User Tools

Site Tools


linux:managing-users-and-groups-part-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:managing-users-and-groups-part-1 [2019/01/21 11:14] (current)
seanburns created
Line 1: Line 1:
 +<​markdown>​
 +# Managing Users and Groups
 +## Date: Mon Sep 24 12:17:52 EDT 2018
  
 +## The passwd file
 +
 +On my Fedora 28 virtual machine, I can see the following information about my user account:
 +
 +```bash
 +$ grep "​sean"​ /etc/passwd
 +sean:​x:​1000:​1000:​sean:/​home/​sean:/​bin/​bash
 +```
 +
 +The fields are:
 +
 +- username
 +- password indicator
 +- user id
 +- group id
 +- gecos ingo
 +- home directory
 +- default shell
 +
 +This is a pretty standard Linux file, but some things will change
 +depending on the distribution. For example, the user id may start at a
 +different point depending on the system. However, nowadays both Ubuntu
 +and Fedora set the starting UID and group ID for new users at 1000.
 +
 +## The shadow file
 +
 +Need to be root to examine the shadow file:
 +
 +```bash
 +$ sudo su
 +# grep "​sean"​ /etc/shadow
 +sean:​ENCRYPTED_PASSWORD::​0:​99999:​7:::​
 +```
 +
 +The fields are:
 +
 +- login name (username)
 +- encrypted password
 +- days since 1/1/1970 since password was last changed
 +- days after which password must be changed
 +- days before password is to expire that user is warned
 +- days after password expires that account is disabled
 +- days since 1/1/1970 that account is disabled
 +- a reserved field 
 +
 +## The group file
 +
 +This file holds group information about the entire system:
 +
 +```bash
 +$ cat /etc/group
 +$ # note one group of interest
 +$ grep "​project1"​ /etc/group
 +project1:​x:​1001:​sean,​captkirk
 +```
 +
 +The fields are:
 +
 +- group name
 +- group password ​
 +- group ID (GID)
 +- group members
 +
 +## Management Tools
 +
 +The book discusses the following tools:
 +
 +- */​usr/​sbin/​useradd*
 +- */​usr/​sbin/​usermod*
 +- */​usr/​sbin/​userdel*
 +- */​usr/​sbin/​groupadd*
 +- */​usr/​sbin/​groupdel*
 +- */​usr/​sbin/​groupmod*
 +
 +## Practice
 +
 +### Create a new user; modify account
 +
 +Let's create a new user and modify the account. First note the defaults
 +in **/​etc/​login.defs**,​ **/​etc/​skel**,​ and **/​etc/​default/​useradd**.
 +And then let's change some defaults. We can either user *sudo* or
 +become *su*. Here I become *su*:
 +
 +```bash
 +$ sudo su
 +# nano /​etc/​skel/​.bashrc
 +```
 +
 +Now we're in *nano*, and we want to add these lines at the end. Feel free to add the comments:
 +
 +```bash
 +# make "​c"​ a shortcut for "​clear"​
 +alias c='​clear'​
 +# new files are 600; new directories are 700:
 +umask 0077
 +```
 +
 +Now use *nano* again to create a README file. This file will be added to the home directories of all new users. Add any welcome message you want to add, plus any guidelines for using the system.
 +
 +```bash
 +# nano /​etc/​skel/​README
 +```
 +
 +After writing (saving) and exiting *nano*, we can go ahead and create the new user:
 +
 +```bash
 +# useradd linus
 +# grep "​linus"​ /etc/passwd
 +linus:​x:​1002:​1003::/​home/​linus:/​bin/​bash
 +# grep "​linus"​ /etc/shadow
 +linus:​!!:​17798:​0:​99999:​7:::​
 +# # Let's create a password for '​linus'​
 +# passwd linus
 +# grep "​linus"​ /etc/shadow
 +# # Let's modify the maximum password lifetime
 +# passwd -n 90 linus
 +# # Let's modify the maximum password lifetime
 +# passwd -x 180 linus
 +```
 +
 +### Create a new group; add users to group
 +
 +```bash
 +# grep "​linus"​ /etc/group
 +# groupadd project2
 +# grep "​project2"​ /etc/group
 +project2:​x:​1004:​
 +# usermod -aG project2 linus
 +# usermod -aG project2 sean
 +# grep "​project2"​ /etc/group
 +project2:​x:​1004:​linus,​sean
 +```
 +
 +### Delete, delete, delete
 +
 +1. Delete user '​linus'​
 +2. Confirm not listed in **passwd** and **shadow** files.
 +3. Confirm home directory is gone
 +
 +#### User deletion
 +
 +```bash
 +# userdel -r linus
 +# grep "​linus"​ /etc/passwd
 +# grep "​linus"​ /etc/shadow
 +# cd /home ; ls -l 
 +```
 +
 +#### Group deletion
 +
 +1. Look for groups in **group** file that begin with the string
 +"​project"​.
 +2. Delete "​project2"​ group
 +3. Look again.
 +
 +```bash
 +# grep "​project*"​ /etc/group
 +# groupdel project2
 +# grep "​project*"​ /etc/group
 +```
 +</​markdown>​
linux/managing-users-and-groups-part-1.txt ยท Last modified: 2019/01/21 11:14 by seanburns