SIVA 99

Group Administration in Linux

Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. User management includes everything from creating a user to deleting a user on your system.

Types of Users

SuperUser or Root User :

The administrator of the Linux system who has all the rights. The root account belongs to the superuser. The root user doesn’t need permission to run any command. The root user always has userid 0.

System User :

The users created by the software or applications. For example, We installed Apache Kafka in the system, then it will create the user account named “Apache”. These are known as System Users created at the time of installing any application. System Users of userids between the 1 to 999.

Normal User :

Such accounts created by the root user are called Normal User. For example, the root user created an account named John, raju and so on. The name can be anything. The root user can create it as well as has the privilege to delete the account. Normal users userids between 1000 to 65K+.

Create a User :

We can use either useradd or adduser command for creating user.

If we can See User Account Information

If we can See Paticular User Account Information

tarak:x:1001:1001::/home/tarak:/bin/bash

This user Information divided into 7 fields or parts.

tarak --> user name
:X --> Encrypted password
:1001 --> uid (user id)
:1001 --> gid (group id)
: --> comments
:/home/tarak --> home directory of user
:/bin/bash --> shell

There are 4 configuration files that store the information regarding user password, group information and so on. These configuration files are located in /etc directory. Let’s discuss more about this.

Some of the operations are performed while creating the account such as:

/etc/default/useradd

While creating users as mentioned above, all the default options will be taken except group id. To view the default options give the following command

/etc/login.defs file

Linux user authentication is done with the shadow password file. the shadow password file is configured with the login.defs configuration file which is located under the /etc. This file provides configuration like password maximum days, password minimum days, etc.

# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#

# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR	Maildir
MAIL_DIR	/var/spool/mail
#MAIL_FILE	.mail

# Password aging controls:
#
#	PASS_MAX_DAYS	Maximum number of days a password may be used.
#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
#	PASS_MIN_LEN	Minimum acceptable password length.
#	PASS_WARN_AGE	Number of days warning given before a password expires.
#
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD	/usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME	yes

# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512
  • Location of user mailboxes
  • Password aging controls
  • Minimum and maximum values for automatic UID selection (1000 to 60000)
  • Minimum and maximum values for automatic GID selection (1000 to 60000)
  • Whether home directories should be created when adding a new user
  • Default umask
  • Encryption method used to encrypt passwords

If the USERGROUPS_ENAB directive in /etc/login.defs is set to YES, a group is created for the user with the same name as the username. If the directive is set to NO, the useradd command sets the primary group of the new user to the value specified by the GROUP directive in the /etc/default/useradd file, or 100 by default.

Once an account is created you can set its password using the passwd command as follows −

When you type passwd username, it gives you an option to change the password.

Create New USer With Specific Values :

You Have See More options Give in Terminal man useradd

Usermod :

The ‘usermod‘ command is simple to use with lots of options to make changes to an existing user.

  • -c = We can add comment field for the useraccount.
  • -d = To modify the directory for any existing user account.
  • -e = Using this option we can make the account expiry in specific period.
  • -g = Change the primary group for a User.
  • -G = To add a supplementary groups.
  • -a = To add anyone of the group to a secondary group.
  • -l = To change the login name from tarak to ramesh
  • -L = To lock the user account. This will lock the password so we can’t use the account.
  • -m = moving the contents of the home directory from existing home dir to new dir.
  • -p = To Use un-encrypted password for the new password. (NOT Secured).
  • -s = Create a Specified shell for new accounts.
  • -u = Used to Assigned UID for the user account between 0 to 999.
  • -U = To unlock the user accounts. This will remove the password lock and allow us to use the user account.

/etc/shadow :

/etc/shadow is a text file that contains information about the system’s users’ passwords. It is owned by user root and group shadow, and has 640 permissions .

redhat –> Username

:!! –> Encrypted Password

:19282 –> Last password change

:0 –> Minimum password age

:99999 –> Maximum password age

:7 –> Warning period

: –> Inactivity period

: –> Expiration date

: –> Unused (or) future purpose

To see the user password details :

chage -l username

To change user password details :

chage username

To change individual Parameters details :

Ex: chage -w 21 redhat

Delete an Account :

The userdel command can be used to delete an existing user.

deletion user
userdel username

deletion user along with home directory
userdel -r username