Scribd
Upload
494 views18 pages

User Administration

This document provides information on Linux user and group management. It covers the basic files and directories used for users and groups, the format of the password and shadow files, commands for managing users like useradd, usermod, userdel, and commands for managing groups like groupadd and groupmod. It also discusses switching between user accounts using su and sudo, configuring password aging with chage, and mentions the system-config-users GUI tool for managing users and groups. The overall document provides a comprehensive overview of the key components and commands for administering users and groups on a Linux system.

Uploaded by

Saminadane Thiyagarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
494 views18 pages

User Administration

This document provides information on Linux user and group management. It covers the basic files and directories used for users and groups, the format of the password and shadow files, commands for managing users like useradd, usermod, userdel, and commands for managing groups like groupadd and groupmod. It also discusses switching between user accounts using su and sudo, configuring password aging with chage, and mentions the system-config-users GUI tool for managing users and groups. The overall document provides a comprehensive overview of the key components and commands for administering users and groups on a Linux system.

Uploaded by

Saminadane Thiyagarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Sysadmin Academy

ltd

EMPOWERING SYSTEM ADMINISTRATORS

RHCSA
RHEL - 7

Pvt

SESSION 2
User Management

Linux User Management

Part 1 User Management


Step 1 Files and Directories for user
Step 2 Password File Format
Step 3 User Management Commands

Part 2 Group Management

Step 4 Password Aging


Step 5 Group Administration
Step 6 Switching Accounts
Step 7 Sudo
Step 8 GUI Tool for user management

Step 1 Files and Directories


for
1. Basic files for
useruser
& groups
/etc/shadow

Secure user account information

/etc/passwd

User account information

/etc/gshadow
/etc/group
/etc/sudoers

Contains the shadowed information for accounts


Define the groups to which user belong
List of who can run what by sudo

2. User Environment Files and Directory


/etc/skel

files and directories automatically copied over to new user's home


directory

/
etc/default/user useradd defaults file
add
/etc/login.defs define the site-specific configuration for the shadow password suite.
/etc/profile

controls system-wide default variables such as export variables. File


creation mask(umask). Terminal types, Mail messages

~/.bash_profile

execute to configure your shell before the initial command prompt.

/etc/bashrc

interactive non-login shell started at the command-line using a shell


program such as /bin/bash or /bin/sh. Executed by ~/.bashrc

1.

Step 2 Password file


Format
Password File
Format ( /etc/passwd )
sami:x:501:501::/home/sami:/bin/bash
username password uid gid Description Home directory Login shell

2.

Password, X=reference to /etc/shadow, empty=no password,


*or !=no login possible

Shadow File Format ( /etc/shadow )

sami:
$6$i7.SAQK2$U9dSrT4E9tEoLEBfS:16729:0:99
3 4 5 6
1
2
999:7:::

1. User name: your login name


2. Password : encrypted password. $1$ stands for MD5, $2a$ is Blowfish, $5$
is SHA-256 and $6$ is SHA-512.
3. Last password change: When was the password last changed.
4. Minimum: The minimum number of days required between password change i.e the
number of days left before the user is allowed to change his/her password.
5. Maximum: The maximum number of days the password is valid ( after that user is
forced to change his/her password)
6. Warn: number of days before password is expire that user is warned that password
must be changed
7. Inactive: The number of days after password expire that account is disabled
8. Expire: When was that account is disabled. i.e an absolute specifying when the

Step 3 User Management


Commands
1. Useradd
- add new user
a. Adding new user
#useradd sami
b. List default setting
#useradd -D
#useradd -D -s /bin/sh
//change default shell
c. Primary and supplementary groups
#useradd -g admin -G mail sami
d. Home Directory
#useradd -d /home/sami-home sami
e. Change skel directory
#useradd m -k /etc/skel2 sami
f. Specific shell
#useradd -s /din/sh sami
// /etc/shells
g. Specific uid
#useradd -u 550 sami
h. Account expire
#useradd e 2015/10/30 sami

Step 3 User Management


Commands
2. Usermod
- modify users data
a. Shell and directory change
#usermod -s /bin/csh -d /home/sami-home -m sami
b. Login name change
#usermod -l nathan (new) sami (old)
c. Lock and unlock user
#usermod -L sami
//lock
#usermod -U sami
//unlock
d. New UID and GID
#usermod -u 510 -g 600 sami
e. Expire date
#usermod -e 2015/11/30 sami
#usermod -e sami
//remove expire date
3. Userdel
- delete user
a. Delete user and leaving home directory
#userdel sami
h. Delete user with home directory
#userdel r sami

Step 3 User Management Commands


4. Pwconv & pwunconv : combine or separate /etc/passwd and /etc/shadow
#pwconv
#grep root /etc/shadow
#pwunconv
#grep root /etc/shadow ; grep root /etc/passwd
#ls -l /etc/passwd /etc/shadow
5. Creating password for user
a. Passwd
#passwd sami
#passwd -S sami
// To check the passwd status of user account
6. Password lock and unlock for user
#passwd -l sami
#passwd -u sami
7. Chown
- change ownership for file and directory
a. #chown root /dir
//change user ownership
b. #chown root.named /dir //change user and group ownership
8. Login without password - empty field
#grep sami /etc/shadow
sami::16729:0:99999:7:::

