Users and group management.
Three types of users
1> Super users (root)
2> System users : this users are created during system installation.
3> Limited users : these users are created ny root user and they have access to their home directory only.
When we create any new users then by default it create below
i> make entries in /etc/passwd and /etc/shadow
ii> create home directory /home/username
iii> mailbox /var/spool/mail/username
User ::: UID
root 0
system user : 1-499
limited users : 500-onward.
The entry in “/etc/passwd” is look like
alex:x:500:500: :/home/alex:/bin/bash
username:password_enable:UID:GID:comment:home_directory:login_shell
Note : 1> we can change all the entries for user Or set modified value during user creation with help of commands.
2> If we remove “x” value in password_enable/disable field. Then user can login without password.
When we set password to user it make entries in /etc/shadow file as
alex:&6 $ABCD $1——RV——:9999:7
userName:Algo_saltValue_RandomValue:days:password_policy
the entry start from Algo to password_policy is combine called as Hash value
Algorithm for password encryption.
SHA512 in RHEL6 => value $6
MD5 in previous versions => value &1
Extra : there is /etc/passwd- and /etc/shadow- file as backup if you accidently delete original files.
=========================================
1> Add and remove users
graphically
System => administration => add and remove user.
Command lines :
#useradd userName
Or
#adduser UserName
2> change set password
#passwd username
enter password twice
Or
#lpasswd username
it ask for old password
3> Switching users
#su -alex : switch user to alex and goto his home directory
#su alex : switch user to alex and keep same working directory
#su – : switch to root user
4> Modifying user information in passwd
i> change user login name
#usermod -l Newname OldName
ii> change UID
#usermod -u ID username
iii> change comment
#usermod -c “comment” username
iv>change home directory
#usermod -d New_path username
v> change login shell
#usermod -s /sbin/nologin username
Note : you can also pass custom information with useradd command with same (above) option with useradd command during user
creation.
5> Delete user
#userdel username
#userdel -r username : delete user with home directory.
6> Lock / Unlock the user password
Lock
#usermod -L username
Unlock
#usermod -U username
Extra ::
i> check UID and GID of user
#id username
2> check user login info
#pinky username
3> user information
#finger username –install finger package
Change finger information
#chfn username
==========================================================================================
Group management
1> Add group
#groupadd GroupName
It create entries in /etc/group and also has symbolic link /etc/group-
2> set password to group
#gpasswd GroupName
enter password twice
3> lock / unlock group password
Lock
#gpasswd -R grouName
Unlock
#gpasswd -r groupName
4> Modify group information
i> change gid of group
#groupmod -g NewID groupName
ii> change group name
#groupmod -n NewName OldName
5> Delete group
#groupdel groupName
6> Add and remove users in group
Add
#usermod -G group User1 user2
Remove
#gpasswd -d UserName groupName
7> Change primary group of user
#usermod -g Newgroup username
Change secondary (membership) group of user
#usermod -G groupname Username
Change groupship of active user ( user should be login)
#newgrp groupName
Extra ::
i> check active users
#users
ii> check active/login group
#groups
=================================================================
password Policy
In this you can set the password expiry, account expiry, account and password validation limit
1> check user policy
#chage -l UserName
2> change password policy
#chage username
Then it ask for diffent policy information. Enter the require data.
=================================================================
Leave a Reply
You must be logged in to post a comment.