Users and Groups management in Linux (Redhat\/CentOS\/Fedora)<\/p>\n
Target Audience: Technical people who knew or already know (to some extent) – just wanna review<\/p>\n
Yes, from my history<\/p>\n
622 echo “dec 25th, 2017 – sayed”<\/p>\n
<\/p>\n
User and password related files<\/p>\n
623 cat \/etc\/passwd
\n624 cat \/etc\/shadow
\n625 cat \/etc\/group
\n626 cat \/etc\/gshadow<\/p>\n
There are some backup files for them as well
\n629 cat \/etc\/passwd-
\n630 cat \/etc\/group-
\n631 cat \/etc\/shadow-
\n632 cat \/etc\/shadow-
\n633 cat \/etc\/gshadow-<\/p>\n
try to understand the format of the passwd, shadow, and group files<\/p>\n
passwd file format: userid: password – or password space holder:user id: group id: comments: user home directory: user shell<\/p>\n
shadow file format: userid : encrypted password: password last changed in timestamp format: min days – min days the password must be ket before changing: max days – max days the current password can be kept: warn days – user will get warning to change password: inactive days – how many inactive days allowed: disable days – account expiry date: not used field – kept for future use<\/p>\n
cat \/etc\/group<\/p>\n
format for \/etc\/group file: group name: password place holder: group id: group members – comma seprated<\/p>\n
cat \/etc\/gshadow<\/p>\n
gshadow file format: group name: encrypted group password: group admins: group members<\/p>\n
why group password? when we want to restrict users to\u00a0 assign them to the groups<\/p>\n
cat \/etc\/login.defs
\n647 vim \/etc\/login.defs
\n648 \/etc\/login.defs : defines default values for users and groups – some of these values are used at the time of user and group creation and modifications – i.e. some values are taken from this file (when not specified at creation\/modification time)<\/p>\n
649 pwck checks for integrity among user\/permission related files
\n650 pwck
\n651 grpck<\/p>\n
653 vipw -> passwd file: lock for others and read-only for others. admins use this command<\/p>\n
<\/p>\n
655 cat \/etc\/sudoers
\n656 users or groups can be defined in \/etc\/sudoers file who can run commands with su or sudo
\n657 vim \/etc\/sudoers<\/p>\n
<\/p>\n
658 su user1 (switch user)
\n659 usermod -G wheel user1\u00a0 (assign users to groups)
\n660 user1 is added to wheel group. wheel is a sudo group
\n661 su user1<\/p>\n
<\/p>\n
Graphical user management tool:<\/p>\n
662 system-config-users<\/p>\n
<\/p>\n
663 managing groups
\n664 groupadd, groupmod, groupdel
\n665 groupadd -g 5000 linuxadm
\n666 groupadd -o -g 5000 sales
\n667 groupmod -n mgmt sales
\n668 groupmod -g 6000 linuxadm
\n669 usermod -a -G linuxadm user1<\/p>\n
672 id user1
\n673 su user1
\n674 groupdel mgmt
\n675 gpasswd -> add admins to groups, group password assign\/change, add users to groups and similar
\n676 gpasswd -A user1, user20new linuxadm<\/p>\n
681 gpasswd -a user20new, user1 linuxadm<\/p>\n
684 su user20new<\/p>\n
<\/p>\n
Needed some adjustments for the user: user20new, it was locked,\u00a0 shell was assigned to \/sbin\/nologin
\n685 usermod -U user20new (unlock user)
\n686 gpasswd -a user20new, user1 linuxadm
\n687 grep user20new \/etc\/passwd
\n688 usermod -s \/bin\/sh user20new
\n689 gpasswd -a user20new, user1 linuxadm
\n690 grep user20new \/etc\/passwd
\n691 cat \/etc\/passwd
\n692 usermod -s \/bin\/bash user20new
\n693 su user20new<\/p>\n
<\/p>\n
694 gpasswd -a user20new, user1 linuxadm
