# Managing users and groups ### I. Users : Most common $COMMANDS and FILES used to manage users. consult "man $command " for more informations. #### **Commands :** * useradd \ -> to add new user. * userdel \ -> to delete an existed user. * usermod -option \ -> to modify a user characteristics. **Files : ** * vim /etc/default/useradd -> useradd default config file. * vim /etc/passwd | vipw -> verify the creation of your user with wanted properties. * vim /etc/shadow -> stores encrypted user passwords and is accessible only to the root user. ### II . Groups : Most common $COMMANDS and FILES used to manage groups. consult "man $command " for more informations. #### Commands : * groupadd \ -> to create new group. * groupdel \ -> to delete an existing group. * groupmod \ -> modify a group definition on the system. * lid -g \ -> display the members of \. * groupmems -g \ -l -> administer members of a user's primary group * other commands : groups | id | getent group .. #### Files : * vim /etc/group | vigr -> to list groups in your system. * vim /etc/gshadow -> readable only by the root user and contains an encrypted password for each grou ### Configuration files : Let's start explaining the contents of /etc/passwd "vipw" file. ``` chxmxii:x:1000:1000:RHEL8VM:/home/chxmxii:/bin/bash ``` here we took an example of a user called chxmxii. as you can see this line contains 7 fields separated by ":", I will try to explain it for you one by one. 1. chxmxii : is the username. 2. x : is the password. 3. 1000 : User ID. 4. 1000 : Group ID. 5. RHEL8VM : Comment. "GECOS" 6. /home/chxmxii : Home Directory 7. /bin/bash : shell. After understanding /etc/passwd, lets move on and find out what does /etc/shadow contains. ``` chxmxii:$1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80:18988:0:99999:7::: ``` Continuing with the same user chxmxii, unlike "vipw" /etc/shadow contains 9 fields which are : 1. chxmxii : username 2. $1$KfyGjDYU$OPkmq6g6pFehQk0DxUiZ80 : encrypted password using the format *$type$salt$hashed* and eight to 12 characters long. 3. 18988 : last password change since 1st January 1970. 4. 0 : The minimum number of days that must elapse before the password can be changed by the user. 5. 99999 : The number of days after which the password must be changed. 6. 7 : Warning period. 7. ? : Inactivity period ( since Jan. 1, 1970). 8. ? : Expiration date (The date on which the account was disabled.). 9. ? : This field is left empty and reserved for future use. {% hint style="info" %} Sometimes you will find "!" and "!!" within the password field. "!" means the password is locked. "!!" means the password is disabled. {% endhint %} ### Hints : * If you want to edit the password quality go to "/etc/security/pwquality.conf" . * If you want to edit the user configuration go to "/etc/default/useradd" . * If you want to edit the umask and pw\.age.. go to "/etc/login.defs" . {% hint style="danger" %} make sure to create a backup file before editing directly. f.g : cp /etc/login.defs /etc/login.defs-original {% endhint %} * Created files under **/etc/skel** will be created in **/home/$USER** upon creation. ### I . Practice Time: Create user chxmxii with the properties below : * UID : 1544 | GID : 1552 | GECOS : RHELV8 | HomeDir : /home/chxmxii | Shell : /bin/zsh * make sure chxmxii is a member of wheel group. * Make sure a file with name "Rules" is created in user home directory upon creation. #### Answer : ``` useradd -u 1544 -g 1552 -c "RHELV8" -d /home/chxmxii -s /bin/zsh chxmxii usermod -aG wheel chxmxii touch /etc/skel/Rules ``` {% hint style="success" %} You have just finished learning users and group managing, lets pass to the next module ownerships and permissions. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://chxmxii.gitbook.io/rhcsa/managing-users-and-groups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.