Scribd
Upload
42 views

10 Linux User Management

Linux User Management

Uploaded by

TrurlScribd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
42 views

10 Linux User Management

Linux User Management

Uploaded by

TrurlScribd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

User Management

/etc/passwd file
/etc/shadow file
useradd
userdel
usermod
chsh

NOTE: the /etc directory is where Host-


Specific Configuration files are stored
Chapter 16 (first part)
Almost everything a user can or cant do in a
Linux system is determined by:
what user they log in as (or become with su)
what group(s) that user belongs to

When an user is created on the system, the


following information is stored in /etc/passwd
login name
passwd
User ID # (UID)
Group ID (GID)
Comments, other information
Typically users full name
Home directory
typically /home/$USERNAME
Default shell to use
typically /bin/bash

All of this information about the user, is


maintained by the system in the file
/etc/passwd
user1 : x: xxx : yyy : other info : /home/dir : /bin/bash

Field #1: login name


user name the user needs to type in to log into
the system
Field #2: password field
contains encrypted password
encrypted password is maintained in separate file
Field #3: UID
User ID associated to login name
Field #4: GID
main Group ID associated to login name
Field #5: other info or comment
other information about the user, such as real name,
office #, telephone number, etc
Field #6: default home directory for user
set by administrator, directory is owned and managed
by user
Field #7: default shell for user
shell that user will start in when login into the system

spacing exaggerated to enhance viewing. There are no spaces


before or after the field delimiter (:)
/etc/passwd file
It generally requires root access for
modifications

Its content can be viewed by anyone

Users can modify content related to their own


account info using the appropriate commands
only
(such as passwd to change password)

All user passwords will be stored in


/etc/shadow, accessible only by root or root
processes
When a system has shadow passwords
enabled, the password field in /etc/passwd
is replaced by an "x" and the user's real
encrypted password is stored in /etc/shadow.
Because /etc/shadow is only readable by the
root user, malicious users cannot crack their
fellow users' passwords
Each entry in /etc/shadow contains the user's login, their
encrypted password, and a number of fields relating to
password expiration. A typical entry looks like this:

user1:/3GJllg1o4152:11009:0:99999:7:::

Username, up to 8 characters. Case-sensitive, usually


all lowercase. A direct match to the username in the
/etc/passwd file.
Encrypted password. !! indicates the account password
has not been set, and a ``*'' entry (eg. :*:) indicates the
account has been disabled.
The number of days (since January 1, 1970) since the
password was last changed.

The number of days before password may be changed


(0 indicates it may be changed at any time)

The number of days after which password must be


changed (99999 indicates user can keep his or her
password unchanged for many, many years)

The number of days to warn user of an expiring


password (7 for a full week)
The number of days after password expires
that account is disabled

The number of days since January 1, 1970 that


an account has been disabled

A reserved field for possible future use


useradd [options] username
Used to create a new user account. Linux will also
create a group with the same name by default.
Userful options
-d
Define home directory
-g
Initial group name, the group name must exist
-G
A comma-separated list of supplementary groups
which the use is also a member of.
-c
Any text string: add comments or other
information: such as users full name
-n
Turn off the behavior of creating a group
with the same name
-e
Account expiration date: YYYY-MM-DD
-s
Login shell
-m
Create home directory if does not exist

Example:
Add a user named prof
useradd -c Course Professor -d /home/prof
-g faculty -G computer, staff -e 2011-12-31
s /bin/bash prof
userdel [options] username
Remove an user from the system
Options
-r
Remove the users home directory and files
contained in it
usermod [options] username
Allows for modifying most of the information stored in
/etc/passwd associated with an user account
several options available to modify almost all of the
information associated with any account, assuming the
user has the right to modify the information
-c
add comments or other information
-d
change home directory if m option is given, the
contents of the users home directory will be moved
to the new home directory, which will be created if
it doesnt exist
-g
change initial group
-G
change supplementary groups which user
is also a member of
-s
change the login shell
-e
The date on which the user account will be
disabled: YYYY-MM-DD
-l
Change login name
-L
Disable/lock users password, which will place a !
before encrypted password in /etc/shadow
-U
Enable/Unlock users password, which will remove the
! from encrypted password in /etc/shadow
chsh [options] username
Changes login shell associated with a user
account
if a shell isnt specified on the command line,
it will prompt for the shell to use

Options
-s
specify the shell to associate to the account
-l
list currently available shells

You might also like