Red hat linux adding users

How to manage users and groups in Linux

«What skills must Linux administrators have?» is way too broad a question for any single article. But there are plenty of general must-have sysadmin skills—and user and group administration are chief among them. Proper user account management enables Linux to enforce access controls (permissions) and audit who does what on the system.

Great Linux resources

The commands below are written for Red Hat Enterprise Linux (RHEL) and RHEL-like distributions, but the concepts apply to any distribution of Linux. Knowing the skills and commands outlined in this article (and its two follow-up pieces, which dive deeper into user admin and group admin) helps ensure you’re ready for the day-to-day user and group administration tasks a sysadmin is called on to do.

Managing users

Users must authenticate to any system they need to use. This authentication provides access to resources and a customized, user-specific environment. The user’s identity is based on their user account. What skills do sysadmins need to manage user accounts?

1. Understand the /etc/passwd file

User account information is stored in the /etc/passwd file. This information includes the account name, home directory location, and default shell, among other values. Linux sysadmins should be able to recognize these fields.

Each field is separated by a : character, and not all fields must be populated, but you must delineate them.

Here’s an example of the /etc/passwd fields:

username:password:UID:GID:comment:home:shell

In this example, the comment field is empty:

dgarn:x:1001:1001::/home/dgarn:/bin/bash

Observe how the two colons still exist to delineate the comment field.

Here is an example with the comment field populated:

dgarn:x:1001:1001:Damon Garn:/home/dgarn:/bin/bash

I’ll discuss passwords more below, but expect to see an x in the password field of this file.

2. Understand the /etc/shadow file

Long ago, password hashes were stored in the /etc/passwd file. This file was world-readable, allowing inquisitive users to pull password hashes for other accounts from the file and run them through password-cracking utilities. Eventually, the password hashes were moved to a file readable only by root: /etc/shadow . Today, the password field in the /etc/passwd file is marked with an x .

Administrators should recognize each field in /etc/shadow . Several of the fields pertain to password requirements.

Here’s an example of /etc/shadow fields:

username:password:last password change:min:max:warning:inactive:expired

The first two fields identify the user and a hashed version of the password, while the remaining six fields represent password change information. The password information is manipulated with the chage command.

Look at these articles for additional details:

3. Create, modify, and delete user accounts

The process for managing user accounts is very straightforward. Sysadmins either add, modify, or delete users, and the related commands are quite intuitive.

The commands to manage user accounts on RHEL and RHEL-like distributions are:

Ken Hess documents these commands in Linux sysadmin basics: User account management. There are many options available to customize the user accounts and their related resources.

My companion article provides specifics about the useradd , usermod , and userdel commands.

[ You might also be interested in downloading the Bash shell scripting cheat sheet. ]

4. Manage password requirements

Many organizations rely on password policies to define appropriate password requirements. Sysadmins can enforce those requirements by using various mechanisms on Linux.

Two common ways of managing password settings are using the /etc/login.defs file or Pluggable Authentication Module (PAM) settings. Be sure to understand the options, fields, and settings for this important security configuration.

For more detail on password security settings, read:

Managing groups

It’s more efficient to group user accounts with similar access requirements than to manage permissions on a user-by-user basis. Therefore, sysadmins need to be comfortable with the process of creating, modifying, and deleting groups.

[ Practice your Linux skills in the free online course RHEL technical overview. ]

1. Understand the /etc/group file

Similar to the /etc/passwd file above, the /etc/group file contains group account information. This information can be essential for troubleshooting, security audits, and ensuring users can access the resources they need.

Understand each field of the file to make life easier as a sysadmin.

The fields in the /etc/group file are:

groupname:password:GID:group members

Here is an example of the editors group with two members:

Tyler Carrigan’s article Managing local group accounts in Linux presents this information nicely.

Linux groups are significantly different from local groups in Windows, so be sure to understand the differences.

2. Create, modify, and delete groups

Like the user account commands described above, the group management commands are very intuitive and provide a lot of flexibility. There is an easy-to-remember command for each function you might need to carry out for a group:

The following articles provide a good overview of working with groups:

3. Manage group membership

Linux security

Adding users to a group simplifies permissions management. Many people find the process a little unintuitive: Adding a user to a group modifies the user, not the group. Therefore, the necessary command is the usermod command.

Here are some commands to display group information:

• usermod : Update group membership
• id : Display a list of groups the user is a member of
• cat /etc/group : Show a list of existing groups, with membership displayed in the last field

One resource for these commands is their related man pages.

The process for adding users to a group requires the -a and/or -G options. Tyler Carrigan’s article Managing local group accounts in Linux covers using these options to manipulate group membership.

Wrap up

If these commands and files seem familiar, you can probably manage most basic sysadmin user and group management tasks in RHEL. Otherwise, you now have some great resources right at your fingertips for learning more.

Источник

3 basic Linux user management commands every sysadmin should know

How to use the useradd, usermod, and userdel commands is essential knowledge for Linux administrators.

