This article will try to cover basics of Linux user management through command line tools.
Linux provides 5 different alternatives to choose the accessibility.
They are as listed below.
- Super User or Root User : A special kind of user account which holds all kind’s of permissions to do any alteration to a programs or services of Linux. Especially this kind of user account is used for system administration. He can control and limit the access of other User’s. As all the powers is vested for Root User, care has to be taken before performing each and every modifications, if anything goes wrong, no option left other than crash of Kernel. It is so sensitive with unlimited accessibility.
- System User: It is created by default by the OS. This type of user is similar to normal user but got more privileges and access to secure programs which normal user doesn’t got authentication.
- Normal User : These are the users which have been created by the Root and has limited access to the resources and need permission from Root to access any secure resources and services.
- Network User : Users opt this type of user account to check network activity and to manage them. Especially system administrator‘s and network engineer‘s uses this account for various network activities and to connect to different systems on the network using various services like LDAP, NFS,SAMBA, APACHE, NTP etc. {We will discuss about this services on the par in coming future}.
- Sudo User: It’s a replica of Root User, is used when a user needs the permissions similar to Root User. Only Root User can give the access to this user account for others.
Users
|
UID Range
|
Root User
|
0
|
System User
|
1-499
|
Normal User
|
500-6000
|
Network User
|
>6000
|
User management consists of three categories:
- Files and Directories for user.
- Password File Format.
- User management commands.
Let's discuss above categories in detail.
- File and Directories for user.
1.1 Basic files for user and groups:
File Name
|
Description
|
/etc/passwd
|
To
store user account information.
|
/etc/shadow
|
To
store password.
|
/etc/group
|
To
store group account information.
|
/etc/gshadow
|
Contains an encrypted password for each group
as well as group membership and administrator information.
|
1.2 User Environment Files and Directory
File Name
|
Description
|
/etc/skel/
|
Files
and directories automatically copied to a new user’s home directory.
|
/etc/default/useradd
|
Useradd
default file.
|
/etc/login.defs
|
Defines
the site specific configuration for the shadow password suite.
|
/etc/profile
|
Controls
system-wide default variable such as export variables, File creation mast (umask),
Terminal types, Mail messages.
|
~/.bash_profile
|
Execute
to configure your shell before the initial command messages.
|
/etc/bashrc
|
Interactive
non-login shell started at the command-line using a shell program such as
/bin/bash/ or /bin/sh, executed by ~/.bashrc.
|
2. Password File Format.
2.1 (/etc/passwd)
*Note: u id = user id , g id = group id
2.2 (/etc/shadow)
As with the passwd file, each field in the shadow file is also separated with ":" colon characters, and are as follows:
- Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.
- Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a ``*'' entry (eg. :*:) indicates the account has been disabled.
- The number of days (since January 1, 1970) since the password was last changed.
- The number of days before password may be changed (0 indicates it may be changed at any time)
- The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
- The number of days to warn user of an expiring password (7 for a full week)
- The number of days after password expires that account is disabled
- The number of days since January 1, 1970 that an account has been disabled
- A reserved field for possible future use.
3. User Management commands:
3.1) useradd - add new user
a) Adding new user
# useradd/adduser linuxcare
b) list default setting
# useradd -D
# useradd -D -s /bin/sh //change default shell
c) Primary and supplementary groups
# useradd -g admin -G mail linuxcare
d) Home directory
# useradd -d /home/linuxcare-home linuxcare
e) change skel directory
# useradd -m -k /etc/skel2 linuxcare
f) useradd -s /bin/sh linuxcare // /etc/shells
g) specific uid
# useradd -u 550 linuxcare
h) Account expire
# useradd -e 2014/04/30 linuxcare
3.2) usermod - modify user's data
a) Shell and directory change
# usermod -s /bin/csh -d /home/linuxcare-hime -m linuxcare
b) Login name change
# usermod -l linuxcare(new) rax(old)
c) Lock and unlock user
# usermod -L linuxcare // Lock
# usermod -U linuxcare // Unlock
d) New UID and GID
# usermod -u 510 -g 600 linuxcare
e) Expire date
# usermod -e 2014/04/30 linuxcare
# usermod -e "" linuxcare // remove expire date
3.3) userdel - delete user
a) Delete user, leaving home directory
# userdel linuxcare
b) Delete user with home directory
# userdel -r linuxcare
3.4) Creating password for user
a) passwd
# passwd linuxcare
3.5) chown - change ownership for file and directory
a) # chown root /dir // change user ownership
b) # chown root.named /dir // change user and group ownership
3.6) Login without password - empty field
# grep linuxcare /etc/shadow
linuxcare: :13774:0:99999:7:::
3.7) Blocking login by emergent situation
# cat /etc/nologin
3.8) Listing user information
# finger -l linuxcare
So In this way users can be managed in Linux from command line.
By Linux Care
