Users and Groups management in Linux (Redhat/CentOS/Fedora)
Target Audience: Technical people who knew or already know (to some extent) - just wanna review
Yes, from my history
622 echo "dec 25th, 2017 - sayed"
User and password related files
623 cat /etc/passwd
624 cat /etc/shadow
625 cat /etc/group
626 cat /etc/gshadow
There are some backup files for them as well
629 cat /etc/passwd-
630 cat /etc/group-
631 cat /etc/shadow-
632 cat /etc/shadow-
633 cat /etc/gshadow-
try to understand the format of the passwd, shadow, and group files
passwd file format: userid: password - or password space holder:user id: group id: comments: user home directory: user shell
shadow file format: userid : encrypted password: password last changed in timestamp format: min days - min days the password must be ket before changing: max days - max days the current password can be kept: warn days - user will get warning to change password: inactive days - how many inactive days allowed: disable days - account expiry date: not used field - kept for future use
cat /etc/group
format for /etc/group file: group name: password place holder: group id: group members - comma seprated
cat /etc/gshadow
gshadow file format: group name: encrypted group password: group admins: group members
why group password? when we want to restrict users to assign them to the groups
cat /etc/login.defs
647 vim /etc/login.defs
648 /etc/login.defs : defines default values for users and groups - some of these values are used at the time of user and group creation and modifications - i.e. some values are taken from this file (when not specified at creation/modification time)
649 pwck checks for integrity among user/permission related files
650 pwck
651 grpck
653 vipw -> passwd file: lock for others and read-only for others. admins use this command
655 cat /etc/sudoers
656 users or groups can be defined in /etc/sudoers file who can run commands with su or sudo
657 vim /etc/sudoers
658 su user1 (switch user)
659 usermod -G wheel user1 (assign users to groups)
660 user1 is added to wheel group. wheel is a sudo group
661 su user1
Graphical user management tool:
662 system-config-users
663 managing groups
664 groupadd, groupmod, groupdel
665 groupadd -g 5000 linuxadm
666 groupadd -o -g 5000 sales
667 groupmod -n mgmt sales
668 groupmod -g 6000 linuxadm
669 usermod -a -G linuxadm user1
672 id user1
673 su user1
674 groupdel mgmt
675 gpasswd -> add admins to groups, group password assign/change, add users to groups and similar
676 gpasswd -A user1, user20new linuxadm
681 gpasswd -a user20new, user1 linuxadm
684 su user20new
Needed some adjustments for the user: user20new, it was locked, shell was assigned to /sbin/nologin
685 usermod -U user20new (unlock user)
686 gpasswd -a user20new, user1 linuxadm
687 grep user20new /etc/passwd
688 usermod -s /bin/sh user20new
689 gpasswd -a user20new, user1 linuxadm
690 grep user20new /etc/passwd
691 cat /etc/passwd
692 usermod -s /bin/bash user20new
693 su user20new
694 gpasswd -a user20new, user1 linuxadm
696 su - user20new
697 su user1
699 su -
713 vipw
714 ls /etc/passwd.edit
715 pwck
716 grpchk
717 grpck
719 vigr
720 vigr -s
//enable disable shadow files
721 pwconv
722 cat /etc/passwd
723 pwunconv
724 cat /etc/passwd
725 pwunconv : do not use shadow file : move passwords back to passwd file
726 pwconv
727 cat /etc/passwd
728 grpconv
729 grpunconv
730 cat /etc/gshadow
731 cat /etc/group
732 grpconv
733 cat /etc/gshadow
cat in the above lines was to check - if the changes wee done or not
734 user related commands: useradd, usermod, userdel, chage, passwd
735 cat /etc/default/useradd
736 cat /etc/login.defs
See defaults
738 useradd -D
739 change default user home directory location
740 useradd -D -b /usr/home
741 useradd -D
742 useradd -D -b /home
743 useradd -D
744 useradd -D -b /usr/home
745 grep ^# /etc/login.defs
746 grep -v ^# /etc/login.defs
747 grep -v ^# /etc/login.defs > show-lines-from-login.defs-that-does-not-start-with-#--comment lines will not be shown
748 grep -v ^# /etc/login.defs | grep -v ^$
749 grep -v ^# /etc/login.defs
750 grep -v ^# /etc/login.defs | grep -v ^$
751 useradd user2
752 mkdir -p /usr/home
753 useradd user2
754 useradd user20
755 passwd user20
756 cd /etc; grep user20 passwd shadow group gshadow
757 useradd -u 5000 -g 5000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
758 useradd -u 5000 -g 1000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
759 create user with no login: just point shells to no login
760 useradd -s /sbin/nologin user40
761 su - user40
762 su user40
changing: min days, max days, expiry, and password
763 passwd -n 7 -x 28 -w 8 user20
764 chage -l user20
765 chage -m 10 -M 30 -W 7 -E 2017-12-31 user30
766 chage -l user30
767 modifying users
768 usermod -u 2000 -m -d /home/user20new -s /sbin/nologin -l user20new user20
769 grep user20new /etc/passwd
770 chage -l user30
771 chage -l user20
772 chage -l user20new
773 chage -d 0 -m 5 -E -1 user30
774 chage -l user30
775 lock a user
776 usermod -L user20
777 usermod -L user20new
778 userdel -r user30
781 usermod -U user20new
782 su user1
784 usermod -U user20new
//assign users to groups
785 gpasswd -a user20new linuxadm
786 gpasswd -a user1 linuxadm
787 useradd user4
788 passwd user4
789 gpasswd -M user4 linuxadm
791 cat /etc/group
792 gpasswd -M : replace existing group members with the new user assigned
793 set group password
794 gpasswd linuxadm
795 groups
796 su user4
800 su user4
801 newgrp the user can execute this to change primary group
802 important shell startup files : /etc/bashrc /etc/profile /etc/profile.d
