Scribd
Upload
2 views

10. User Creation

The document provides an overview of important system files related to user and group administration in a Linux environment, including /etc/passwd, /etc/shadow, /etc/group, and their backup files. It also details the configuration settings found in /etc/default/useradd and /etc/login.defs, which govern user creation and password management. Additionally, it includes examples of user management commands and their outputs, demonstrating how to add users and the structure of related files.

Uploaded by

Bhupesh Kanire
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

10. User Creation

The document provides an overview of important system files related to user and group administration in a Linux environment, including /etc/passwd, /etc/shadow, /etc/group, and their backup files. It also details the configuration settings found in /etc/default/useradd and /etc/login.defs, which govern user creation and password management. Additionally, it includes examples of user management commands and their outputs, demonstrating how to add users and the structure of related files.

Uploaded by

Bhupesh Kanire
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Important Files

# /etc/passwd --> it contains all users general information. such as user id, gid, shell, home
directory etc.

# /etc/passwd- --> this is backup file of /etc/passwd

# /etc/shadow --> It contains all users password information. such as encrypted password,
password expiry, account expiry, warning period etc..

# /etc/shadow- --> This is backup file of /etc/shadow

# /etc/group --> It contains all groups general information. such as group id, group members list.

# /etc/group- --> This is backup file of /etc/group

# /etc/gshadow --> It contails all groups password information. such as encrypted password,
group admin, group members list.

# /etc/gshadow- --> This is backup file of /etc/gshadow

# /etc/default/useradd --> THis is the default user administration configuration file. you can
specify shell, skel, home directory, mail etc...

[root@localhost ~]# cat /etc/default/useradd

# useradd defaults file

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/bash

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

# /etc/login.defs --> This is main configuration file for user administration, group adminitration,
password management.

[root@localhost ~]# cat /etc/login.defs

#
# Please note that the parameters in this configuration file control the

# behavior of the tools from the shadow-utils component. None of these

# tools uses the PAM mechanism, and the utilities that use PAM (such as the

# passwd command) should therefore be configured elsewhere. Refer to

# /etc/pam.d/system-auth for more information.

# *REQUIRED*

# Directory where mailboxes reside, _or_ name of file, relative to the

# home directory. If you _do_ define both, MAIL_DIR takes precedence.

# QMAIL_DIR is for Qmail

#QMAIL_DIR Maildir

MAIL_DIR /var/spool/mail

#MAIL_FILE .mail

# Default initial "umask" value used by login(1) on non-PAM enabled systems.

# Default "umask" value for pam_umask(8) on PAM enabled systems.

# UMASK is also used by useradd(8) and newusers(8) to set the mode for new

# home directories if HOME_MODE is not set.

# 022 is the default value, but 027, or even 077, could be considered

# for increased privacy. There is no One True Answer here: each sysadmin

# must make up their mind.

UMASK 022

# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new

# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.

HOME_MODE 0700

# Password aging controls:

# PASS_MAX_DAYS Maximum number of days a password may be used.

# PASS_MIN_DAYS Minimum number of days allowed between password changes.

# PASS_MIN_LEN Minimum acceptable password length.

# PASS_WARN_AGE Number of days warning given before a password expires.

PASS_MAX_DAYS 99999

PASS_MIN_DAYS 0

PASS_MIN_LEN 5

PASS_WARN_AGE 7

# Min/max values for automatic uid selection in useradd

UID_MIN 1000

UID_MAX 60000

# System accounts

SYS_UID_MIN 201

SYS_UID_MAX 999

# Min/max values for automatic gid selection in groupadd

#
GID_MIN 1000

GID_MAX 60000

# System accounts

SYS_GID_MIN 201

SYS_GID_MAX 999

# If defined, this command is run when removing a user.

# It should remove any at/cron/print jobs etc. owned by

# the user to be removed (passed as the first argument).

#USERDEL_CMD /usr/sbin/userdel_local

# If useradd should create home directories for users by default

# On RH systems, we do. This option is overridden with the -m flag on

# useradd command line.

CREATE_HOME yes

# This enables userdel to remove user groups if no members exist.

USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.

ENCRYPT_METHOD SHA512
# /etc/skel/ --> This is skeleton directory this provides user login program, user profile program ,
logout program

.bashrc --> this is local login program for user

.bash_profile --> This is local profile program for user

.bash_logout --> This is local logout program for user

/etc/bashrc --> This is the global login program

[root@localhost ~]# cat /etc/bashrc

# /etc/bashrc

# System wide functions and aliases

# Environment stuff goes in /etc/profile

# It's NOT a good idea to change this file unless you know what you

# are doing. It's much better to create a custom.sh shell script in

# /etc/profile.d/ to make custom changes to your environment, as this

# will prevent the need for merging in future updates.

# Prevent doublesourcing

if [ -z "$BASHRCSOURCED" ]; then

BASHRCSOURCED="Y"