Step 3 User Management Commands


8. Blocking login by emergent situation
#cat /etc/nologin
Under system checking currently
Please login again after 20:00!!!
9. Listing user information
#finger l sami
10. How to monitor user
a. Monitor file
/var/run/utmp : keeps track of the current login state of each user.
/var/log/wtmp : records all login and logouts history.
/var/log/btmp : records failed login attempts.
b. Monitoring command
Show who is logged on and what they are doing.
#w
Reports the most recent login of all users or of a given user from /var/log/lastlog
#lastlog
Contains all the bad or failed login attempts.
#lastb
Show who is logged on
#who

Step 4 Password Aging


1. By defaults passwords do not expire
2. Forcing passwords to expire is part of a strong security policy
3. Modify default expiration setting in /etc/login.defs
.PASS_MAX_DAYS 99999
.PASS_MIN_DAYS 0
.PASS_MIN_LEN
5
.PASS_WARN_AGE 7
4. Chage
- to modify password aging
a. Chage
[-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
b. List users current setting
#chage list sami

Step 4 Password Aging


c. Set Password Expire Date for an user chage option M
#chage M 10 sami
d. Password Expire Warning message during login
#chage W 5 sami
e. Set the Account Expire Date for an User
#chage E 2015-11-30 sami
f. Force the user account to be locked after X number of inactivity days
#chage I 10 sami
g. How to disable password aging for an user account
#chage m 0 M 99999 I -1 E -1 sami
#chage list sami

Step 5 Group administration


1. Group Administration
A user can be participant to more than one group at the same time.
A user who is member of a group can change to that group without password but a user NOT member
can only change to that group password exit and the user gives it.
One or more user can become group administrator for specific groups.
Group Administrator can:

1. Add/change/delete the password of the group


2. Add/delete users to the group
3. Reserve the group to member-only.
2. Types of group
every user must be a member of at least one group, which is identified by the numeric GID
in /etc/passwd
A user may be listed as member of additional groups in the relevent entries in the
Secondary group
/etc/group
Created whenever a new user is added to the system and has the same name as the user for
User private group
which it was created
Primary group

Example:
[sami@server~]$id
Uid=501(sami) gid=502(sami) groups=502(sami),506(admin)

Step 5 Group administration


3. Group management commands
a. groupadd adding group
#groupadd admin
#groupadd r admin
//start group id 101 and increase up to GID 499
#groupadd g 600 admin
b. groupmod modifying group
#groupmod [-g newgid] [-n new name] group
#groupmod g 600 n royal rupp
c. groupdel deleting group
#groupdel rupp
d. gpasswd administer /etc/group and /etc/gshadow
#gpasswd rupp
//making new password for rupp
#gpasswd A sami rupp //administrator of rupp
#gpasswd R rupp
//restrict non-member login
#gpasswd r rupp
//delete group passwd
#gpasswd a raj rupp //adding group member
#gpasswd d raj rupp //deleting group member

Step 6 Switching Accounts


1.

Su

a. Syntax
su [-] [user]
su [-] [user] c command
b. Allows the user to temporarily become another user in command line
c. Default user is root
d. The option makes the new shell a login shell
e. Most systems log the use of su to change to the root account
2. Example
.$su
.$su
.$su sami
.$su l sami

Step 7 SUDO
1. Sudo
a. Purpose: to delegate root privileges to non-root users.
b. Users listed in /etc/sudoers execute commands with
An effective user id of 0
A group id of roots group
c. An administrator is contacted if a user not listed in /etc/sudoers attempts to use sudo

2. Example
a. Default Syntax

User MACHINE=COMMANDS
b. Allow root to run any commands anywhere

root

ALL=(ALL) ALL

c. Allows members of the sys groups to run networking, service management apps

%sys

ALL=NETWORKING, SERVICES, DELEGATING, PROCESSESS

d. Allows people in group wheel to run all commands

%whell ALL=(ALL) ALL


e. Same thing without a password

%whell ALL=(ALL) ALL


f. Allows member of the users group to mount and unmount the cdrom as a root

%users

ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

Step 7 SUDO
3. How to use sudo
a. Set up sudo Environment in /etc/sudoers as group member
%whell ALL=(ALL)
ALL
#usermod G 10 sami
Sami$froups
b. Executing a command as super user
$sudo mount /dev/cdrom /media/cdrom
c. If forgot to give sudo for root command, do it again using !!
$head n 4 /etc/sudoers
$sudo !!
d. Get Root Shell Access using Sudo
$sudo bash; id
e. Sudo logging
Defaults logfile=/var/log/sudolog
#touch /var/log/sudolog
$sudo ls /

Step 8 GUI Tool for User Management


1.

Package checking

#rpm qa | grep system-config-users

2. Package installation
#yum install system-config-users

3. Using GUI tool


#system-config-users&
.Making new user
.Making new group

THANK
YOU..!

You might also like