User management is a fundamental aspect of Linux system administration. Whether you're a seasoned sysadmin or a Linux enthusiast, understanding the essential commands for user management is crucial. In this blog post, I we'll explore Linux commands that will empower you to efficiently manage users and group on Linux system
What is user ?
Every process (running program) on the system runs as a particular user. Every file is owned by a particular user. Access to files and directories are restricted by user. The user associated with a running process determines the files and directories accessible to that process.
id command is used to show current logged-in user, also you can use id command to see the basic information about other user
$iduid=1000(nirmal) gid=1000(nirmal) groups=1000(nirmal)
or
$id rootuid=0(root) gid=0(root) groups=0(root)
To view user associated with a file or directory, you can use ls -l command
$ls -l /home
To view process associated with a user you can use ps command
$ps au
To switch user from one user to another user
$ su - username
or
$su username
Database files for User and group
/etc/passwd
username : password : UID : GID : GECOS : HomeDir : Shell
/etc/shadow
Then file /etc/shadow is used to store password information
for all users in Linux
/etc/group
Then file /etc/group is used to store group information
for all the group in Linux
/etc/gshadow
Then file /etc/gshadow is used to store password information
for all group in Linux
What is a group?
Like users, groups have a name and a number (GID). Local groups are defined in /etc/group
There are two types of group used in Linux
1 - Primary Group
2 - Supplementary groups or Secondary Group
Managing Local User Accounts
UID ranges
-
UID 0 is always assigned to the superuser account, root.
-
UID 1-200 is a range of "system users" assigned statically to system processes by Red Hat.
-
UID 201-999 is a range of "system users" used by system processes that do not own files onthe file system. They are typically assigned dynamically from the available pool when thesoftware that needs them is installed. Programs run as these "unprivileged" system users inorder to limit their access to just the resources they need to function.
-
UID 1000+ is the range available for assignment to regular users.
#useradd username
#passwd username
#useradd -u 1010 username
* To create a user with specific group "supplementary groups" , shell and user with single command
#useradd -G groupname -s /sbin/nologin -u 1010 username
* To create user with user description
#useradd -c "IT Department" username
* To create a user with specific expiry date
#useradd -e 2024-12-31 username
* To create a system user
#useradd -r username
* To create a user without home Directory
#useradd -M username
* To create a user with specific home directory on different location
#useradd -d /opt/username username
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
Managing Local Groups
1. Basic Group Creation:
#groupadd mygroup
2. Specify GID (Group ID):
#groupadd -g 1001 mygroup
This command creates a group with the name "mygroup" and specifies the Group ID as 1001. You can replace 1001 with the desired Group ID.
3. Add System Group:
#groupadd -r mygroup
This creates a system group ("-r" option) .
4. Add Description to Group:
#groupadd -r -g 1001 -f "My important group" mygroup
This creates a system group ("-r" option) with a specific Group ID and a description.
5. Display Group Information:
#grep mygroup /etc/group
After creating the group, you can use `grep` to display group information from the `/etc/group` file.
Remember to replace "mygroup" and the Group ID with your preferred group name and ID.
Modification of Local User and group Accounts
A : Modification of Local User
The usermod and userdel command in Linux is used to modify user account attributes. Here are some examples:
1. Change User's Home Directory:
#usermod -d /path/to/new/home username
2. Change User's password :
#passwd username
3. Change User's Login Name:
#usermod -l newusername oldusername
4. Add User to Additional Groups:
#usermod -aG group1,group2 username
5. Change User's Shell:
#usermod -s /path/to/new/shell username
6. Lock/Unlock User Account:
- Lock:
#usermod -L username
- Unlock:
#usermod -U username
7. Set User's Expiry Date:
#usermod -e YYYY-MM-DD username
8. Remove User Expiry Date:
#usermod -e -1 username
9. Change User's UID (User ID):
#usermod -u newUID username
10. Delete User Account (Keep Home Directory):
#userdel username
11. Delete User Account and Home Directory:
#userdel -r username
The `-r` option removes the user's home directory along with the user account.
12. Force Removal (Even if User is Logged In):
#userdel -f username
Use this with caution, as it forcefully removes the user, even if they are logged in.
13. Remove Only User's Home Directory:
#rm -r /home/username
This is a separate step if you want to keep the user account but remove the home directory manually.
Remember to replace placeholders like `username`, `group1`, `group2`, etc., with your actual usernames and group names. Always double-check your changes to avoid accidental misconfigurations.
B: Modification of Local Groups
The `groupmod` command in Linux is used to modify group attributes. Here are some examples:
1. Change Group Name:
#groupmod -n newgroupname oldgroupname
2. Set Password on Group:
#gpasswd groupname
3. Change Group GID (Group ID):
#groupmod -g newGID groupname
4. Add User to Group:
#usermod -aG newgroupname username
5. Remove User from Group:
#gpasswd -d username groupname
6. Change Group Password:
#groupmod -p newpassword groupname
Remember to replace placeholders like `newgroupname`, `oldgroupname`, `username`, etc., with your actual group names and usernames. Always double-check your changes to avoid accidental misconfigurations.
C: Managing password expiry of user
The `chage` command in Linux is used to change user password expiry information. Here are some examples:
1. **View Password Expiry Information:**
#chage -l username
This command displays detailed information about the password aging for the specified user.
2. Set Maximum Number of Days between Password Changes:
#chage -M 60 username
This example sets the maximum number of days between password changes to 60 for the specified user.
3. Set Password Expiry Date:
#chage -E YYYY-MM-DD username
This example sets the password expiry date for the specified user.
4. Force Password Change on Next Login:
#chage -d 0 username
This example forces the user to change their password on the next login.
5. Disable Password Expiry:
#chage -M -1 username
This example disables Account expiry for the specified user.
6. Disable Account Expiry:
#chage -E -1 username
This example disables Account expiry for the specified user.
Remember to replace `username` with the actual username you want to modify. The `chage` command provides flexibility in managing password aging and expiry policies for user accounts on Linux systems.
D : Creating Super User (sudo user)
1. Create a New User:
#useradd superusername
#passwd superusername
Replace `superusername ` with the desired username for the new sudo user.
2. Add the User to the sudo Group:
#usermod -aG wheel superusername
This command adds the user to the `wheel` group, which is typically configured to have sudo privileges.
3. Verify sudo Access:
Switch to the new user and try running a command with sudo to verify access.
#su - superusername$sudo some_command
Replace `some_command` with the actual command you want to run with sudo.
Note : You can also create sudo user by editing in sudoers file like
#vim /etc/sudoerssuperusername ALL=(ALL) ALL
save the file
* If you wanted password less sudo user make entry like this
#vim /etc/sudoerssuperusername ALL=(ALL) NOPASSWD: ALL
save the file
#su - superusername$sudo some_command
Now, the newly created user should have sudo privileges on your
Red Hat 8 system. Remember to replace `superusername ` with the chosen username for your new sudo user.
No comments:
Post a Comment