CCNA RHCE MCITP

User Administration

Every process on the system runs as a particular user.Every file is owned by a particular user.Access to files and directories are restricted by user.the user associated with the running process determines the files and directories accessible to that process

There are three different types of users are present in the linux .they are

Super user

Super user is a user who will have all the permissions over the system. He will have complete authority on the system.

Root user is the super user

System user

The users created during the installation of the operating system are known as super users.supers users are also created when we deploy any application or install any server

Normal user

These users are created manually

UID

A user ID (UID) is a unique positive integer assigned by a Unix-like operating system to each user. Each user is identified to the system by its UID, and user names are generally used only as an interface for humans.

UID for:

Super user :0

Systemusers:1-499

Normal users:500-60,000

User creation

useradd command is used to create the new users

Options

-d to create home directory

-s to create Shell

-p to assign password

-g primary group assigned to the users

-G Other groups the user belongs to

-m Create the user's home directory

-c comment

The users created are specified in a /etc/passwd

Format

user-name:x:user-number:group-number:comment section:/home-directory:default-shell

The fields are:

1.Username: It is used when user logs in. It should be between 1 and 32 characters in length.

2.Password: An x character indicates that encrypted password is stored in /etc/shadow file.

3.User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.

4.Group ID (GID): The primary group ID (stored in /etc/group file)

5.User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.

6.Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /

7.Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Login shell(/bin/bash):Those users who will have an interactive access of default shell is called as login shell. Those users who will have login shell can easily login

No login(/sbin/nologin): Those users who doesn’t have interactive access of default shell

Note :Super user and normal user will have login shell and System users will have no login shell

Id command

id username shows user and group id’s

Modify user account

usermod command is used to modify the user accounts

-d to modify home directory

-s to modify Shell

-p to change password

-g change primary group assigned to the users

-G change Other groups the user belongs to

-m change the user's home directory

-c change comment filed comment

Deletion of user

userdel command is used to delete the user

-r option is used to remove the home directory

Assigning a password to user

Passwd command is used to assign password to the user.the /etc/shadow file contains users' encrypted passwords and other information about the passwords.

raju:Ep6mckrOLChF.:10063:0:99999:7:::

1. User name : It is your login name

2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits

3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed

4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password

5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)

6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed

7. Inactive : The number of days after password expires that account is disabled

8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

Options:

-r Specifies the repository to which an operation is applied. The supported repositories are files, nis or nisplus.

-a Show password attributes for all entries.

-d Deletes password for name. The login name will not be prompted for password. It is only applicable to the files repository.

-l Locks password entry for name.

-e Change the login shell.

-f Force the user to change password at the next login by expiring the password for name.

-g Change the gecos (finger) information. For the files repository, this only works for the superuser. Normal users may change the nis or nisplus repositories.

-h Change the home directory.

-n min Set minimum field for name. The min field contains the minimum number of days between password changes for name. If min is greater than max, the user may not change the password.

-s Displays information including your username and if you do/don't have a password (This command will not actually show the password.)

mm/dd/yy The month date and year that the password was last changed. This information is derived from the Greenwich Mean Time (Universal Time) and therefore may differ by as much as a day in some times zones.

min The minimum number of days between password changes.

max The maximum number of days the password is valid for the name.

warn The number of days relative to max before the passwd uses pam for password management.

-w warn Set warn field for name. The warn field contains the number of days before the password expires and the user is warned. This option is not valid if password aging is disabled.

Last command

last :show listing of last logged in users

Examples :

Useradd –s /bin/sh –c”systemadmin” –d /raju –u 1228 –p “redhat” –G RHCE Raju

Usermod –s /bin/bash –d /raju –u 1220 –p “redhat123” –G Redhat Raju

Userdel –r Raju

passwd –s Raju