
echo "Modified by: $(whoami)" >> $AUDIT_LOG
echo "From: $(who am i | awk '{print $5}')" >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
}
# 检测异常用户活动
detect_abnormal_activity() {
echo "=== Abnormal User Activity Detection ===" >> $AUDIT_LOG
echo "Detection Time: $(date)" >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
# 检测最近创建的用户
echo "Recently Created Users (last 7 days):" >> $AUDIT_LOG
find /home -type d -mtime -7 -exec basename {} \; | while read user; do
if id $user &>/dev/null; then
echo "$user" >> $AUDIT_LOG
fi
done
echo "" >> $AUDIT_LOG
# 检测无密码用户
echo "Users Without Password:" >> $AUDIT_LOG
awk -F: '($2 == "" || $2 == "!") {print $1}' /etc/shadow >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
# 检测 UID 异常
echo "Users with UID < 1000:" >> $AUDIT_LOG
awk -F: '$3 < 1000 && $3 >= 500 {print $1}' /etc/passwd >> $AUDIT_LOG
echo "" >> $AUDIT_LOG
}
# 生成审计报告
generate_audit_report() {
local report_file="$REPORT_DIR/audit_report_$(date +%Y%m%d).txt"
echo "User Audit Report - $(date +%Y-%m-%d)" > $report_file
echo "==================" >> $report_file
echo "" >> $report_file
# 用户统计
echo "=== User Statistics ===" >> $report_file
echo "Total users: $(awk -F: '$3 >= 1000' /etc/passwd | wc -l)" >> $report_file
echo "System users: $(awk -F: '$3 < 1000' /etc/passwd | wc -l)" >> $report_file
echo "" >> $report_file
# 用户列表
echo "=== User List ===" >> $report_file
awk -F: '$3 >= 1000 {print $1}' /etc/passwd >> $report_file
echo "" >> $report_file
# 最近活动
echo "=== Recent Activity ===" >> $report_file
tail -50 $AUDIT_LOG >> $report_file
echo "Audit report saved to: $report_file"
}
# 主函数
main() {
case "$1" in
create)
audit_user_creation "$2"
;;
delete)
audit_user_deletion "$2"
;;
modify)
audit_user_modification "$2" "$3"
;;
detect)
detect_abnormal_activity
;;
report)
generate_audit_report
;;
*)
echo "Usage: $0 {create|delete|modify|detect|report}"
exit 1
;;
esac
}
main "$@"无敌#
企业级用户管理系统#
#!/bin/bash
# 企业级用户管理系统
CONFIG_FILE="/etc/enterprise_user_manager/config.conf"
LOG_DIR="/var/log/enterprise_user_manager"
USER_DIR="/etc/enterprise_user_manager/users"
mkdir -p $LOG_DIR $USER_DIR
# 加载配置
source $CONFIG_FILE
# 创建企业用户
create_enterprise_user() {
local username=$1
local full_name=$2
local email=$3
local department=$4
local role=$5
echo "Creating enterprise user: $username"
# 检查用户是否已存在
if id $username &>/dev/null; then
echo "User $username already exists"
return 1
fi
# 创建用户
useradd -m -s /bin/bash -c "$full_name" $username
if [ $? -ne 0 ]; then
echo "Failed to create user $username"
log_message "Failed to create enterprise user $username"
return 1
fi
# 设置临时密码
local temp_password=$(openssl rand -base64 12)
echo "$username:$temp_password" | chpasswd
# 设置用户属性
chage -d 0 $username # 强制首次登录修改密码
# 添加到部门组
if [ -n "$department" ]; then
usermod -aG $department $username
fi
# 添加到角色组
if [ -n "$role" ]; then
usermod -aG $role $username
fi
# 保存用户信息
local user_file="$USER_DIR/${username}.info"
cat > $user_file << EOF
username=$username
full_name=$full_name
email=$email
department=$department
role=$role
created=$(date)
created_by=$(whoami)
temp_password=$temp_password
EOF
echo "Enterprise user $username created successfully"
echo "Temporary password: $temp_password"
log_message "Enterprise user $username created successfully"
# 发送欢迎邮件
send_welcome_email $username $email $temp_password
}
# 删除企业用户
delete_enterprise_user() {
local username=$1
local archive=${2:-true}
echo "Deleting enterprise user: $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 归档用户数据
if [ "$archive" = "true" ]; then
local archive_dir="$USER_DIR/archives"
mkdir -p $archive_dir
local archive_file="$archive_dir/${username}_$(date +%Y%m%d).tar.gz"
tar -czf $archive_file /home/$username
echo "User data archived to: $archive_file"
fi
# 删除用户
userdel -r $username
if [ $? -ne 0 ]; then
echo "Failed to delete user $username"
log_message "Failed to delete enterprise user $username"
return 1
fi
# 归档用户信息
local user_file="$USER_DIR/${username}.info"
if [ -f "$user_file" ]; then
mv $user_file $USER_DIR/archives/
fi
echo "Enterprise user $username deleted successfully"
