Skip to main content

User & Group management by command line-1


User and Group administration in redhat linux


In Linux there are three type of users.

1. Super user or root user (#)
Super user or the root user is the most powerful user. He is the administrator user.

2. System users
System users are the users created by the softwares or applications. For example if we install Apache it will create a user apache. This kind of users are
known as system users.

3. Normal users ($)
Normal users are the users created by root user. They are normal users like John, Ramu etc. Only the root user has the permission to create or remove a user.

In linux systems every user will have a unique user ID. It is known as UID. The Range of UIDs will be as follows:

1. Root user UID will be "0"

2. Systems users UID will be "1 - 499"

3. Normal users UID will be "500 - 60000"
The range of MIN_GID and MAX_GID is specified in the file "/etc/login.defs".

There are three important files a user administrator should be aware of.
1. "/etc/passwd"
2. "/etc/shadow"
3. "/etc/group"

Each of the above mentioned files have specific formats.
1. "/etc/passwd"
The first line will be like this.
root:x:0:0:root:/root:/bin/bash

There are seven fields in it with each separated by ":"
Fields are as follows,

User_name:Pointer_to_Shadow_file:UID:Comment:GID:Home_Directory:Login_shell

1. User_name is the name of the user.
2. Pointer to shadow file is the pointer to the "/etc/shadow" where the encrypted password for that user is stored.
3. UID is the user ID.
4. GID is the goup ID for the user.
5. Comment is a field where we can add some info about that user. Suppose if the user is a group leader, we can specify it there.
6. Home_dir denotes the path of users home directory. By default for root user it'll be "/root" and for normal user it'll be "/home/user_name".
7. Default login shell will be "/bin/bash". If we want to change it to korn shell edit it to "/bin/ksh". If no login shell is required for that user then give
"/sbin/nologin"

2. "/etc/shadow"
Shadow file contains the user's encrypted password and password aging options.

The first line will be like this
root:$1fdsfsgsdfsdkffefje:14757:0:99999:7:::

The fields are as follows,
1. User_name
2. Encrypted password
3. Days since that password was last changed.
4. Days after which password must be changed.
5. Days before password is to expire that user is warned.
6. Days after the password is expires that the user is disabled.
7. Days since the account is disabled.
8. A reserved field.

3. "/etc/group"

Contains information about groups in the system.

The first line will be like this
root:x:0:root

The fields are as follows.
1. Group_name, the name of the group
2. The encrypted group password
3. GID, Group ID
4. User_list, all the group member's user names. Separated by commas.

How to create a user :-
In linux a user can be created with specific UID, GID, comment, Home directory and login shell. The options are as follows.
The command to add a user is #adduser or #useradd. Actually useradd is the real command and adduser is a soft link to the useradd command. But the usage of both are same.
A command to add a user with all the fields we mentioned before is as follows.
[root@linuxuser~]# useradd -u UID -g GID/Group_name -c COMMENT -d Home_dir -s LOGIN SHELL User_name
An example:
[root@linuxuser~]# useradd -u 555 -g linux -c Admin -d /admin/naresh -s /bin/bash naresh
Prior to the executing of the above command you should create the group 'linux'.
You can also add -p for password and -G for secondary groups which we will see later.
If u want to add the password, u 've to give the password in encrypted form.

For example,
[root@linuxuser~]# useradd -p encrypted_password anup

How do I change passwords for specific user account under Linux operating systems using command line?

You need to use the passwd command to change passwords.
  1. A normal user may only change the password for his/her own account
  2. The superuser (root user) may change the password for any account or specific account.
  3. passwd command also changes the account or associated password validity period.
First, login as the root user. Use sudo -s or su - command to login as root. To change password of specific user account, use the following syntax:

Set or Change User Password :-
Type passwd command as follows to change your own password:
[root@linuxuser~]# passwd < Press Enter >

Output:
Changing password for naresh
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully.

