This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux:managing-users-and-groups-part-1 [2019/01/21 11:14] seanburns created |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | < | ||
- | # Managing Users and Groups | ||
- | ## Date: Mon Sep 24 12:17:52 EDT 2018 | ||
- | ## The passwd file | ||
- | |||
- | On my Fedora 28 virtual machine, I can see the following information about my user account: | ||
- | |||
- | ```bash | ||
- | $ grep " | ||
- | sean: | ||
- | ``` | ||
- | |||
- | The fields are: | ||
- | |||
- | - username | ||
- | - password indicator | ||
- | - user id | ||
- | - group id | ||
- | - gecos ingo | ||
- | - home directory | ||
- | - default shell | ||
- | |||
- | This is a pretty standard Linux file, but some things will change | ||
- | depending on the distribution. For example, the user id may start at a | ||
- | different point depending on the system. However, nowadays both Ubuntu | ||
- | and Fedora set the starting UID and group ID for new users at 1000. | ||
- | |||
- | ## The shadow file | ||
- | |||
- | Need to be root to examine the shadow file: | ||
- | |||
- | ```bash | ||
- | $ sudo su | ||
- | # grep " | ||
- | sean: | ||
- | ``` | ||
- | |||
- | The fields are: | ||
- | |||
- | - login name (username) | ||
- | - encrypted password | ||
- | - days since 1/1/1970 since password was last changed | ||
- | - days after which password must be changed | ||
- | - days before password is to expire that user is warned | ||
- | - days after password expires that account is disabled | ||
- | - days since 1/1/1970 that account is disabled | ||
- | - a reserved field | ||
- | |||
- | ## The group file | ||
- | |||
- | This file holds group information about the entire system: | ||
- | |||
- | ```bash | ||
- | $ cat /etc/group | ||
- | $ # note one group of interest | ||
- | $ grep " | ||
- | project1: | ||
- | ``` | ||
- | |||
- | The fields are: | ||
- | |||
- | - group name | ||
- | - group password | ||
- | - group ID (GID) | ||
- | - group members | ||
- | |||
- | ## Management Tools | ||
- | |||
- | The book discusses the following tools: | ||
- | |||
- | - */ | ||
- | - */ | ||
- | - */ | ||
- | - */ | ||
- | - */ | ||
- | - */ | ||
- | |||
- | ## Practice | ||
- | |||
- | ### Create a new user; modify account | ||
- | |||
- | Let's create a new user and modify the account. First note the defaults | ||
- | in **/ | ||
- | And then let's change some defaults. We can either user *sudo* or | ||
- | become *su*. Here I become *su*: | ||
- | |||
- | ```bash | ||
- | $ sudo su | ||
- | # nano / | ||
- | ``` | ||
- | |||
- | Now we're in *nano*, and we want to add these lines at the end. Feel free to add the comments: | ||
- | |||
- | ```bash | ||
- | # make " | ||
- | alias c=' | ||
- | # new files are 600; new directories are 700: | ||
- | umask 0077 | ||
- | ``` | ||
- | |||
- | Now use *nano* again to create a README file. This file will be added to the home directories of all new users. Add any welcome message you want to add, plus any guidelines for using the system. | ||
- | |||
- | ```bash | ||
- | # nano / | ||
- | ``` | ||
- | |||
- | After writing (saving) and exiting *nano*, we can go ahead and create the new user: | ||
- | |||
- | ```bash | ||
- | # useradd linus | ||
- | # grep " | ||
- | linus: | ||
- | # grep " | ||
- | linus: | ||
- | # # Let's create a password for ' | ||
- | # passwd linus | ||
- | # grep " | ||
- | # # Let's modify the maximum password lifetime | ||
- | # passwd -n 90 linus | ||
- | # # Let's modify the maximum password lifetime | ||
- | # passwd -x 180 linus | ||
- | ``` | ||
- | |||
- | ### Create a new group; add users to group | ||
- | |||
- | ```bash | ||
- | # grep " | ||
- | # groupadd project2 | ||
- | # grep " | ||
- | project2: | ||
- | # usermod -aG project2 linus | ||
- | # usermod -aG project2 sean | ||
- | # grep " | ||
- | project2: | ||
- | ``` | ||
- | |||
- | ### Delete, delete, delete | ||
- | |||
- | 1. Delete user ' | ||
- | 2. Confirm not listed in **passwd** and **shadow** files. | ||
- | 3. Confirm home directory is gone | ||
- | |||
- | #### User deletion | ||
- | |||
- | ```bash | ||
- | # userdel -r linus | ||
- | # grep " | ||
- | # grep " | ||
- | # cd /home ; ls -l | ||
- | ``` | ||
- | |||
- | #### Group deletion | ||
- | |||
- | 1. Look for groups in **group** file that begin with the string | ||
- | " | ||
- | 2. Delete " | ||
- | 3. Look again. | ||
- | |||
- | ```bash | ||
- | # grep " | ||
- | # groupdel project2 | ||
- | # grep " | ||
- | ``` | ||
- | </ |