Skip to main content

User & Group management by command line-2


Managing User and Group in RHEL 6

To create a user in RHEL 6 we can use commands as well as graphical user administration tools. It is advisable to use command line as much as possible because it is faster and in real business environment you have to use ssh to remotely take control to administer the system.

  • To create a user run command:
    • useradd user_name
  • To define a password for the user:
    • passwd user_name
  • Create a user with specific UID:
    • useradd -u 802 user_name
      • The above command will create a user with UID 802.
  • To create a group run command:
    • groupadd group_name
  • To delete a user run command:
    • userdel user_name
      • The above command will delete the user but it will not delete the home directory of user. To delete the home directory as well as the files contained in it run following command"
      • userdel -r user_name

User and Group Administration
Given below are some sample questions about user and group administration:

Q1. Create a user naresh and make it a member of group student.
Ans. useradd -G student naresh.
        To see the results view /etc/passwd and /etc /group files.
Q2. Create a user riya with UID 566 and assign it no interactive shell.
Ans. useradd -s /bin/false riya
        The above command will add a user riya, and give it non interactive shell.
Q3. Make the user viky to expire on date 17-09-2011.
Ans. chage -E 2011-09-17 viky
        The above command will make the accountof user viky unavailable from 17-09-2012
Q4. User banthia have to change password at the time of next login.
Ans. chage -d 0 banthia
        The above command will force user to change password when the user tries to login.


Group Administration



In the last post I described about the the user administration. After user administration another task is to manage groups. 
To see the present groups in your system you can type groups command. The /etc/group maintainsthe group membership information. You create groups and add users to a group using both GUI tool and Command line, but I will suggest you to use command line because it is fast and easy. Once you have been familiar with the command line you will enjoy using it the most.

To create new group you can edit /etc/group file or you can run the following command:
  • groupadd group_name : this will add a group named group_name in /etc/group.
  • groupdel group_name : this will delete a group named group_name in /etc/group.
  • groupmod : modifies group members.
  • chgrp : to change group permissions.
GROUP ADMINISTRATION
 To add users named viky to a group named sales you can run the following command:
  • usermod -G sales viky : this command will add user viky to the group sales.
OR
  • You can add user viky directly to the /etc/group 
    • sales:x:503:viky

Manage password expiration
1. List the password and its related details for an user
As shown below, any user can execute the chage command for himself to identify when his password is about to expire.
Syntax: chage –-list username (or) chage -l username

$ chage --list dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

If user dhinesh tries to execute the same command for user ramesh, he’ll get the following permission denied message.
$ chage --list ramesh
chage: permission denied

Note: However, a root user can execute chage command for any user account.

When user dhinesh changes his password on Sept 23rd 2012, it will update the “Last password change” value as shown below.
$ date
Thu Sept 23 00:15:20 PDT 2012

$ passwd dhinesh
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

$ chage --list dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

2. Set Password Expiry Date for an user using chage option -M

Root user (system administrators) can set the password expiry date for any user. In the following example, user dhinesh password is set to expire 10 days from the last password change.

Please note that option -M will update both “Password expires” and “Maximum number of days between password change” entries as shown below.
Syntax: # chage -M number-of-days username

# chage -M 10 dhinesh

# chage --list dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : Oct 03, 2012
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

3. Password Expiry Warning message during login

By default the number of days of warning before password expires is set to 7. So, in the above example, when the user dhinesh tries to login on Sept 30, 2012 — he’ll get the following message.
$ ssh dhinesh@testingserver
dhinesh@testingserver's password:
Warning: your password will expire in 3 days

4. User Forced to Change Password after Expiry Date

If the password expiry date reaches and user doesn’t change their password, the system will force the user to change the password before the login as shown below.
$ ssh dhinesh@testingserver
dhinesh@testingserver's password:

You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for dhinesh
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:

5. Set the Account Expiry Date for an User

You can also use chage command to set the account expiry date as shown below using option -E. The date given below is in “YYYY-MM-DD” format. This will update the “Account expires” value as shown below.
# chage -E "2012-10-31" dhinesh

# chage -l dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : Oct 03, 2012
Password inactive                                       : never
Account expires                                         : Oct 31, 2012
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

6. Force the user account to be locked after X number of inactivity days

Typically if the password is expired, users are forced to change it during their next login. You can also set an additional condition, where after the password is expired, if the user never tried to login for 10 days, you can automatically lock their account using option -I as shown below. In this example, the “Password inactive” date is set to 10 days from the “Password expires” value.