I like logical commands; commands that are simple, straightforward, and just make sense. When I delivered Linux sysadmin training, I found Linux user management commands to be easy to explain.

Great Linux resources

I structured my explanation of account administration like this:

What three things must you do to manage user accounts?

So, what three commands accomplish these tasks? (As in my overview on account administration, these commands are for Red Hat Enterprise Linux and RHEL-like distributions, but the concepts apply to any distribution of Linux.)

Here is a breakdown of how to use these three commands with some of their related options in RHEL.

useradd

The most basic task is to create an account to represent the user who will be working on the system. Each user must authenticate to Linux with an identity that can be used to control their resource access and consumption. User accounts are stored in the /etc/passwd file. That file should not be edited directly by tools such as Vim. Instead, there is useradd , a user-creation utility that adds an account but also accomplishes additional tasks.

Use the useradd command to create accounts:

That’s enough to create the account. However, there are some options you can add. As always, review the associated man page for details. Here are a few common options:

• —create-home ( -m ): Adds a home directory (this is a default on some distributions)
• —shell ( -s ): Sets the user’s preferred shell if it’s different from /bin/bash
• —uid ( -u ): Specifies a particular user ID (UID)
• —comment ( -c ): Populates the comment field (usually with the user’s full name enclosed in quotes)

Settings for the useradd command are stored in the /etc/defaults/useradd file.

Also, don’t forget to set a password for the account by using the passwd command.

Try a few exercises to test these commands:

1. Create a user named test1 with a home directory named /home/salesuser .
2. Create a user named test2 with zsh as the default shell.
3. Create a user named test3 with «Temp User» in the comment field.

Note: These commands require root or administrative privileges, so use the sudo before each command.

[ Geat a free trial of full access to Red Hat’s curriculum. ]

usermod

Now that some user accounts exist on the system, you can modify their settings. You accomplish this with the usermod command and its related options. Modifications may be necessary when users change names, request different shells, or need updated password information.

Standard options for usermod include:

• —comment ( -c ): Modifies the comment field
• —home ( -d ): Modifies home directory information
• —expiredate ( -d ): Changes account-expiration settings
• —login ( -l ): Modifies the username
• —lock ( -L ): Locks a user account
• —unlock ( -U ): Unlocks a user account

Perhaps a user requests an account name change from test2 to testtwo. The command looks like this:

$ sudo usermod --login testtwo \ --comment "Test Two" test2

The test2 string is the argument in this command. The —login and —comment options act on that argument to modify the account.

Maybe a user is taking a leave of absence. The user will return, but the account should be inaccessible in the meantime. If an administrator deletes the account, the user’s data, group memberships, and other unique information may be lost or more difficult to access. It’s better to lock the account until their return.

Lock a user account by using the usermod command:

Upon the user’s return, unlock the account:

$ sudo usermod --unlock test1

Interestingly, adding a user to a group modifies the user, not the group. Therefore, you manage group membership with the usermod command.

The two primary group membership scenarios are:

• Add a user to a group and remove the user from all other groups
• Add a user to a group and retain the user’s membership in all other groups

Use the —groups ( -G for short) option with usermod to accomplish the first scenario (add a user to a group and remove them from other groups). The —append ( -a for short) option appends a group to the user, and when combined with -G , it retains its membership in other groups.

So, to add the test1 user account to the demo group and retain test1‘s membership in other groups, type:

$ sudo usermod --append --groups demo test1

Managing group membership is probably the most challenging use of the usermod command, but Tyler Carrigan’s article Managing local group accounts in Linux covers this topic well.

[ Practice your Linux skills in the free online course RHEL technical overview. ]

userdel

Finally, you might want to remove an account representing a user whose role has changed or is no longer with the organization.

To delete the account, type:

However, before deleting the account, don’t forget about resources such as the user’s home directory or system mail. You will want to ensure those resources get handled according to the organization’s written security policy.

Here are some common options for userdel that address these resources:

• —force ( -f ): Deletes the account (including mail and home directory), even if the user is still logged in
• —remove ( -r ): Deletes the account (including mail and home directory), but the user must be logged out

The userdel command is pretty simple. There aren’t many options, but they can be displayed by typing userdel —help .

Wrap up

Career advice

New Linux users sometimes have difficulty wrapping their heads around how many commands exist and how many of them sysadmins memorize. That memorization comes from years of use and experience. It’s handy, however, when some commands have logical names and simple options.

In RHEL, it doesn’t get much easier than:

It’s worth noting that some Linux distributions provide front end commands to perform the same tasks. For example, the adduser command steps the sysadmin through a series of interactive prompts to create a new user. On a Linux system running a graphical desktop, there are also GUI applications to help manage user accounts.

The three commands to manage groups are similar, and I cover those in another article. Sysadmins really only need to remember these basic commands to manage users and groups.

Источник