Part-1 User and Group Administration

Part-1 User Administration

In Linux user is one who uses the system. There can be at least one or more than one users in Linux at a time. Users on a system are identified by a username and a userid. Every process (Running Process) on the system runs as a particular user. Every file is owned by a particular user. Access to files and directories are restricted by user. The user associated with a running process determines the files and directories accessible to that process.

Some Important Points related to Users:

  • Every user of the system is assigned a unique userID number.
  • Users name and UID stored in /etc/passwd file.
  • Users password is stored in /etc/shadow file( in encrypted form).
  • Users login to the system by supplying their username and password.
  • Users cannot read, write and execute each others file without permissions.
  • Users are assigned a home directory and a program that is run when they login (Usually a shell).

Types of users in Linux and their attributes:

Super user: The root user is the most powerful user. He is the administrator user.

System users: System users are the users created by the softwares or applications.

Normal users: Normal user are the users created by the root  or sudo user.

Important Note: Whenever a user is created in the Linux by default a home directory, mail box and unique UID and GID has been created.

System administrator should be aware of two Important files.

1.) “/etc/password” file.

useradminpasswd

The above fields are:

  • gaurav: username (gaurav) is a mapping of a UID to a name.
  • x: Link to the password file (i.e /etc/shadow).
  • 1000: It is a user ID.
  • 1000: It is the user primary group ID number.
  • Gaurav,,,: Comment (brief information about the user).
  • /home/gaurav: Home directory of the user.
  • /bin/bash: Shell, It is the program that runs as the user logs in.

2.) “/etc/shadow” file.

shadowfile

The fields are as follows,

  • gaurav: UserName
  • $6$WuPP12jQNQNrXHMAmU9X1gOOnspLj0VS0Llt6XuIxaMkZ5u4.: Encrypted Password.
  • 16938: Days since that password was lat changed.
  • 0: Days after which password must be changed.
  • 99999: Days before password is to expire that user is warned.
  • 7: Days after the password is expires that user is disabled.
  • A reserved field.

The Basic syntax of useradd command is: #useradd option <username>

Let’s create a user with default attributes.

When no option is used with useradd command the option like UID,GID home directory and shell will be assigned default.

#useradd <username>

[root@server1 ~]# useradd shivani
[root@server1 ~]# getent passwd | grep shivani
shivani:x:1007:1009::/home/shivani:/bin/bash
[root@server1 ~]#

Note: Observe that uid, gid, home directory, and shell is assigned automatically.

Assigning the password to the user.

As a root user or sudo user can assign any password to any user. The syntax for assigning a password is #passwd <username>

[root@server1 ~]# passwd shivani
Changing password for user shivani.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server1 ~]#

Let’s create a user with our own attributes.

#useradd -u <UID>  -d <Home Directory> -c <comment>  <Username> Where, “-u” user ID of the new account. “-d” home directory of the new account. “-c”  Comment.

[root@server1 ~]# useradd -u 1010 -d /home/sahil -c "Sahil Dogra" sahil
[root@server1 ~]# getent passwd | grep sahil
sahil:x:1010:1010:Sahil Dogra:/home/sahil:/bin/bash
[root@server1 ~]#

Note: You can use “useradd –help” for more options.

Let’s create a user with Add /bin/ksh as A Shell.

#useradd -m -s /bin/ksh username Where, “-m”  create the user’s home directory. “-s” login shell of the new account.

[root@server1 ~]# useradd -m -s /bin/ksshell anil
[root@server1 ~]# getent passwd | grep anil
anil:x:1011:1011::/home/anil:/bin/ksshell
[root@server1 ~]#

Add a User to Multiple Groups.

#useradd -G <Groups Name > <User Name> Where, “-G” list of supplementary groups of the new account.

[root@server1 ~]# useradd -G Network,httpd mayur
[root@server1 ~]# id mayur
uid=1012(mayur) gid=1013(mayur) groups=1013(mayur),1008(httpd),1012(Network)
[root@server1 ~]#

Note: Using, id <User Name> shows the real and effective user and group IDs.

Let’s Create a User without Home Directory.

#useradd -M <UserName> Where, “-M” do not create the user’s home director.

[root@server1 ~]# useradd -M mahesh
[root@server1 ]# cd /home
[root@server1 home]# ls | grep sahil
[root@server1 home]#

Modifying the user’s attribute

After  creating a user if we need a modify the attributes of user like changing uid, changing secondary group id or adding a comment, locking or unlocking the user account, can be done by following command.

#usermod <option> <username>

Locking a user account.

#usermod -L <username> Where, “L” lock the user account.

#usermod -L anil

[root@server1 ~]# cat /etc/shadow | grep anil
anil:$6$yz09Qc.y$ldY7oYAFzzaDfLCxWU1tvDQzHpJ8qIrZg7WSYv.:17078:0:99999:7:::
[root@server1 ~]# usermod -L anil
[root@server1 ~]# cat /etc/shadow | grep anil
anil:!$6$yz09Qc.y$ldY7oYAFzzaDfLCxWU1tvDQzHpJ8qIrZg7WSYv.:17078:0:99999:7:::
[root@server1 ~]#

Note: When an account is locked it will show ! (Exclamation mark) in /etc/shadow file.Now Let’s verify it in /etc/shadow file , it shows exclamation mark.

Unlocking a user account.

#usermod -U <username> Where, “U” unlock the user account.

#usermod -U anil

[root@server1 ~]# usermod -U anil
[root@server1 ~]# cat /etc/shadow | grep anil
anil:$6$yz09Qc.y$ldY7oYAFzzaDfLCxWU1tvDQzHpJ8qIrZg7WSYv.:17078:0:99999:7:::
[root@server1 ~]#

Observe the above shows, Once the account is unlocked the exclamation is gone.