log_message "Enterprise user $username deleted successfully"
}
# 修改企业用户
modify_enterprise_user() {
local username=$1
local option=$2
local value=$3
echo "Modifying enterprise user: $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 修改用户属性
case "$option" in
full_name)
usermod -c "$value" $username
;;
email)
local user_file="$USER_DIR/${username}.info"
sed -i "s/^email=.*/email=$value/" $user_file
;;
department)
# 从旧组中移除
local old_department=$(grep "^department=" $USER_DIR/${username}.info | cut -d= -f2)
if [ -n "$old_department" ]; then
gpasswd -d $username $old_department
fi
# 添加到新组
usermod -aG $value $username
;;
role)
# 从旧角色组中移除
local old_role=$(grep "^role=" $USER_DIR/${username}.info | cut -d= -f2)
if [ -n "$old_role" ]; then
gpasswd -d $username $old_role
fi
# 添加到新角色组
usermod -aG $value $username
;;
*)
echo "Unknown option: $option"
return 1
;;
esac
if [ $? -ne 0 ]; then
echo "Failed to modify user $username"
log_message "Failed to modify enterprise user $username"
return 1
fi
# 更新用户信息文件
local user_file="$USER_DIR/${username}.info"
case "$option" in
full_name)
sed -i "s/^full_name=.*/full_name=$value/" $user_file
;;
department)
sed -i "s/^department=.*/department=$value/" $user_file
;;
role)
sed -i "s/^role=.*/role=$value/" $user_file
;;
esac
echo "Enterprise user $username modified successfully"
log_message "Enterprise user $username modified successfully"
}
# 查看企业用户信息
show_enterprise_user() {
local username=$1
local user_file="$USER_DIR/${username}.info"
if [ ! -f "$user_file" ]; then
echo "User information not found for: $username"
return 1
fi
echo "=== Enterprise User Information ==="
cat $user_file
}
# 生成用户报告
generate_user_report() {
local report_file="$LOG_DIR/user_report_$(date +%Y%m%d).txt"
echo "Enterprise User Report - $(date +%Y-%m-%d)" > $report_file
echo "===========================" >> $report_file
echo "" >> $report_file
# 用户统计
echo "=== User Statistics ===" >> $report_file
echo "Total users: $(ls $USER_DIR/*.info 2>/dev/null | wc -l)" >> $report_file
echo "" >> $report_file
# 按部门统计
echo "=== Users by Department ===" >> $report_file
grep "^department=" $USER_DIR/*.info 2>/dev/null | cut -d= -f2 | sort | uniq -c >> $report_file
echo "" >> $report_file
# 按角色统计
echo "=== Users by Role ===" >> $report_file
grep "^role=" $USER_DIR/*.info 2>/dev/null | cut -d= -f2 | sort | uniq -c >> $report_file
echo "" >> $report_file
# 最近创建的用户
echo "=== Recently Created Users (last 30 days) ===" >> $report_file
find $USER_DIR -name "*.info" -mtime -30 -exec basename {} .info \; >> $report_file
log_message "User report generated: $report_file"
}
# 记录日志
log_message() {
local message=$1
local timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo "[$timestamp] $message" >> $LOG_DIR/manager.log
}
# 发送欢迎邮件
send_welcome_email() {
local username=$1
local email=$2
local password=$3
local welcome_message="Welcome to our organization!
Your account has been created with the following details:
Username: $username
Email: $email
Temporary Password: $password
Please log in and change your password immediately.
Best regards,
System Administrator"
echo "$welcome_message" | mail -s "Welcome to Our Organization" $email
}
# 主函数
main() {
case "$1" in
create)
create_enterprise_user "$2" "$3" "$4" "$5" "$6"
;;
delete)
delete_enterprise_user "$2" "$3"
;;
modify)
modify_enterprise_user "$2" "$3" "$4"
;;
show)
show_enterprise_user "$2"
;;
report)
generate_user_report
;;
*)
echo "Usage: $0 {create|delete|modify|show|report}"
exit 1
;;
esac
}
main "$@"用户权限管理系统#
#!/bin/bash
# 用户权限管理系统
CONFIG_FILE="/etc/permission_manager/config.conf"
LOG_FILE="/var/log/permission_manager/manager.log"
mkdir -p $(dirname $LOG_FILE)
# 加载配置
source $CONFIG_FILE
# 创建角色
create_role() {
local role_name=$1
local description=$2
echo "Creating role: $role_name"
# 创建用户组
groupadd $role_name
if [ $? -ne 0 ]; then
echo "Failed to create role $role_name"
log_message "Failed to create role $role_name"
return 1
fi
# 保存角色信息
local role_file="/etc/permission_manager/roles/${role_name}.role"
cat > $role_file << EOF
role_name=$role_name
description=$description
created=$(date)
