Describing User Concepts Objectives
What is a User?
A user account is used to provide security boundaries between different people and programs that can run commands.
Superuser access
1.Use sudo to switch to root and access the interactive shell as root without knowing the password of the superuser
2.Use sudo to run other commands as root
Managing Local User Accounts
You can use the id command to show information about the currently logged-in user.
To view the owner of a file use the ls -l command. To view the owner of a directory use the ls -ld command
pwd to display the current working directory.
Creating Users from the Command Line
The useradd username command creates a new user named username. It sets up the user's home directory and account information, and creates a private group for the user named username
The useradd --help command displays the basic options that can be used to override the defaults.Some defaults, such as the range of valid UID numbers and default password aging rules, are read from the /etc/login.defs file
Deleting Users from the Command Line
The userdel username command removes the details of username from /etc/passwd, but leaves the user's home directory intact.The userdel -r username command removes the details of username from /etc/passwd and also deletes the user's home directory.
Modifying Existing Users from the Command Line
The usermod --help command displays the basic options that can be used to modify an account.
Managing Local Group Accounts
What is group?
A group is a collection of users that need to share access to files and other system resources. Groups can be used to grant access to files to a set of users instead of just a single user.
Like users, groups have group names to make them easier to work with. Internally, the system distinguishes groups by the unique identification number assigned to them, the group ID or GID.
Creating Groups from the Command Line
The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.The -g option specifies a particular GID for the group to use.
Deleting Groups from the Command Line
The groupdel command removes groups.
You cannot remove a group if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain on the system that are owned by the group.
Modifying Existing Groups from the Command Line
The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group.
otice that the group name is updated to group0022 from group02.
The -g option specifies a new GID.
Changing Group Membership from the Command Line
The membership of a group is controlled with user management. Use the usermod -g command to change a user's primary group.
Use the usermod -aG command to add a user to a supplementary group.
The use of the -a option makes usermod function in append mode. Without -a, the user will be removed from any of their current supplementary groups that are not included in the -G option's list.
Configuring Password Aging
The preceding chage command uses the -m, -M, -W, and -I options to set the minimum age, maximum age, warning period, and inactivity period of the user's password, respectively.
The chage -d 0 user03 command forces the user03 user to update its password on the next login.
The chage -l user03 command displays the password aging details of user03.The chage -E user03 command causes the user03 user's account to expire
You can use the chage command to set account expiration dates. When that date is reached, the user cannot log in to the system interactively. The usermod command can lock an account with the -L option.
The preceding usermod command uses the -e option to set the account expiry date for the given user account. The -L option locks the user's password.
Locking the account prevents the user from authenticating with a password to the system. It is the recommended method of preventing access to an account by an employee who has left the company. If the employee returns, the account can later be unlocked with usermod -U. If the account was also expired, be sure to also change the expiration date.
The useradd, usermod, and userdel commands can be used to manage users.
The groupadd, groupmod, and groupdel commands can be used to manage groups.
The chage command can be used to configure and view password expiration settings for users.
Top comments (0)