Linux user administration


Linux user administration tutorialIn today’s article we will talk about user administration in UNIX/Linux distributions. If you are familiar with Windows user administration then, this lesson will be much easier to digest. A Linux account is composed of several components: username, password, home directory and environment. You’ll need to know that each username is identified by an UID (User ID) which is a unique number in the users database. The correspondence between UID and username is made to make things easier for System Administrators to identify System users.
   Users are organized into Groups to allow multiple accounts to interact with resources within the Linux File System. Each group is identified by a unique GID (group ID). Remember that each user can be part of one primary group and up to 15 secondary groups.
   Just like in Windows, each file will have permissions assigned for several entities. In Linux, these entities are: owner, group and others. It’s important to understand that each file will have these three permission categories assigned. Further more, each process running in Linux is executed using an UID and GID which basically sets the process permissions within the OS.
   The UID is a unique number that is below or equal to 2147483647. UID can be divided into three categories:
0 – super user account (root)
100, 500 or 1000 – depending on the distribution standard services and applications will require a service user to execute them. Remember that these accounts will normally not support interactive login and are used to serve as service accounts only.
above 1000 – Standard user accounts
There are several files which are responsible for storing the username, password and group information:
Linux passwd file/etc/passwd – username database
/etc/shadow – users password database
/etc/group – group database
/etc/gshadow – group password database
You can view the contents of any of these files by executing the cat command. Let’s take for example passwd file which stores the System usernames: cat /etc/passwd
Each database entry is composed of several elements:
username:x:UID:GID:comment:home_directory:login_shell
  • x – password field used in older Linux distributions, System passwords are now stored in /etc/shadow database
  • comment – used to add a description for a particular user
  • login_shell – default shell used by users when interacting with the Operating System.
Let’s take a look in the password file using the same command: cat /etc/shadow
Each entry in the database is composed of several items:
loginID:password:lastchg:min:max:warn:inactive:expire:

Linux shadow file

  • loginID – username which corresponds to an entry in the passwd file
  • password – password hash
  • latchg – the last date when the password was changed
  • the min, max values are the minimum and maximum days that must pass before the password can/must be changed
  • warn – a warning message can be set before the password expires
  • inactive – number of inactive days before the account is locked
  • expire – account expiration date

Linux group file

The group database includes secondary groups for each account. Type cat /etc/group to visualize its content.

 

As you can see from the command’s output, each entry is composed of the following fields:
groupname:group-password:GID:username-list
The username-list contains users that are part of that particular group.
Below you will find the main commands used to interact with usernames, groups and passwords
useradd,userdel,usermod – add/delete/modify users
groupadd, groupdel, groupmod – add/delete/modify groups
passwd – tool to change user’s passwords
The following commands are used to interact with specific fields from the shadow and passwd databases: chfnchpasswdchage
chsh – command used to change a user’s shell
chfn – command is used to change user’s GECOS name

Linux change user GECOS
Useradd – command supports multiple parameters, I will point out some of these parameters:
-s – default shell used by the user
-c – additional comment can be set
-g – primary group of the user

-G – secondary groups

 

-u – sets the user’s UID
-d – specifies the personal directory of the user
-m – creates the home directory
-U – creates a group that has the same name
Example: useradd -u 2014 -d /home/user1 -m -s /bin/bash -U user1
To explore all parameters for this command type man useradd or useradd –help:
Useradd command
 To configure a user password to never expire use the following command:
chage -m 0 -M 99999 -I -1 -E -1 username
You can verify the password expiration details by typing chage -l username:
Linux user administration

Command to verify user password expiration date

Linux useradd command

We can set default parameters used when executing useradd command by editing the /etc/default/useradd file. You can used the -D parameter to visualize and interact with the default parameters used with this command. The command also supports so called skeleton directory which contain default configuration file for the user’s environment. The skeleton directory can be set using SKEL=/etc/skel or useradd -k /path/to/skel. You can configure standard configuration files for different applications: bash,

 

.bashrc, .bash_history, .bash_profile, .inputrc, .vimrc, etc.

 

The usermod command supports similar parameters as useradd and it’s used to change different fields from the username database. It would be good to remember the following parameters:
Usermod command
-U – unlock user account.
-L – lock user account. When a user is locked, a “!” symbol will be placed before its password in the /etc/shadow file. When a user is unlocked, the “!” character disappears:
Linux Usermod command

Linux passwd command

To change a user’s password type passwd username. Let’s take the newly created user and set a new password: passwd user1

 

Linux Userdel command

To delete an existing username, execute the following command: userdel username. The command with any parameters will delete the user from the passwd and shadow files but, will not delete its home directory. To include the home directory deletion in the command execution, add the -r parameter

 

That’s about it for this article folks, please share your thoughts about it and don’t forget to share it to others. If you have any suggestions regarding this topic don’t hesitate to use my comments dedicated section. Wish you all the best and don’t forget to enjoy your day!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s