Once an account is locked, only system administrators will be able to unlock it.
# chage -I 10 dhinesh

# chage -l dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : Oct 03, 2012
Password inactive                                       : Oct 13, 2012
Account expires                                         : Oct 31, 2012
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

7. How to disable password aging for an user account

To turn off the password expiration for an user account, set the following:
  • -m 0 will set the minimum number of days between password change to 0
  • -M 99999 will set the maximum number of days between password change to 99999
  • -I -1 (number minus one) will set the “Password inactive” to never
  • -E -1 (number minus one) will set “Account expires” to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh

# chage --list dhinesh
Last password change                                    : Sept 23, 2012
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Comments

Post a Comment

Popular posts from this blog

Red Hat Enterprise version list

Red Hat Enterprise Linux 6 Release/Update General Availability Date redhat-release Errata Date* Kernel Version RHEL 6 Update 4 TBA TBA TBA RHEL 6 Update 3 2012-06-20 2012-06-19 RHSA-2012-0862 2.6.32-279 RHEL 6 Update 2 2011-12-06 2011-12-06 RHEA-2011:1743 2.6.32-220 RHEL 6 Update 1 2011-05-19 2011-05-19 RHEA-2011:0540 2.6.32-131.0.15 RHEL 6 GA 2010-11-09 - 2.6.32-71 Codename: Santiago (based on a mix of Fedora 12, Fedora 13, and several modifications) Red Hat Enterprise Linux 5 Release/Update General Availability Date redhat-release Errata Date* Kernel Version RHEL 5 Update 9 TBA TBA TBA RHEL 5 Update 8 02/20/2012 02/20/2012 RHEA-2012:0315 2.6.18-308 RHEL 5 Update 7 07/21/2011 07/20/2011 RHEA-2011:0977 2.6.18-274 RHEL 5 Update 6 01/13/2011 01/12/2011 RHEA-2011:0020 2.6.18-238 RHEL 5 Update 5 03/30/2010 03/30/2010 RHEA-2010:0207 2.6.18-194 RHEL 5 Update 4 09/02/2009 09/02/2009 ...
Post a Comment
Read more

Installation Red Hat Enterprise & make standered partition

First of all select DVD and reboot your computer. After Booting from DVD you will get below screen. Select  Install or Upgrade an Existing System and press Enter. If you get the following screen then let Anaconda take another step. Select your preferred  Language and Select  Keyboard Layout . In Following Screen you will be able to see 4 Installation Methods, Let me explain Methods here:- Local CD/DVD – It is obvious that If you use CD/DVD media then Choose this option. Hard Drive – Select this if you have dumped your source into any other Linux partition. NFS Directory – You can select this option if you have configured NFS server. URL – Select this if you want to install using FTP or HTTP Source link. So for step by step installation of RHEL 6 I had  Local CD/DVD Installation Method. If you are not sure about your media then select  OK to verify else select  Skip . If your media is fine till now it will take ...
Post a Comment
Read more

MBR, Primary, Extended & Logical partition in Red Hat

MBR, Primary, Extended & Logical partition in Red Hat Hard disk and storage device are normally divided up into smaller chunks called partitions. So that different parts of it can be formatted with different file system or used for different purposes. For example, one partition could contain user home directories while another could contain system data and logs; by placing the data in two separate file system on two separate partitions, even if a user fills up the home directories partition with data, the system data partition may have space. Most Red Hat Enterprise Linux system on the x86 and x86-64 processor architectures use the MBR partitioning format for their hard disk. This is the same format that is used by most Microsoft Windows systems, and dates back to the IBM PC.                              Storage device: /dev/sda In this format, the first sector of the disk is reser...
Post a Comment
Read more