Linux user management and administration are the important tasks of any Linux system administrator. Learning user management commands and tools explained in this tutorial not only save your precious time but also boost your confidence in Red Hat exam as well as in your real life system administrator job.
User management includes everything from creating a user to deleting a user on your system. It can be done in three ways on a Linux system. Each user is assigned an ID that is unique for each user in the operating system. In this article, we will learn about users and commands which are used to get information about the users. After installation of the operating system, the ID 0 is assigned to the root user and the IDs 1 to 999 (both inclusive) are assigned to the system users. Hence, the ids for local user begins from 1000 onward.
Linux User Management
Root account
This is also called superuser and would have complete and unfettered control of the system. A superuser can run any commands without any restriction. This user should be assumed as a system administrator.
System accounts
System accounts are those needed for the operation of system-specific components for example mail accounts and the sshd accounts. These accounts are usually needed for some specific function on your system, and any modifications to them could adversely affect the system.
User accounts
User accounts provide interactive access to the system for users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.
Unix supports a concept of Group Account which logically groups a number of accounts. Every account would be a part of another group account. A Unix group plays important role in handling file permissions and process management.
Facts
In a single directory, we can create 60,000 users.
We will now check most useful commands for managing users in Linux.
Commands | Purpose |
---|---|
awk -F’:’ ‘{ print $1}’ /etc/passwd | List out all the users in Linux |
id username | Verify ID of any username |
usermod -u new_id username | change the user ID for a user |
useradd username | Add an user |
passwd username | To set the password for the newly created username |
passwd | To change the password |
userdel -r username | To delete a user account |
passwd -l ‘username’ | Disable a user account |
useradd -s /sbin/nologin [username] | User account with No login |
usermod -c <‘newName’> <oldName> | Modify an user |
groupadd groupname | Adding a group |
usermod -g new_group_id username | Modify the group ID of a user |
groupmod | Modify a Group |
groupdel groupname | Deleting a group |
usermod -a -G GROUPNAME USERNAME | add a user to a group |
deluser USER GROUPNAME | Removing a user from Usergroup |
whoami | Identify yourself |
usermod -l new_login_name old_login_name | change the user login name |
usermod -d new_home_directory_path username | command to change the home directory |
usermod -s <new_shell> <username> | Modify the login shell of a user |
chage | To view & modify users password expiry information |
chage -d 0 <username> | force to change the password at first login |
chsh -s <new_shell> | Change Shell |
finger | Gives information on all logged in user |
finger username | Gives information of a particular user |
Main Linux user management/administration files
/etc/passwd − Keeps the user account and password information. This file holds the majority of information about accounts on the Unix system. This file contains information about the user in the format.
username : x : user id : user group id : : /home/username : /bin/bash
/etc/shadow − Holds the encrypted password of the corresponding account. Not all the systems support this file.
/etc/group − This file contains the group information for each account.
/etc/gshadow − This file contains secure group account information.
/etc/skel/ – contains some hidden files which have profile settings and default values for applications. Hence, it serves as a default home directory and user profile. While using useradd -m option, the /etc/skel/ is copied to the newly created directory.
/etc/default/useradd also contains some user default options.
The command useradd -D can be used to display this file.
[dkr@redhat ~]$ useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL= SKEL=/etc/skel CREATE_MAIL_SPOOL=no [dkr@redhat ~]$
Understanding setuid
When the setuid permission is applied to an executable file, an user running the program inherits the effective privileges of the program’s owner. Since this approach can reasonably raise security concerns, the number of files with setuid permission must be kept to a minimum. You will likely find programs with this permission set when a system user needs to access a file owned by root.
Understanding setgid
When the setgid bit is set, the effective GID of the real user becomes that of the group owner. Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created sub-directories will also inherit the setgid bit of the parent directory. You will most likely use this approach whenever members of a certain group need access to all the files in a directory, regardless of the file owner’s primary group.
Understanding Sticky Bit
When the “sticky bit” is set on files, Linux just ignores it, whereas for directories it has the effect of preventing users from deleting or even renaming the files it contains unless the user owns the directory, the file, or is root.
chmod o+t [directory]
If you find this tutorial informative and useful, please feel free to give a like. Please feel free to share this with everyone who really needs it. In case of any queries or comments, please free to post it in the comment section.