\n696 su – user20new
\n697 su user1
\n699 su –<\/p>\n
713 vipw
\n714 ls \/etc\/passwd.edit
\n715 pwck
\n716 grpchk
\n717 grpck
\n719 vigr
\n720 vigr -s<\/p>\n
<\/p>\n
\/\/enable disable shadow files<\/p>\n
721 pwconv
\n722 cat \/etc\/passwd
\n723 pwunconv
\n724 cat \/etc\/passwd
\n725 pwunconv : do not use shadow file : move passwords back to passwd file
\n726 pwconv
\n727 cat \/etc\/passwd
\n728 grpconv
\n729 grpunconv
\n730 cat \/etc\/gshadow
\n731 cat \/etc\/group
\n732 grpconv
\n733 cat \/etc\/gshadow<\/p>\n
cat in the above lines was to check – if the changes wee done or not<\/p>\n
<\/p>\n
734 user related commands: useradd, usermod, userdel, chage, passwd
\n735 cat \/etc\/default\/useradd
\n736 cat \/etc\/login.defs<\/p>\n
See defaults
\n738 useradd -D
\n739 change default user home directory location
\n740 useradd -D -b \/usr\/home
\n741 useradd -D
\n742 useradd -D -b \/home
\n743 useradd -D
\n744 useradd -D -b \/usr\/home<\/p>\n
745 grep ^# \/etc\/login.defs
\n746 grep -v ^# \/etc\/login.defs
\n747 grep -v ^# \/etc\/login.defs > show-lines-from-login.defs-that-does-not-start-with-#–comment lines will not be shown
\n748 grep -v ^# \/etc\/login.defs | grep -v ^$
\n749 grep -v ^# \/etc\/login.defs
\n750 grep -v ^# \/etc\/login.defs | grep -v ^$<\/p>\n
<\/p>\n
<\/p>\n
751 useradd user2
\n752 mkdir -p \/usr\/home
\n753 useradd user2
\n754 useradd user20
\n755 passwd user20
\n756 cd \/etc; grep user20 passwd shadow group gshadow
\n757 useradd -u 5000 -g 5000 -m -d \/home\/user30 -k \/etc\/skel -s \/bin\/bash user30
\n758 useradd -u 5000 -g 1000 -m -d \/home\/user30 -k \/etc\/skel -s \/bin\/bash user30
\n759 create user with no login: just point shells to no login
\n760 useradd -s \/sbin\/nologin user40
\n761 su – user40
\n762 su user40<\/p>\n
<\/p>\n
changing: min days, max days, expiry, and password<\/p>\n
763 passwd -n 7 -x 28 -w 8 user20
\n764 chage -l user20
\n765 chage -m 10 -M 30 -W 7 -E 2017-12-31 user30
\n766 chage -l user30<\/p>\n
<\/p>\n
767 modifying users
\n768 usermod -u 2000 -m -d \/home\/user20new -s \/sbin\/nologin -l user20new user20
\n769 grep user20new \/etc\/passwd
\n770 chage -l user30
\n771 chage -l user20
\n772 chage -l user20new
\n773 chage -d 0 -m 5 -E -1 user30
\n774 chage -l user30<\/p>\n
775 lock a user
\n776 usermod -L user20
\n777 usermod -L user20new<\/p>\n
778 userdel -r user30
\n781 usermod -U user20new<\/p>\n
782 su user1
\n784 usermod -U user20new<\/p>\n
<\/p>\n
\/\/assign users to groups<\/p>\n
785 gpasswd -a user20new linuxadm
\n786 gpasswd -a user1 linuxadm<\/p>\n
787 useradd user4
\n788 passwd user4
\n789 gpasswd -M user4 linuxadm<\/p>\n
<\/p>\n
791 cat \/etc\/group
\n792 gpasswd -M : replace existing group members with the new user assigned
\n793 set group password
\n794 gpasswd linuxadm
\n795 groups
\n796 su user4<\/p>\n
<\/p>\n
800 su user4
\n801 newgrp the user can execute this to change primary group<\/p>\n
802 important shell startup files : \/etc\/bashrc \/etc\/profile \/etc\/profile.d<\/p>\n","protected":false},"excerpt":{"rendered":"
Users and Groups management in Linux (Redhat\/CentOS\/Fedora) Target Audience: Technical people who knew or already know (to some extent) – just wanna review Yes, from my history 622 echo “dec 25th, 2017 – sayed” User and password related files 623 cat \/etc\/passwd 624 cat \/etc\/shadow 625 cat \/etc\/group 626 cat \/etc\/gshadow There are some … <\/p>\n