Download - Slide5 User Mgmnt

8/8/2019 Slide5 User Mgmnt

1/24


2/24

You will know about..

useradd

userdel

su

adduser

usermod

groupadd

groupdel

groupmod

passwd/etc/shadow

/etc/passwd


3/24

Why manage user?

Users MUST have different account Users MAY have different:

Privileges (give it accordingly to get job done)

Permission Accessibility

Group

Task, process, files Home directory

etc.


4/24

Take Advantage of Linux's UID and GID

UID user identification UIDs and GIDs on all Linuxes range from 0 to

65534

Example: Student from 1000 to 1500

Lecturer from 1501 to 2000

Technician from 2001 to 2050 UID for root is always ZERO


5/24

Debian/Ubuntu

IDs 0-99 are for system accounts. IDs 100-999 are for user-installed programs and

daemons, such as mail, ftp, apache, mysql etc.

IDs 1000-29999 are ordinary user accounts.

IDs 30000-65533 are reserved, according to theDebian policy manual, but you may use them howeveryou like.

ID 65534 is user "nobody," an account with no rightsor permissions.


6/24

RPM based redhat, fedora

IDs 0-499 are reserved for system use. IDs 500-60000 are for ordinary users.

ID 65534 is user "nobody," an account with no rightsor permissions.


7/24

/etc/passwd

User account information 7 columns:

Login name

Encrypted password or password placeholder UID (user ID) number

Default GID (group ID) number

GECOS information: full name, office, extension, home

phone Home directory

Login shell


8/24

/etc/passwd

Example:# less /etc/passwd

# grep piztol /etc/passwd

piztol:x:500:500:piztol:/home/piztol:/bin/bash

username:passwd_setting:uid:gid:full_name:home_dir:default_shell


9/24

/etc/shadow

Secure user account information (password)

8 columns

Username

Encrypted password

Last modified - number of days (since 1st January1970) that the password was last changed

Min days - minimum number of days requiredbefore a password can be changed

Max days - maximum number of days before apassword must be changed


10/24

/etc/shadow Warning days - number of days prior to password

expiration that the user will be warned of thepending expiration

Disabled days - number of days to wait after apassword has expired to disable the account.

Expiration date - number of days since January 1,1970 after which the account will be disabled.


11/24

Example:piztol:$xvfghJ219$b:14715:0:99999:7:::

Username:Password:Last_Modified:Min_Days:Max_Days:Days_Warn:Disabled_Days:Expire

Last 3columns are set to a null value, indicating the warning day,disabled days are not set and account never expires


12/24

useradd

create a new user or update default new userinformation

See default value for new user, according to/etc/default/useradd (if option not specified)

# useradd -D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/bash

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes


13/24

useradd (option)

-c full user name

-d create home dir based on login name(should specify location)

-e expired date, format YYYY-MM-DD

-g group name for new user (must exist)-G to be a member of groups (more than 1)

more..


14/24

useradd (option)

-m create home dir if doesn't exist using skeleton

(by default it doesn't)-s specify user's shell (/bin/bash or /bin/sh)

-U create group with the same name of user andadd user to this group

-u specify uid for user


15/24

Let's try

# useradd -m footoo# useradd -m -c Dr Sinchan sinchan

# useradd -d /dudu -u 1600 -s /bin/sh dudu

# useradd -m -g admin rocket# useradd -G admin,mysql,root user100

# useradd -e 2010-12-12 tmpuser

Always putusername

at last argument


16/24

passwd

Set or change password# passwd username

Options:

-l Locks the users account. This option invalidates the userspassword.

-u Unlocks a users account.

-d Removes a users password.

-n Sets the minimum number of days required before apassword can be changed.

-x Sets the maximum number of days before a password mustbe changed.


17/24


18/24

userdel

# userdel username# userdel -r username

-r remove home directory


19/24

adduser

# adduser username


20/24

usermod

To modify user account, including login name Options quite similar with 'useradd'

-c, -m, -d, -s, -e etc

-l change login name example:

# usermod -l new_name old_name

# usermod -d /home/newhomedir user123


21/24

groupadd

# groupadd -[option] groupname# groupadd -g 12345 mygroup

# groupadd -r systemgroup1

-f exit successfully if the group already exists, and cancel -g ifthe GID is already used

-g use GID for the new group

-r create a system account


22/24

groupdel, groupmod

# groupdel groupname

# groupmod -[option] group

-g change group id (GID)

-n change to new name of group


23/24

chage

NOT change, but chage Option

-l show aging information

-E set expire date for passwd

format YYYY-MM-DD or -1 to remove expiration date

-I Set the number of days of inactivity after a passwordhas expired before the account is locked

-d set number of days when the passwd was lastchanged. 0 will require user to change passwd on login

-M set max number of days before pasword change


24/24

chage

$ chage -lLast password change : Apr 16, 2010Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7