# are we an interactive shell?

if [ "$PS1" ]; then

if [ -z "$PROMPT_COMMAND" ]; then

case $TERM in

xterm*|vte*)
if [ -e /etc/sysconfig/bash-prompt-xterm ]; then

PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm

elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then

PROMPT_COMMAND="__vte_prompt_command"

else

PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}"


"${PWD/#$HOME/\~}"'

fi

;;

screen*)

if [ -e /etc/sysconfig/bash-prompt-screen ]; then

PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen

else

PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}"


"${PWD/#$HOME/\~}"'

fi

;;

*)

[ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-


prompt-default

;;

esac

fi

# Turn on parallel history

shopt -s histappend

history -a

# Turn on checkwinsize

shopt -s checkwinsize

[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "


# You might want to have e.g. tty in prompt (e.g. more virtual machines)

# and console windows

# If you want to do so, just add e.g.

# if [ "$PS1" ]; then

# PS1="[\u@\h:\l \W]\\$ "

# fi

# to your custom modification shell script in /etc/profile.d/ directory

fi

if ! shopt -q login_shell ; then # We're not a login shell

# Need to redefine pathmunge, it gets undefined at the end of /etc/profile

pathmunge () {

case ":${PATH}:" in

*:"$1":*)

;;

*)

if [ "$2" = "after" ] ; then

PATH=$PATH:$1

else

PATH=$1:$PATH

fi

esac

# By default, we want umask to get set. This sets it for non-login shell.

# Current threshold for system reserved uid/gids is 200

# You could check uidgid reservation validity in


# /usr/share/doc/setup-*/uidgid file

if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then

umask 002

else

umask 022

fi

SHELL=/bin/bash

# Only display echos from profile.d scripts if we are no login shell

# and interactive - otherwise just process them to set envvars

for i in /etc/profile.d/*.sh; do

if [ -r "$i" ]; then

if [ "$PS1" ]; then

. "$i"

else

. "$i" >/dev/null

fi

fi

done

unset i

unset -f pathmunge

fi

fi

# vim:ts=4:sw=4

[root@localhost ~]#
# /var/spool/mail/<username> --> Local users mail box

# /root --> This is root user's home directory

# /home/<user name> --> This is local users home directory

# eg: /home/jack

# /home --> base directory

# jack --> home directory

# User Administration
cmd: useradd or # adduser

it edits /etc/passwd, /etc/shadow, /etc/group , /etc/gshadow

create a home directory for new users. in /home directory

sets permission and ownership to home directory.

syntax:

# useradd <username>

# adduser <username>

# eg:

[root@localhost ~]# useradd jack

[root@localhost ~]# adduser jerry

[root@localhost ~]# cat /etc/passwd

jack:x:1004:1005::/home/jack:/bin/bash

jerry:x:1005:1006::/home/jerry:/bin/bash

[root@localhost ~]# tail -2 /etc/passwd


jack:x:1004:1005::/home/jack:/bin/bash

jerry:x:1005:1006::/home/jerry:/bin/bash

jerry:x:1005:1006::/home/jerry:/bin/bash
1 2 3 4 5 6 7

field1: username

field2: redirected password

field3: userid

field4: groupid

field5: comment

field6: user home ditrectory

field7: users login shell

[root@localhost ~]# tail -2 /etc/shadow

jack:!!:18900:0:99999:7:::

jerry:!!:18900:0:99999:7:::

[root@localhost ~]#

[root@localhost ~]# tail -2 /etc/group

jack:x:1005:

jerry:x:1006:

[root@localhost ~]# tail -2 /etc/gshadow

jack:!::

jerry:!::

[root@localhost ~]#
[root@localhost ~]# id jack

uid=1004(jack) gid=1005(jack) groups=1005(jack)

[root@localhost ~]# ls /home/

harry jack jerry natasha sarah student

[root@localhost ~]#

[root@localhost ~]# ls /var/spool/mail/

harry jack jerry natasha rpc sarah student

[root@localhost ~]# su - jack

[jack@servera ~]$

[jack@servera ~]$ useradd sam

useradd: Permission denied.

useradd: cannot lock /etc/passwd; try again later.

[jack@servera ~]$

[jack@servera ~]$ pwd

/home/jack

[jack@servera ~]$ touch abc

[jack@servera ~]$ ls

abc

[jack@servera ~]$

[jack@servera ~]$ ls

abc

[jack@servera ~]$ ls -a

. .. abc .bash_logout .bash_profile .bashrc .cache .mozilla

[jack@servera ~]$

[jack@servera ~]$ ls
abc

[jack@servera ~]$ exit

logout

[root@localhost ~]# ls /home/jack/

abc

[root@localhost ~]#

[root@localhost ~]# ls -ld /home/jack/

drwx------. 4 jack jack 124 Sep 30 20:49 /home/jack/

You might also like