X

Rate Us :



Share with Friends :

Menu

User Administrator :


User :-


  • In computing, a user is a person who uses a computer or internet service.

  • A user will have a user account that identifies the user by username.

  • To log in the system, user is required to authenticate himself with the password for the purpose of accounting security, logging and resource management.

  • X

    authenticate :

    It refers to (a user or process) have one's identity verified.

  • When a user is created in Linux/Unix, the following are also created by default : Home directory - /home/[username] and Mail account - /var/spool/mail/[username] (if mail services are running).

  • A unique User Identifier(UID) and Group Identifier(GID) are created.

  • Red Hat Linux uses a User Private Group(UPG) scheme - when a user is created, a group with the same name as username is also created. This becomes the primary group for that user. A user can have only one primary group.

Types of user :

By default in any OS, there are two types of user :-

  • System user




  • Local user




System user :

It is created by OS to access the services and to manage OS. Example : root, ftp, apache, named.


Local user :

It is created by admin to access the resources depending on permission.


System user ID - 0 to 999
Local user ID - 1000 to 60000

Default root user and group id is 0 (zero).

User database files :

The information regarding the user is stored in the following files :-

  • /etc/passwd




  • /etc/shadow




Content of /etc/passwd :-

The information of each user is stored in the separate line of the file.

Each record has seven fields separated by a colon(:) as given :


algo : x : 1000 : 1000 : programming : /home/algo : /bin/bash

algo - username
x - mark password [actual password is store in /etc/shadow]
1000 - UID
1000 - GID
programming : comment [by default no comment]
/home/algo - home directory
/bin/bash - SHELL 

[root@localhost~]#echo $SHELL  
This command is used to check default linux OS login SHELL 

output : /bin/bash 
Content of /etc/shadow :-

This file contains the encrypted user password. Passwords are encrypted using SHA 512 default which can even be changed.


algo : hjfgdhshjfgds65475nt/:16350:0:99999:7:::

algo - username
hjfgdhshjfgds65475nt - encrypted password

Creating a user :


[root@localhost~]#useradd <user_name> This command is used to create user. [root@localhost~]#useradd <option> <argument> <user_name> This command is also used to create user. Option : -u -> UID -g -> Primary group -o -> override -G -> Secondary Group -c -> comment -d -> Home directory -s -> SHELL

How to manage a user :


Create a user - [root@localhost~]#useradd user1 Create a user with comment - [root@localhost~]#useradd -c "Programming" user1 Create a user with a specific user id - [root@localhost~]#useradd -u 1200 user1 To check user UID and GID - [root@localhost~]#id user1 To check user home directory - [root@localhost~]#ls /home To check user mail account - [root@localhost~]#ls /var/spool/mail Assign password to the user - [root@localhost~]#passwd user1 To delete a user - [root@localhost~]#userdel -r user1 To create second admin - [root@localhost~]#useradd -u 0 -g0 -o user2 To switch the admin to second super user - [root@localhost~]#su - user2 To verify - [root@localhost~]#pwd To logout - [root@localhost~]#exit

Modifying a user :


[root@localhost~]#usermod <option> <argument> <user_name> This command is also used to modify a user. Option : -l -> change the login name -L -> Lock the account -U -> Unlock the account All the options of useradd command can be used with usermod.

To change the user login name :


[root@localhost~]#usermod -l <new name> <old name> This command is also used to change the user login name. Example : [root@localhost~]#usermod -l user2 user1 It will change the user login name from user1 to user2.

To lock the user account :


[root@localhost~]#usermod -L <user_name> This command is also used to lock the user account. Example : [root@localhost~]#usermod -L user2 It will lock the user2 account.

To unlock the user account :


[root@localhost~]#usermod -U <user_name> This command is also used to unlock the user account. Example : [root@localhost~]#usermod -U user2 It will unlock the user2 account.

To see status of the password policy :


[root@localhost~]#tail -3 /etc/shadow This command is used to provide status of the password policy. Output : a1:!!: -> no password a2:$$$: -> password a3:!$$$: -> password with account lock

Group Admin :

Group is a collection of users to whom same permissions are to be applied. There are two types of group :-

  • primary group




  • secondary group




Database files :


  • /etc/group




  • /etc/gshadow




Content of /etc/group :

The information of each group created is stored in the separate line in the file.

Each record has four fields separated by colon(:) as given :-


algogroup : x : 1000 : algouser1,algouser2

algogroup - group name
x - mark password [actual password is store in /etc/gshadow]
1000 - GID
algouser1,algouser2 : secondary members

Content of /etc/gshadow :

This file contains the encrypted group password. Passwords are encrypted using MD5 (Message Digest version 5) algorithm.


algogroup : hksdglafhs89 : algoadmin : algouser1,algouser2

algogroup - group name
hksdglafhs89 - encrypted password
algoadmin - List of administrative members 
algouser1,algouser2 : List of members

How to manage a user :


Create a group - [root@localhost~]#groupadd group1 Create a group with specific group id - [root@localhost~]#groupadd -g 1200 group1 Create a group with an existing group id - [root@localhost~]#groupadd -g 1200 -o group2 [get same privilege to both groups] To check group database - [root@localhost~]#tail -3 /etc/group To check specific group database by group name - [root@localhost~]#grep group1 /etc/group To check specific group database by group id - [root@localhost~]#grep 1200 /etc/group To change the group name - [root@localhost~]#groupmod -n <new name> <old name> Example : [root@localhost~]#groupmod -n algogroup group1 To delete a group - [root@localhost~]#groupdel algogroup

Group Membership :


[root@localhost~]#gpasswd <option> <argument> <group name> Option : -M -> add multiple users to the group -A -> add a group administrator -a -> add a user to the group -d -> delete a user from the group Create a group - [root@localhost~]#groupadd algogroup Add users - [root@localhost~]#useradd user1 [root@localhost~]#useradd user2 [root@localhost~]#useradd user3 [root@localhost~]#useradd user4 [root@localhost~]#useradd algouser Add multiple users into group - [root@localhost~]#gpasswd -M user1,user2,user3 algogroup Add single user into group - [root@localhost~]#gpasswd -a user4 algogroup To check the list of group members - [root@localhost~]#grep algogroup /etc/group To control all group members we have to create group admin - [root@localhost~]#gpasswd -A algouser algogroup To check the list of group admin - [root@localhost~]#grep algogroup /etc/gshadow Remove a member of the group - [root@localhost~]#su - algouser [Login either from group admin or root] [algouser@localhost~]$gpasswd -d user1 algogroup [removing user1 from algogroup] [algouser@localhost~]$exit [to logout] Add a member to the group - [root@localhost~]#su - algouser [Login either from group admin or root] [algouser@localhost~]$gpasswd -a user1 algogroup [adding user1 to algogroup] [algouser@localhost~]$exit [to logout]