created_by=$(whoami)
EOF
echo "Role $role_name created successfully"
log_message "Role $role_name created successfully"
}
# 删除角色
delete_role() {
local role_name=$1
echo "Deleting role: $role_name"
# 检查角色是否存在
if ! getent group $role_name &>/dev/null; then
echo "Role $role_name does not exist"
return 1
fi
# 删除用户组
groupdel $role_name
if [ $? -ne 0 ]; then
echo "Failed to delete role $role_name"
log_message "Failed to delete role $role_name"
return 1
fi
# 删除角色文件
rm -f "/etc/permission_manager/roles/${role_name}.role"
echo "Role $role_name deleted successfully"
log_message "Role $role_name deleted successfully"
}
# 分配角色
assign_role() {
local username=$1
local role_name=$2
echo "Assigning role $role_name to user $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 检查角色是否存在
if ! getent group $role_name &>/dev/null; then
echo "Role $role_name does not exist"
return 1
fi
# 添加用户到角色组
usermod -aG $role_name $username
if [ $? -ne 0 ]; then
echo "Failed to assign role $role_name to user $username"
log_message "Failed to assign role $role_name to user $username"
return 1
fi
echo "Role $role_name assigned to user $username successfully"
log_message "Role $role_name assigned to user $username successfully"
}
# 撤销角色
revoke_role() {
local username=$1
local role_name=$2
echo "Revoking role $role_name from user $username"
# 检查用户是否存在
if ! id $username &>/dev/null; then
echo "User $username does not exist"
return 1
fi
# 检查角色是否存在
if ! getent group $role_name &>/dev/null; then
echo "Role $role_name does not exist"
return 1
fi
# 从角色组中移除用户
gpasswd -d $username $role_name
if [ $? -ne 0 ]; then
echo "Failed to revoke role $role_name from user $username"
log_message "Failed to revoke role $role_name from user $username"
return 1
fi
echo "Role $role_name revoked from user $username successfully"
log_message "Role $role_name revoked from user $username successfully"
}
# 查看用户角色
show_user_roles() {
local username=$1
echo "=== Roles for User: $username ==="
# 获取用户的所有组
groups $username
}
# 查看角色成员
show_role_members() {
local role_name=$1
echo "=== Members of Role: $role_name ==="
# 获取组的所有成员
getent group $role_name | cut -d: -f4 | tr ',' '\n'
}
# 生成权限报告
generate_permission_report() {
local report_file="/var/log/permission_manager/permission_report_$(date +%Y%m%d).txt"
echo "Permission Report - $(date +%Y-%m-%d)" > $report_file
echo "==================" >> $report_file
echo "" >> $report_file
# 角色统计
echo "=== Role Statistics ===" >> $report_file
echo "Total roles: $(ls /etc/permission_manager/roles/*.role 2>/dev/null | wc -l)" >> $report_file
echo "" >> $report_file
# 角色列表
echo "=== Role List ===" >> $report_file
ls /etc/permission_manager/roles/*.role 2>/dev/null | while read role_file; do
local role_name=$(basename $role_file .role)
local description=$(grep "^description=" $role_file | cut -d= -f2)
echo "$role_name: $description" >> $report_file
done
echo "" >> $report_file
# 用户角色映射
echo "=== User-Role Mapping ===" >> $report_file
awk -F: '$3 >= 1000 {print $1}' /etc/passwd | while read username; do
echo "$username: $(groups $username | cut -d: -f2)" >> $report_file
done
log_message "Permission report generated: $report_file"
}
# 记录日志
log_message() {
local message=$1
local timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo "[$timestamp] $message" >> $LOG_FILE
}
# 主函数
main() {
case "$1" in
create-role)
create_role "$2" "$3"
;;
delete-role)
delete_role "$2"
;;
assign)
assign_role "$2" "$3"
;;
revoke)
revoke_role "$2" "$3"
;;
user-roles)
show_user_roles "$2"
;;
role-members)
show_role_members "$2"
;;
report)
generate_permission_report
;;
*)
echo "Usage: $0 {create-role|delete-role|assign|revoke|user-roles|role-members|report}"
exit 1
;;
esac
}
main "$@"最佳实践#
- 使用 -m 选项:创建用户时使用 -m 选项创建主目录
- 设置强密码:为用户设置强密码或强制首次登录修改密码
- 使用用户组:合理使用用户组进行权限管理
- 记录用户操作:记录用户的创建、修改和删除操作
- 定期审计用户:定期审计用户账号,删除不必要的用户
- 使用模板:使用用户模板创建标准化的用户
- 设置过期策略:设置密码过期策略,增强安全性
- 备份用户数据:删除用户前备份用户数据
注意事项#
- useradd 需要 root 权限
- 用户名必须唯一
- 用户 ID 必须唯一
- 主目录必须存在或使用 -m 选项创建
- 密码应该使用 chpasswd 命令设置,而不是 useradd -p
- 删除用户前应该备份用户数据
- 注意用户的登录 shell 和主目录权限
- 在生产环境中管理用户时要格外小心
- 对于关键系统,建议使用专业的用户管理工具
- 注意用户的权限和安全设置