Modify comment of the user account.

#usermod -c “New Comment” <User Name> Where, “-c” new value of the GECOS field.

[root@server1 ~]# getent passwd | grep sahil
sahil:x:1010:1010:Sahil Dogra:/home/sahil:/bin/bash
[root@server1 ~]# usermod -c "Sahil" sahil
[root@server1 ~]# getent passwd | grep sahil
sahil:x:1010:1010:Sahil:/home/sahil:/bin/bash
[root@server1 ~]#

Change the User Home Directory.

#usermod -d <New Directory Path> <Username> Where, “-d” new home directory for the user account.

[root@server1 ~]# getent passwd | grep sahil
sahil:x:1010:1010:Sahil:/home/sahil:/bin/bash
[root@server1 ~]# usermod -d /var/ftp/ sahil
[root@server1 ~]# getent passwd | grep sahil
sahil:x:1010:1010:Sahil:/var/ftp/:/bin/bash
[root@server1 ~]#

Change the Primary Group.

#usermod -g <Group Name> <User Name> Where, “-g” force use GROUP as new primary group.

root@server1 ~]# id sahil
uid=1010(sahil) gid=1010(sahil) groups=1010(sahil)
[root@server1 ~]# usermod -g Network sahil
[root@server1 ~]# id sahil
uid=1010(sahil) gid=1012(Network) groups=1012(Network)
[root@server1 ~]#

Change the Login Name.

#usermod -l <Newuser Name> <Old Username> Where, “-l” new value of the login name.

[root@server1 ~]# usermod -l sahil_admin sahil
[root@server1 ~]# id sahil
id: sahil: no such user
[root@server1 ~]# id sahil_admin
uid=1010(sahil_admin) gid=1012(Network) groups=1012(Network)
[root@server1 ~]#

Create Un-encrypted Password for any User.

usermod -p <Un-encryted password> <username> Where, “-p” use encrypted password for the new password.

[root@server1 ~]# cat /etc/shadow | grep sahil
sahil:$6$4N.q9c0L$buOSrvjqdtEfhMZPVzpld8Cc4:17078:0:99999:7:::
[root@server1 ~]# usermod -p centos sahil
[root@server1 ~]# cat /etc/shadow | grep sahil
sahil:centos:17078:0:99999:7:::
[root@server1 ~]#

The Password Parameters

For any user we can set the parameters for the password, like min. and max. password age, password expiration warnings and accounts expiration date.To view the advanced parameters of the user, use

#chage -l <username>

[root@server1 ~]# chage -l sahil
Last password change                                  : Oct 04, 2016
Password expires                                      : never
Password inactive                                     : never
Account expires                                       : never
Minimum number of days between password change        : 0
Maximum number of days between password change        : 99999
Number of days of warning before password expires     : 7
[root@server1 ~]# 

Last password change: When the password was change last time.
Password expires: Password expiry date
Password inactive: After password expiry grace period before the account gets locked.
Account expires: Date on which the account expires.
Minimum number of days between password change: Once the password is changed, it cannot be changed until a min period of specific date,[0] means never.
Maximum number of days between password change: After changing the password how long it will be valid it.
Number of days of warning before password expires: Start the warning to change the password, no. of days before the password expires.

Two ways to change the password parameters.

Let’s see the first method.

#chage <username>

[root@server1 ~]# chage sahil
Changing the aging information for sahil
Enter the new value, or press ENTER for the default

    Minimum Password Age [0]: 2
    Maximum Password Age [99999]: 10
    Last Password Change (YYYY-MM-DD) [2016-10-04]: 
    Password Expiration Warning [7]: 3
    Password Inactive [-1]: 0
    Account Expiration Date (YYYY-MM-DD) [-1]: 2016-10-29
[root@server1 ~]# chage -l sahil
Last password change                                  : Oct 04, 2016
Password expires                                      : Oct 14, 2016
Password inactive                                     : Oct 14, 2016
Account expires                                       : Oct 29, 2016
Minimum number of days between password change        : 2
Maximum number of days between password change        : 10
Number of days of warning before password expires     : 3
[root@server1 ~]#

Second Method

#chage <option> <value> <username>

Use the “chage –help” command to find out the options.

[root@server1 ~]# chage -W 5 sahil
[root@server1 ~]# chage -l sahil
Last password change                                  : Oct 04, 2016
Password expires                                      : Oct 14, 2016
Password inactive                                     : Oct 14, 2016
Account expires                                       : Oct 29, 2016
Minimum number of days between password change        : 2
Maximum number of days between password change        : 10
Number of days of warning before password expires     : 5
[root@server1 ~]# 

Note: “-W” used to start of warning to change the password.

Deleting a User

To delete the user the syntax used is #userdel  <username> You can use “-r”  option which is used to remove home directory and mail spool.

#userdel -r <username>

[root@server1 ~]# tree /home/
/home/
├── anil
├── gaurav
│   └── linux
└── sahil
3 directories, 1 file
[root@server1 ~]# userdel -r sahil
[root@server1 ~]# tree /home/
/home/
├── anil
└── gaurav
    └── linux
2 directories, 1 file
[root@server1 ~]

Note: Use “userdel –help” command to find out more options.!!!

Read Also: Part2 User and Group Administration

Leave a Reply

1 Comment on "Part-1 User and Group Administration"

Notify of
avatar
Sort by:   newest | oldest | most voted
Ravi
Guest

It is very useful ..

wpDiscuz