# Managing users and groups ### I. Users : Most common $COMMANDS and FILES used to manage users. consult "man $command " for more informations. #### **Commands :** * useradd \ -> to add new user. * userdel \ -> to delete an existed user. * usermod -option \ -> to modify a user characteristics. **Files : ** * vim /etc/default/useradd -> useradd default config file. * vim /etc/passwd | vipw -> verify the creation of your user with wanted properties. * vim /etc/shadow -> stores encrypted user passwords and is accessible only to the root user. ### II . Groups : Most common $COMMANDS and FILES used to manage groups. consult "man $command " for more informations. #### Commands : * groupadd \ -> to create new group. * groupdel \ -> to delete an existing group. * groupmod \ -> modify a group definition on the system. * lid -g \ -> display the members of \. * groupmems -g \ -l -> administer members of a user's primary group * other commands : groups | id | getent group .. #### Files : * vim /etc/group | vigr -> to list groups in your system. * vim /etc/gshadow -> readable only by the root user and contains an encrypted password for each grou ### Configuration files : Let's start explaining the contents of /etc/passwd "vipw" file. ``` chxmxii:x:1000:1000:RHEL8VM:/home/chxmxii:/bin/bash ``` here we took an example of a user called chxmxii. as you can see this line contains 7 fields separated by ":", I will try to explain it for you one by one. 1. chxmxii : is the username. 2. x : is the password. 3. 1000 : User ID. 4. 1000 : Group ID. 5. RHEL8VM : Comment. "GECOS" 6. /home/chxmxii : Home Directory 7. /bin/bash : shell. After understanding /etc/passwd, lets move on and find out what does /etc/shadow contains. ``` chxmxii:$1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80:18988:0:99999:7::: ``` Continuing with the same user chxmxii, unlike "vipw" /etc/shadow contains 9 fields which are : 1. chxmxii : username 2. $1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80 : encrypted password using the format *$type$salt$hashed* and eight to 12 characters long. 3. 18988 : last password change since 1st January 1970. 4. 0 : The minimum number of days that must elapse before the password can be changed by the user. 5. 99999 : The number of days after which the password must be changed. 6. 7 : Warning period. 7. ? : Inactivity period ( since Jan. 1, 1970). 8. ? : Expiration date (The date on which the account was disabled.). 9. ? : This field is left empty and reserved for future use. {% hint style="info" %} Sometimes you will find "!" and "!!" within the password field. "!" means the password is locked. "!!" means the password is disabled. {% endhint %} ### Hints : * If you want to edit the password quality go to "/etc/security/pwquality.conf" . * If you want to edit the user configuration go to "/etc/default/useradd" . * If you want to edit the umask and pw\.age.. go to "/etc/login.defs" . {% hint style="danger" %} make sure to create a backup file before editing directly. f.g : cp /etc/login.defs /etc/login.defs-original {% endhint %} * Created files under **/etc/skel** will be created in **/home/$USER** upon creation. ### I . Practice Time: Create user chxmxii with the properties below : * UID : 1544 | GID : 1552 | GECOS : RHELV8 | HomeDir : /home/chxmxii | Shell : /bin/zsh * make sure chxmxii is a member of wheel group. * Make sure a file with name "Rules" is created in user home directory upon creation. #### Answer : ``` useradd -u 1544 -g 1552 -c "RHELV8" -d /home/chxmxii -s /bin/zsh chxmxii usermod -aG wheel chxmxii touch /etc/skel/Rules ``` {% hint style="success" %} You have just finished learning users and group managing, lets pass to the next module ownerships and permissions. {% endhint %}