26 Critical commands for Linux user management

Linux user management and administration are the important tasks of any Linux system administrator. Learning user management commands and tools explained in this tutorial not only save your precious time but also boost your confidence in Red Hat exam as well as in your real life system administrator job.

User management includes everything from creating a user to deleting a user on your system. It can be done in three ways on a Linux system. Each user is assigned an ID that is unique for each user in the operating system. In this article, we will learn about users and commands which are used to get information about the users. After installation of the operating system, the ID 0 is assigned to the root user and the IDs 1 to 999 (both inclusive) are assigned to the system users. Hence, the ids for local user begins from 1000 onward.

Linux User Management

Root account

This is also called superuser and would have complete and unfettered control of the system. A superuser can run any commands without any restriction. This user should be assumed as a system administrator.

System accounts

System accounts are those needed for the operation of system-specific components for example mail accounts and the sshd accounts. These accounts are usually needed for some specific function on your system, and any modifications to them could adversely affect the system.

User accounts

User accounts provide interactive access to the system for users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.

Unix supports a concept of Group Account which logically groups a number of accounts. Every account would be a part of another group account. A Unix group plays important role in handling file permissions and process management.

Facts

In a single directory, we can create 60,000 users.

We will now check most useful commands for managing users in Linux.

CommandsPurpose
awk -F’:’ ‘{ print $1}’ /etc/passwdList out all the users in Linux
id usernameVerify ID of any username
usermod -u new_id usernamechange the user ID for a user
useradd usernameAdd an user
passwd usernameTo set the password for the newly created username
passwdTo change the password
userdel -r usernameTo delete a user account
passwd -l ‘username’Disable a user account
useradd -s /sbin/nologin [username]User account with No login
usermod -c <‘newName’> <oldName>Modify an user
groupadd groupnameAdding a group
usermod -g new_group_id usernameModify the group ID of a user
groupmodModify a Group
groupdel groupnameDeleting a group
usermod -a -G GROUPNAME USERNAMEadd a user to a group
deluser USER GROUPNAMERemoving a user from Usergroup
whoamiIdentify yourself
usermod -l new_login_name old_login_namechange the user login name
usermod -d new_home_directory_path usernamecommand to change the home directory
usermod -s <new_shell> <username>Modify the login shell of a user
chageTo view & modify users password expiry information
chage -d 0 <username>force to change the password at first login
chsh -s <new_shell>Change Shell
fingerGives information on all logged in user
finger usernameGives information of a particular user
Linux User Management Commands

Main Linux user management/administration files

/etc/passwd − Keeps the user account and password information. This file holds the majority of information about accounts on the Unix system. This file contains information about the user in the format.

username : x : user id : user group id : : /home/username : /bin/bash

/etc/shadow − Holds the encrypted password of the corresponding account. Not all the systems support this file.

/etc/group − This file contains the group information for each account.

/etc/gshadow − This file contains secure group account information.

/etc/skel/ – contains some hidden files which have profile settings and default values for applications. Hence, it serves as a default home directory and user profile. While using useradd -m option, the /etc/skel/ is copied to the newly created directory.

/etc/default/useradd also contains some user default options.

The command useradd -D can be used to display this file.

[dkr@redhat ~]$ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
[dkr@redhat ~]$

Understanding setuid

When the setuid permission is applied to an executable file, an user running the program inherits the effective privileges of the program’s owner. Since this approach can reasonably raise security concerns, the number of files with setuid permission must be kept to a minimum. You will likely find programs with this permission set when a system user needs to access a file owned by root.

Understanding setgid

When the setgid bit is set, the effective GID of the real user becomes that of the group owner. Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created sub-directories will also inherit the setgid bit of the parent directory. You will most likely use this approach whenever members of a certain group need access to all the files in a directory, regardless of the file owner’s primary group.

Understanding Sticky Bit

When the “sticky bit” is set on files, Linux just ignores it, whereas for directories it has the effect of preventing users from deleting or even renaming the files it contains unless the user owns the directory, the file, or is root.

chmod o+t [directory]

If you find this tutorial informative and useful, please feel free to give a like. Please feel free to share this with everyone who really needs it. In case of any queries or comments, please free to post it in the comment section.

Rating: 4.5 out of 5.

Tags: