User and Group Administration
To add a new user account, you can run either of the following two commands as root.
adduser tom
useradd jerry
[root@machine1 ~]# cat /etc/passwd | grep tom
tom:x:501:501::/home/tom:/bin/bash
[root@machine1 ~]# cat /etc/passwd | grep jerry
jerry:x:502:502::/home/jerry:/bin/bash
———————————————————————————————————————–
View a List of All Groups
To view all the groups on the system, you can just use the groups command:
groups
———————————————————————————————————————–
———————————————————————————————————————–
To set the password for user
[root@machine1 ~]# passwd tom
Changing password for user tom.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully
———————————————————————————————————————–
When a new user account is added to the system, the following operations are performed.
1. His/her home directory is created (/home/username by default).
2. The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for his/her user session.
.bash_logout
.bash_profile
.bashrc
3. A mail spool is created for the user at /var/spool/mail/username.
4. A group is created and given the same name as the new user account.
———————————————————————————————————————–
su(switch user) is the command to switch to another user
If use su username(U will be changed to another user but the pwd(present working directory) where u are before will be same)
If use su – username
[root@machine1 ~]# su – tom
[tom@machine1 ~]$ ls -la
total 28
drwx——. 4 tom tom 4096 Jan 28 00:41 .
drwxr-xr-x. 5 root root 4096 Jan 28 00:41 ..
-rw-r–r–. 1 tom tom 18 Aug 17 03:49 .bash_logout
-rw-r–r–. 1 tom tom 176 Aug 17 03:49 .bash_profile
-rw-r–r–. 1 tom tom 124 Aug 17 03:49 .bashrc
drwxr-xr-x. 2 tom tom 4096 Jul 14 2010 .gnome2
drwxr-xr-x. 4 tom tom 4096 Oct 24 05:24 .mozilla
[tom@machine1 ~]$ logout
[root@machine1 ~]# su – jerry
[jerry@machine1 ~]$ ls -la
total 28
drwx——. 4 jerry jerry 4096 Jan 28 00:41 .
drwxr-xr-x. 5 root root 4096 Jan 28 00:41 ..
-rw-r–r–. 1 jerry jerry 18 Aug 17 03:49 .bash_logout
-rw-r–r–. 1 jerry jerry 176 Aug 17 03:49 .bash_profile
-rw-r–r–. 1 jerry jerry 124 Aug 17 03:49 .bashrc
drwxr-xr-x. 2 jerry jerry 4096 Jul 14 2010 .gnome2
drwxr-xr-x. 4 jerry jerry 4096 Oct 24 05:24 .mozilla
———————————————————————————————————————–
Understanding /etc/passwd
The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
Fields [username] and [Comment] are self explanatory.
The x in the second field indicates that the account is protected by a shadowed password (in /etc/shadow), which is needed to logon as [username].
The [UID] and [GID] fields are integers that represent the User IDentification and the primary Group IDentification to which [username] belongs, respectively.
The [Home directory] indicates the absolute path to [username]’s home directory, and
The [Default shell] is the shell that will be made available to this user when he or she logins the system.
———————————————————————————————————————–
Understanding /etc/group
Group information is stored in the /etc/group file. Each record has the following format.
[Group name]:[Group password]:[GID]:[Group members]
[Group name] is the name of group.
An x in [Group password] indicates group passwords are not being used.
[GID]: same as in /etc/passwd.
[Group members]: a comma separated list of users who are members of [Group name
———————————————————————————————————————–
After adding an account, you can edit the following information (to name a few fields) using the usermod command, whose basic syntax of usermod is as follows.
# usermod [options] [username]
Setting the expiry date for an account
Use the –expiredate flag followed by a date in YYYY-MM-DD format.
# usermod –expiredate 2014-10-30 tom
———————————————————————————————————————–
Adding the user to supplementary groups
Use the combined -aG, or –append –groups options, followed by a comma separated list of groups.
# usermod –append –groups root,users tom
Changing the default location of the user’s home directory
Use the -d, or –home options, followed by the absolute path to the new home directory.
# usermod –home /tmp tom
# usermod -d /tmp tom
———————————————————————————————————————–
Changing the shell the user will use by default
Use –shell, followed by the path to the new shell.
# usermod –shell /bin/sh tom
# usermod -s /bin/sh tom
———————————————————————————————————————–
Displaying the groups an user is a member of
# groups tom
# id tom
———————————————————————————————————————–
Now let’s execute all the above commands in one go.
# usermod –expiredate 2014-10-30 –append –groups root,users –home /tmp –shell /bin/sh tom
———————————————————————————————————————–
[root@machine1 ~]# chage -l tom
Last password change : Jan 28, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
———————————————————————————————————————–
[root@machine1 ~]# cat /etc/passwd | grep tom
tom:x:501:501::/home/tom:/bin/bash
[root@machine1 ~]# usermod –home /tmp tom
[root@machine1 ~]# cat /etc/passwd | grep tom
tom:x:501:501::/tmp:/bin/bash
[root@machine1 ~]# cat /etc/group | grep tom
tom:x:501:
[root@machine1 ~]# cat /etc/passwd | grep jerry
jerry:x:502:502::/home/jerry:/bin/bash
[root@machine1 ~]# usermod –expiredate 2016-10-30 tom
[root@machine1 ~]# chage -l tom
Last password change : Jan 28, 2016
Password expires : never
Password inactive : never
Account expires : Oct 30, 2016
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@localhost ~]# tail -n1 /etc/shadow
mohammed:$1$jUXt.n.l$Jop9u6TlkRT.I6OT7zFq50:16984:0:99999:7:::
Username : It is your login name.
Password : It is your encrypted password. The password should be minimum 6-8 characters long including special characters/digits and more.
Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
Minimum : The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
Maximum : The maximum number of days the password is valid (after that user is forced to change his/her password)
Warn : The number of days before password is to expire that user is warned that his/her password must be changed
Inactive : The number of days after password expires that account is disabled
Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.
The last 6 fields provides password aging and account lockout features. You need to use the chage command to setup password aging. According to man page of shadow – the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used. Please note that a password field which starts with a exclamation mark (!) means that the password is locked. The remaining characters on the line represent the password field before the password was locked.
