List profiles in linux

Содержание

Is there a command to list all users? Also to add, delete, modify users, in the terminal?
10 Answers 10
To list
To add
To remove/delete
To modify
List profiles in linux
system profile
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
Debian overview
RHEL5 overview
practice: user profiles
solution: user profiles

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

I need a command to list all users as well as commands to add, delete and modify users from terminal — any commands that could help in administrating user accounts easily by terminal.

10 Answers 10

To list

To list all local users you can use:

To list all users capable of authenticating (in some way), including non-local, see this reply.

Some more useful user-management commands (also limited to local users):

To add

To add a new user you can use:

sudo adduser new_username

sudo useradd new_username

To remove/delete

To remove/delete a user, first you can use:

Then you may want to delete the home directory for the deleted user account :

Please use with caution the above command!

To modify

To modify the username of a user:

usermod -l new_username old_username

To change the password for a user:

To change the shell for a user:

To change the details for a user (for example real name):

To add a user to the sudo group:

And, of course, see also: man adduser , man useradd , man userdel . and so on.

Radu forgot to mention sudo chfn which changes user details (for example real name). I tried to add this as a comment, but I got error telling me that I must have +50 reputation to do so.

I think that it should be underlined that the correct answer to the linked question is askubuntu.com/a/381646/16395 — otherwise you have to take into account the GID/UID Ubuntu policies by hand. The accepted answer is not so clear.

sudo userdel DOMAIN\\johndoe gives me the error: «userdel: cannot remove entry ‘DOMAIN\johndoe’ from /etc/passwd — I looked in /etc/passwd and they’re not even in there, likely because it’s a «domain» account?

@00fruX Yeah. If you’re using a centralised user database you’re going to need to deal with it directly.

Just press Ctrl + Alt + T on your keyboard to open Terminal. When it opens, run the command(s) below:

less /etc/passwd more /etc/passwd

@nux A bit late to the party, but from command line use adduser instead, useradd should be limited to scripts where the author really really knows what he is doing.

The easiest way to get this kind of information is getent — see manpage for the getent command . While that command gives the same output as cat /etc/passwd it is useful to remember because it will give you lists of several elements in the OS.

To get a list of all users you type (as users are listed in /etc/passwd )

To add a user newuser to the system you would type

to create a user that has all default settings applied.

Bonus: To add any user (for instance anyuser) to a group (for instance cdrom) type

sudo adduser anyuser cdrom

You delete a user (for instance obsolete) with

Читайте также: Acl права доступа linux

If you want to delete his home directory/mails as well you type

sudo deluser --remove-home obsolete

sudo deluser --remove-all-files obsolete

will remove the user and all files owned by this user on the whole system.

It’s useful to remember that getent doesn’t just print the output of users in /etc/passwd but all users in all configured userdb backends on a given system, whether it’s /etc/passwd or LDAP, etc.

@MarcinKaminski is right, it also prints users setup in SSO systems who have access to the server. this answer is the the best one, with getent passwd being the right command

This should get, under most normal situations, all normal (non-system, not weird, etc) users:

awk -F'[/:]' '= 1000 && $3 != 65534) print $1>' /etc/passwd

reading in from /etc/passwd
using : as a delimiter
if the third field (the User ID number) is larger than 1000 and not 65534, the first field (the username of the user) is printed.

This is because on many linux systems, usernames above 1000 are reserved for unprivileged (you could say normal) users. Some info on this here:

A user ID (UID) is a unique positive integer assigned by a Unix-like operating system to each user. Each user is identified to the system by its UID, and user names are generally used only as an interface for humans.

UIDs are stored, along with their corresponding user names and other user-specific information, in the /etc/passwd file.

The third field contains the UID, and the fourth field contains the group ID (GID), which by default is equal to the UID for all ordinary users.

In the Linux kernels 2.4 and above, UIDs are unsigned 32-bit integers that can represent values from zero to 4,294,967,296. However, it is advisable to use values only up to 65,534 in order to maintain compatibility with systems using older kernels or filesystems that can only accommodate 16-bit UIDs.

The UID of 0 has a special role: it is always the root account (i.e., the omnipotent administrative user). Although the user name can be changed on this account and additional accounts can be created with the same UID, neither action is wise from a security point of view.

The UID 65534 is commonly reserved for nobody, a user with no system privileges, as opposed to an ordinary (i.e., non-privileged) user. This UID is often used for individuals accessing the system remotely via FTP (file transfer protocol) or HTTP (hypertext transfer protocol).

UIDs 1 through 99 are traditionally reserved for special system users (sometimes called pseudo-users), such as wheel, daemon, lp, operator, news, mail, etc. These users are administrators who do not need total root powers, but who perform some administrative tasks and thus need more privileges than those given to ordinary users.

Some Linux distributions (i.e., versions) begin UIDs for non-privileged users at 100. Others, such as Red Hat, begin them at 500, and still others, such Debian, start them at 1000. Because of the differences among distributions, manual intervention can be necessary if multiple distributions are used in a network in an organization.

Also, it can be convenient to reserve a block of UIDs for local users, such as 1000 through 9999, and another block for remote users (i.e., users elsewhere on the network), such as 10000 to 65534. The important thing is to decide on a scheme and adhere to it.