Change Password For Other User Account :-
You must login as root user, type the following command to change password for user prem :
[root@linuxuser~]# passwd naresh
Output:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully.

To see password status of any user account, enter:
Syntax :-
[root@linuxuser~]# passwd -S userNameHere

Examples :
[root@linuxuser~]# passwd -S naresh

Sample outputs:
prem P 05/05/2012 0 99999 7 -1
The status information consists of 7 fields as follows:
  1. Naresh : Account login name (username)
  2. P : This field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)
  3. 05/05/2012 : Date of the last password change.
  4. 0 : Password expiry minimum age
  5. 99999 : Password expiry maximum age.
  6. 7 : Password expiry warning period.
  7. -1 : Inactivity period for the password

Modifying existing users :-
We can also modify the existing user with #usermod command.
for example,
[root@linuxuser~]# usermod -u 555 -g linux -c admin -d /admin/prabhakar -s /bin/bash prabhakar

We can change the login name of a user using the option -l
Syntax is as follows
[root@linuxuser~]# usermod -l new_name old_name

for example,
[root@linuxuser~]# usermod -l naresh prabhakar

Locking and unlocking the user Acconts
[root@linuxuser~]# usermod -L username
Executing the above command will lock the user with username.

[root@linuxuser~]# usermod -U username
Executing the above command will unlock the user with username.

Removing a user Accounts :-
we can remove a user using #userdel command
For example,
[root@linuxuser~]# userdel user_name
The above command will remove the user but not his home directory. This is for taking back up of the files from it in case needed.

[root@linuxuser~]# userdel -r user_name
the above commad will remove the user as well as user's home directory.

[root@linuxuser~]# passwd -d u_name
Deleting the password of a user or allowing password less login for a user.

[root@linuxuser~]# useradd -s /bin/nologin vikas
To add user but not allow to login in the system.

[root@linuxuser~]# useradd -M anup
To create user without creating home directory. The above command will create user anup but home directory will not be created.

Switching users
sometimes we may need to switch between users.
The command for switching is #su

1. [root@linuxuser~]# su
Switches to root user. But only gets privileges.

2. [root@linuxuser~]# su -
Switches to root user. Gets privileges and home directory access.

1. [root@linuxuser~]# su raju
Switches to user raju

2. [root@linuxuser~]# su - raju
gets also home dir access of raju.

If you are logined as root user and switching to normal user, you wont be prompted for the password. But you'll be prompted for password if otherwise.

How to change the login shell for Linux user :-
Use chsh command to change the user login shell. This determines the name of the user's initial login command. A normal user may only change the login shell for her own account, the super user may change the login shell for any account.
Display list of shell
[root@linuxuser~]# less /etc/shells
[root@linuxuser~]# cat /etc/shells
[root@linuxuser~]# more /etc/shells

Change the user login shell to /bin/ksh for foo user :-
[root@linuxuser~]# chsh -s /bin/ksh foo
[root@linuxuser~]# chsh -s /bin/bash username

One additional switch worth mentioning is "-D", which controls the defaults for useradd. Specifying the "-D" switch on its own will simply display the default settings, while specifying -D in conjunction with other switches will change the defaults to those values.
[root@linuxuser~]# useradd -D
GROUP=100
INACTIVE=-1HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
[root@linuxuser~]# useradd -D -s /bin/sh
[root@linuxuser~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel

How to create a group :-
There are two kinds of users in linux. They are,

1. Primary group
2. Secondary group

When we create a user a group also will be created in the same name of the user. Suppose we creating a user abc with uid 540, then a group abc will be created with same gid. And if the user abc creates a file xyz, it's owner will be user abc and group will be group abc. That is abc is its primary group. Thats normally all the files and directories created by a user belongs to its primary group.
But what if the user needs access to the directories created by other groups? or a user has to supervise a number of groups? then comes the secondary group concept.
All the other groups are added as the secondary groups of that user.

