User Management

There are three types of user accounts in Linux operating system. They are

1. root user

The root user is also called as super user. A super user can run any command with out any restrictions. This account gives you the ability to carry out all facets of system administration, including adding accounts, changing user passwords, examining log files, installing software, etc.

When you are signed in as root the shell prompt displays ‘#’ as the last character (if you are using terminal).

2. system user

The System accounts are needed for the operation of system-specific components like mail accounts and the sshd accounts. Also if we install Apache, it will create a user apache. These kind of users are called as system user.

3. normal user

These users are created by root user. Normal user accounts provide access to the system for users and groups of users. These users have limited access to critical system files and directories.

Attributes : 

User Type User Name User ID Group ID Home Directory Shell
Super user root 0 0 /root /bin/bash
System user ftp,apache etc 1 to 499 1 to 499 /var/ftp etc /sbin/nologin
Normal user sree, mark etc 500 to 60000 500 to 60000 /home/sree etc /bin/bash
Following are the important files should be aware of for user and group administration : 

/etc/passwd: – Keeps user account and password information. This file holds the majority of information about accounts on the Linux system.

/etc/shadow: – Holds the encrypted password of the corresponding account.

/etc/group: – This file contains the group information for each account.

/etc/gshadow: – This file contains secure group account information.

 

Create users

Create a user

# useradd scott

Assign password to user

# passwd scott
Changing password for user scott.
New password:
Retype new password:
passwd: all authentication tokens
updated successfully.
#

Create a user with account expiry date

# useradd -e 2017-04-01 mark
# passwd mark
Changing password for user mark.
New password:
Retype new password:
passwd: all authentication tokens
updated successfully.
#

Create a user with specific user id

# useradd -u 504 jones

Create a user with Specific user id and group id

# useradd -u 600 -g 504 ford

Add a user to multiple groups

We can add a user to multiple groups by specifying with group name or group id

# useradd -G dev,qa smith
#
# id smith
uid=601(smith) gid=601(smith) groups=601(smith),3460(dev),3461(qa)
#
# useradd -G 3460,3461 ward
#
# id ward
uid=602(ward) gid=602(ward) groups=602(ward),3460(dev),3461(qa)
#

Add a user with comments

# useradd -c"Developer" james
# tail -1 /etc/passwd
james:x:603:603:Developer:/home/james:/bin/bash
#

Add user with home directory

# useradd -d /home/mydir allen
# tail -1 /etc/passwd
allen:x:604:604::/home/mydir:/bin/bash
#

useradd options :

-u user id
-g primary group id
-G secondary group id
-d home directory
-c comment -s shell
-s shell

Delete users

Deleting a existing user

# userdel allen

Delete user even if he is still logged in

# userdel -f jones

Delete user along with home directory

# userdel -r mark

Modify user properties

Changing the home directory of user

# grep jones /etc/passwd
jones:x:504:504::/home/jones:/bin/bash
#
# usermod -d /home/jon jones
#
# grep jones /etc/passwd
jones:x:604:604::/home/jon:/bin/bash
#

Changing the primary group of a user

# usermod -g dev ford

Locking(-L) and Unlocking(-U) users

# usermod -L scott

 # usermod -U scott

Verify in /etc/shadow file it shows exclamation(!) mark at user name when user locked. After unlock it will disappear.

# usermod -L scott
# cat /etc/shadow |grep scott
scott:!$1$nAgOX9u$GLtQsaMcMBvlPUPgY.0:17143:0:99999:7:::
#
# usermod -U scott
# cat /etc/shadow |grep scott
scott:$1$nAgOX9u$GLtQsaMcMBvlPUPgY.0:17143:0:99999:7:::
#

Changing login name and password

# usermod -l karen james

# usermod -p P@ssWord karen

View account aging information

# chage -l smith
Last password change                              : Dec 08, 2016
Password expires                                  : never
Password inactive                                 : never
Account expires                                   : never
Minimum number of days between password change    : 0
Maximum number of days between password change    : 99999
Number of days of warning before password expires : 7

Changing password parameters

# chage smith
Changing the aging information for smith
Enter the new value, or press ENTER for the default
................
................

Usage: chage [options] [LOGIN]

Options:

-d, –last day LAST_DAY set date of last password change to LAST_DAY
-E, –expire date EXPIRE_DATE set account expiration date to EXPIRE_DATE
-I, –inactive INACTIVE set password inactive after expiration
to INACTIVE
-m, –min days MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, –max days MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-W, –warn days WARN_DAYS set expiration warning days to WARN_DAYS

 

Advertisements