Managing users and groups

Learn how to manage users and groups

I. Users :

Most common $COMMANDS and FILES used to manage users. consult "man $command " for more informations.

Commands :

• useradd <username> -> to add new user.

• userdel <username> -> to delete an existed user.

• usermod -option <username> -> to modify a user characteristics.

Files :

• vim /etc/default/useradd -> useradd default config file.

• vim /etc/passwd | vipw -> verify the creation of your user with wanted properties.

• vim /etc/shadow -> stores encrypted user passwords and is accessible only to the root user.

II . Groups :

Most common $COMMANDS and FILES used to manage groups. consult "man $command " for more informations.

Commands :

• groupadd <groupname> -> to create new group.

• groupdel <groupname> -> to delete an existing group.

• groupmod <groupname> -> modify a group definition on the system.

• lid -g <groupname> -> display the members of <groupname>.

• groupmems -g <groupname> -l -> administer members of a user's primary group

• other commands : groups | id | getent group ..

Files :

• vim /etc/group | vigr -> to list groups in your system.

• vim /etc/gshadow -> readable only by the root user and contains an encrypted password for each grou

Configuration files :

Let's start explaining the contents of /etc/passwd "vipw" file.

chxmxii:x:1000:1000:RHEL8VM:/home/chxmxii:/bin/bash

here we took an example of a user called chxmxii. as you can see this line contains 7 fields separated by ":", I will try to explain it for you one by one.

1. chxmxii : is the username.

2. x : is the password.

3. 1000 : User ID.

4. 1000 : Group ID.

5. RHEL8VM : Comment. "GECOS"

6. /home/chxmxii : Home Directory

7. /bin/bash : shell.

After understanding /etc/passwd, lets move on and find out what does /etc/shadow contains.

chxmxii:$1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80:18988:0:99999:7:::

Continuing with the same user chxmxii, unlike "vipw" /etc/shadow contains 9 fields which are :

1. chxmxii : username

2. $1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80 : encrypted password using the format $type$salt$hashed and eight to 12 characters long.

3. 18988 : last password change since 1st January 1970.

4. 0 : The minimum number of days that must elapse before the password can be changed by the user.

5. 99999 : The number of days after which the password must be changed.

6. 7 : Warning period.

7. ? : Inactivity period ( since Jan. 1, 1970).

8. ? : Expiration date (The date on which the account was disabled.).

9. ? : This field is left empty and reserved for future use.

Sometimes you will find "!" and "!!" within the password field.

"!" means the password is locked.

"!!" means the password is disabled.

Hints :

• If you want to edit the password quality go to "/etc/security/pwquality.conf" .

• If you want to edit the user configuration go to "/etc/default/useradd" .

• If you want to edit the umask and pw.age.. go to "/etc/login.defs" .

make sure to create a backup file before editing directly.

f.g : cp /etc/login.defs /etc/login.defs-original

• Created files under /etc/skel will be created in /home/$USER upon creation.

I . Practice Time:

Create user chxmxii with the properties below :

• UID : 1544 | GID : 1552 | GECOS : RHELV8 | HomeDir : /home/chxmxii | Shell : /bin/zsh

• make sure chxmxii is a member of wheel group.

• Make sure a file with name "Rules" is created in user home directory upon creation.

Answer :

useradd -u 1544 -g 1552 -c "RHELV8" -d /home/chxmxii -s /bin/zsh chxmxii
usermod -aG wheel chxmxii
touch /etc/skel/Rules

You have just finished learning users and group managing, lets pass to the next module ownerships and permissions.