The command to add a group is #groupadd

eg:
[root@linuxuser~]# groupadd group_name
[root@linuxuser~]# groupadd -g 540 linux

Suppose we want to create a user prem with admin,programmer as secondary groups, it can be done as follows

[root@linuxuser~]# useradd -G admin,programmer prem
You have to specify all the secondary groups in single command, not one after one in different commands. But you can appended the secondary groups to a user using the -a option with usermod command.

For example,
A user john is a member of groups admin and programmer. We can append the group ibm to him as follows.
[root@linuxuser~]# usermod -a -G admin naresh

Checking the groups of a user
[root@linuxuser~]# groups username
Will list all groups that the user belongs to.

How to set a password for a group?
[root@linuxuser~]# groupadd admin
[root@linuxuser~]# gpasswd admin

the password will be saved in "/etc/gshadow".

To change the name of a group
[root@linuxuser~]# groupmod -n newname oldname

Comments

Post a Comment

Popular posts from this blog

Red Hat Enterprise version list

Red Hat Enterprise Linux 6 Release/Update General Availability Date redhat-release Errata Date* Kernel Version RHEL 6 Update 4 TBA TBA TBA RHEL 6 Update 3 2012-06-20 2012-06-19 RHSA-2012-0862 2.6.32-279 RHEL 6 Update 2 2011-12-06 2011-12-06 RHEA-2011:1743 2.6.32-220 RHEL 6 Update 1 2011-05-19 2011-05-19 RHEA-2011:0540 2.6.32-131.0.15 RHEL 6 GA 2010-11-09 - 2.6.32-71 Codename: Santiago (based on a mix of Fedora 12, Fedora 13, and several modifications) Red Hat Enterprise Linux 5 Release/Update General Availability Date redhat-release Errata Date* Kernel Version RHEL 5 Update 9 TBA TBA TBA RHEL 5 Update 8 02/20/2012 02/20/2012 RHEA-2012:0315 2.6.18-308 RHEL 5 Update 7 07/21/2011 07/20/2011 RHEA-2011:0977 2.6.18-274 RHEL 5 Update 6 01/13/2011 01/12/2011 RHEA-2011:0020 2.6.18-238 RHEL 5 Update 5 03/30/2010 03/30/2010 RHEA-2010:0207 2.6.18-194 RHEL 5 Update 4 09/02/2009 09/02/2009 ...
Post a Comment
Read more

Installation Red Hat Enterprise & make standered partition

First of all select DVD and reboot your computer. After Booting from DVD you will get below screen. Select  Install or Upgrade an Existing System and press Enter. If you get the following screen then let Anaconda take another step. Select your preferred  Language and Select  Keyboard Layout . In Following Screen you will be able to see 4 Installation Methods, Let me explain Methods here:- Local CD/DVD – It is obvious that If you use CD/DVD media then Choose this option. Hard Drive – Select this if you have dumped your source into any other Linux partition. NFS Directory – You can select this option if you have configured NFS server. URL – Select this if you want to install using FTP or HTTP Source link. So for step by step installation of RHEL 6 I had  Local CD/DVD Installation Method. If you are not sure about your media then select  OK to verify else select  Skip . If your media is fine till now it will take ...
Post a Comment
Read more

MBR, Primary, Extended & Logical partition in Red Hat

MBR, Primary, Extended & Logical partition in Red Hat Hard disk and storage device are normally divided up into smaller chunks called partitions. So that different parts of it can be formatted with different file system or used for different purposes. For example, one partition could contain user home directories while another could contain system data and logs; by placing the data in two separate file system on two separate partitions, even if a user fills up the home directories partition with data, the system data partition may have space. Most Red Hat Enterprise Linux system on the x86 and x86-64 processor architectures use the MBR partitioning format for their hard disk. This is the same format that is used by most Microsoft Windows systems, and dates back to the IBM PC.                              Storage device: /dev/sda In this format, the first sector of the disk is reser...
Post a Comment
Read more