Among the advantages of this practice of reserving blocks of numbers for particular types of users is that it makes it more convenient to search through system logs for suspicious user activity.

Contrary to popular belief, it is not necessary that each entry in the UID field be unique. However, non-unique UIDs can cause security problems, and thus UIDs should be kept unique across the entire organization. Likewise, recycling of UIDs from former users should be avoided for as long as possible.

Источник

Читайте также: Router linux open source

List profiles in linux

Logged on users have a number of preset (and customized) aliases, variables, and functions, but where do they come from ? The shell uses a number of startup files that are executed (or rather sourced ) whenever the shell is invoked. What follows is an overview of startup scripts.

system profile

Both the bash and the ksh shell will verify the existence of /etc/profile and source it if it exists.

When reading this script, you will notice (both on Debian and on Red Hat Enterprise Linux) that it builds the PATH environment variable (among others). The script might also change the PS1 variable, set the HOSTNAME and execute even more scripts like /etc/inputrc

This screenshot uses grep to show PATH manipulation in /etc/profile on Debian.

root@debian7:~# grep PATH /etc/profile PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" export PATH root@debian7:~#

This screenshot uses grep to show PATH manipulation in /etc/profile on RHEL7/CentOS7.

[root@centos7 ~]# grep PATH /etc/profile case ":$:" in PATH=$PATH:$1 PATH=$1:$PATH export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL [root@centos7 ~]#

The root user can use this script to set aliases, functions, and variables for every user on the system.

~/.bash_profile

When this file exists in the home directory, then bash will source it. On Debian Linux 5/6/7 this file does not exist by default.

RHEL7/CentOS7 uses a small ~/.bash_profile where it checks for the existence of ~/.bashrc and then sources it. It also adds $HOME/bin to the $PATH variable.

[root@rhel7 ~]# cat /data/sites/web/cobbautbe/subsites/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/.local/bin:$HOME/bin export PATH [root@rhel7 ~]#

~/.bash_login

When .bash_profile does not exist, then bash will check for ~/.bash_login and source it.

Neither Debian nor Red Hat have this file by default.

~/.profile

When neither ~/.bash_profile and ~/.bash_login exist, then bash will verify the existence of ~/.profile and execute it. This file does not exist by default on Red Hat.

On Debian this script can execute ~/.bashrc and will add $HOME/bin to the $PATH variable.

root@debian7:~# tail -11 /data/sites/web/cobbautbe/subsites/.profile if [ -n "$BASH_VERSION" ]; then # include .bashrc if it exists if [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" fi fi # set PATH so it includes user's private bin if it exists if [ -d "$HOME/bin" ] ; then PATH="$HOME/bin:$PATH" fi

RHEL/CentOS does not have this file by default.

~/.bashrc

The ~/.bashrc script is often sourced by other scripts. Let us take a look at what it does by default.

Red Hat uses a very simple ~/.bashrc , checking for /etc/bashrc and sourcing it. It also leaves room for custom aliases and functions.

[root@rhel7 ~]# cat /data/sites/web/cobbautbe/subsites/.bashrc # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functions

On Debian this script is quite a bit longer and configures $PS1, some history variables and a number af active and inactive aliases.

root@debian7:~# wc -l /data/sites/web/cobbautbe/subsites/.bashrc 110 /data/sites/web/cobbautbe/subsites/.bashrc

~/.bash_logout

When exiting bash , it can execute ~/.bash_logout .

Debian use this opportunity to clear the console screen.

serena@deb503:~$ cat .bash_logout # ~/.bash_logout: executed by bash(1) when login shell exits. # when leaving the console clear the screen to increase privacy if [ "$SHLVL" = 1 ]; then [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q fi

Red Hat Enterprise Linux 5 will simple call the /usr/bin/clear command in this script.

[serena@rhel53 ~]$ cat .bash_logout # ~/.bash_logout /usr/bin/clear

Red Hat Enterprise Linux 6 and 7 create this file, but leave it empty (except for a comment).

paul@rhel65:~$ cat .bash_logout # ~/.bash_logout

Debian overview

Below is a table overview of when Debian is running any of these bash startup scripts.

Table 4.1. Debian User Environment

RHEL5 overview

Below is a table overview of when Red Hat Enterprise Linux 5 is running any of these bash startup scripts.

Table 4.2. Red Hat User Environment

script	su	su —	ssh	gdm
~./bashrc	yes	yes	yes	yes
~/.bash_profile	no	yes	yes	yes
/etc/profile	no	yes	yes	yes
/etc/bashrc	yes	yes	yes	yes

practice: user profiles

1. Make a list of all the profile files on your system.

2. Read the contents of each of these, often they source extra scripts.

3. Put a unique variable, alias and function in each of those files.

4. Try several different ways to obtain a shell (su, su -, ssh, tmux, gnome-terminal, Ctrl-alt-F1, . ) and verify which of your custom variables, aliases and function are present in your environment.

5. Do you also know the order in which they are executed?

6. When an application depends on a setting in $HOME/.profile, does it matter whether $HOME/.bash_profile exists or not ?

solution: user profiles