diff --git a/src/db/db_service.cpp b/src/db/db_service.cpp
index a2e3b90..b165c9c 100644
--- a/src/db/db_service.cpp
+++ b/src/db/db_service.cpp
@@ -141,10 +141,10 @@ id	setting_name	      setting_name_ch	         val_upper_limit	   val_lower_limi
         storage.insert(Setting{5, "max_humidity", "允许消毒最大湿度", 0, 100, 0, 90});
 
       if (storage.get_all<Setting>(where(c(&Setting::id) == 6)).size() == 0)
-        storage.insert(Setting{6, "drainage_pump_speed", "排液蠕动泵转速", 0, 40, 0, 40});//g/min
+        storage.insert(Setting{6, "drainage_pump_speed", "排液蠕动泵转速", 0, 40, 0, 40});  // g/min
 
       if (storage.get_all<Setting>(where(c(&Setting::id) == 7)).size() == 0)
-        storage.insert(Setting{7, "injection_pump_speed", "喷射蠕动泵转速", 0, 40, 0, 40}); //g/min
+        storage.insert(Setting{7, "injection_pump_speed", "喷射蠕动泵转速", 0, 40, 0, 40});  // g/min
 
       if (storage.get_all<Setting>(where(c(&Setting::id) == 8)).size() == 0)  //
         storage.insert(Setting{8, "pre_heat_time_s", "预热时间", 0, 600, 0, 120});
@@ -190,6 +190,47 @@ list<shared_ptr<User>> DBService::getAllUser() {
   }
   return users;
 }
+void DBService::addUser(string uid, string passwd, int permission_level) {
+  auto usertable = make_storage(USER_DB_STRUCT);
+  usertable.sync_schema();
+  logger->info("add user: {} {} {}", uid, passwd, permission_level);
+  usertable.insert(User{-1, uid, passwd, permission_level, true});
+}
+void DBService::delUser(int id) {
+  auto usertable = make_storage(USER_DB_STRUCT);
+  usertable.sync_schema();
+  /**
+   * @brief find admin user
+   */
+  auto admin = usertable.get_all<User>(where(c(&User::uid) == "admin"));
+  ZCHECK(admin.size() == 1, "admin user not found");
+  if (admin[0].id == id) {
+    logger->error("can not delete admin user");
+    return;
+  }
+  auto remove_user = usertable.get_all<User>(where(c(&User::id) == id));
+  if (remove_user.size() == 0) {
+    logger->error("remove user fail, user not found");
+    return;
+  }
+  logger->info("delete user: {}:{}", id, remove_user[0].uid);
+  usertable.remove<User>(where(c(&User::id) == id));
+}
+
+void DBService::updateUserPermissionLevel(int id, int permission_level) {
+  auto usertable = make_storage(USER_DB_STRUCT);
+  usertable.sync_schema();
+
+  auto user = usertable.get_all<User>(where(c(&User::id) == id));
+  if (user.size() == 0) {
+    logger->error("update user permission level fail, user not found");
+    return;
+  }
+  logger->info("update user permission level: {} {} -> {}", id, user[0].permission_level, permission_level);
+  user[0].permission_level = permission_level;
+  usertable.update(user[0]);
+}
+
 json DBService::getAllUserJson() {
   json j_users;
   auto usertable = make_storage(USER_DB_STRUCT);
diff --git a/src/db/db_service.hpp b/src/db/db_service.hpp
index 9c4ca15..6c10fac 100644
--- a/src/db/db_service.hpp
+++ b/src/db/db_service.hpp
@@ -120,6 +120,17 @@ class DBService : public enable_shared_from_this<DBService> {
   shared_ptr<db::User>       getUser(string uid);
   vector<string>             getUserNames();
 
+  /**
+   * @brief 添加用户
+   *
+   * @param uid 用户名
+   * @param passwd 密码
+   * @param permission_level 许可等级,0超级管理员 3普通用户
+   */
+  void addUser(string uid, string passwd, int permission_level);
+  void delUser(int id);
+  void updateUserPermissionLevel(int id, int permission_level);
+
  public:
   /*******************************************************************************
    *                                 SETTING_DB                                  *
diff --git a/src/main_control_service.cpp b/src/main_control_service.cpp
index 4276d24..cf175b7 100644
--- a/src/main_control_service.cpp
+++ b/src/main_control_service.cpp
@@ -233,14 +233,22 @@ void MainControlService::processFrontEndMessage(weak_ptr<WebSocket> webSocket, j
     return;
   }
 
-  if (cmdstr == "shutdown") {
-    int delayms = jsonGet<int>(cmd["delayms"]);
-    logger->info("shutdown {} ms", delayms);
-    m_autoshutdownThread.reset(new Thread("autoShutdown", [delayms, this]() {
-      ThisThread thisThread;
-      thisThread.sleepForMs(delayms);
-      dosystem("shutdown -h now");
-    }));
+  if (cmdstr == "addUser") {
+    string uid              = cmd["uid"];
+    string passwd           = cmd["passwd"];
+    int    permission_level = jsonGet<int>(cmd["permission_level"]);
+    m_dbService->addUser(uid, passwd, permission_level);
+    return;
+  }
+  if (cmdstr == "delUser") {
+    int id = jsonGet<int>(cmd["id"]);
+    m_dbService->delUser(id);
+    return;
+  }
+  if (cmdstr == "updateUserPermissionLevel") {
+    int id               = jsonGet<int>(cmd["id"]);
+    int permission_level = jsonGet<int>(cmd["permission_level"]);
+    m_dbService->updateUserPermissionLevel(id, permission_level);
     return;
   }