Weight | 2 |
Description | Creating users and groups on a Linux system. |
Key Knowledge Areas:
- User and group commands.
- User IDs.
The following is a partial list of the used files, terms and utilities:
- /etc/passwd, /etc/shadow, /etc/group.
- id, last.
- useradd, groupadd.
- passwd.
Nice to know:
- usermod, userdel.
- groupmod, groupdel.
In the last tutorial we looked at the users that we have in Linux and differentiating between the root user and standard users and how root can delegate tasks with sudo. Now we look more at managing users and their account life cycle; in other words resetting their forgotten passwords every week.
If we can recall local users are defines in the file /etc/passwd, their passwords are usually stored in the file /etc/shadow and groups are defines in /etc/group.
Migrating passwords to and from /etc/shadow
Traditionally the users password was stored with their account details in the /etc/passwd file but more recently the passwords have been stored in the /etc/shadow file. Either way their were encrypted but the shadow file is only accessibly by the root user whereas the passwd file needs to be readable by all. Passwords can be migrated to and from the /etc/passwd file with the pwconv (/usr/sbin/pwconv) and pwunconv (/usr/sbin/pwunconv) commands.
Public and Private groups
Red Hat and CentOS use a private group scheme where each user is a member of their own private group. If we create a user named bob then a corresponding group also named bob is created with the user bob as the only member. Other distributions such as SUSE use a public group system and it would be normal for users to default to belonging to the users group. If you using a Red Hat style distribution with private groups then using the -N switch with useradd will disable the private group for that user and they will belong to the normal users group.
For example:
- useradd -N joe : will create the user joe as a member of the default users group
- useradd joe : will create the user and group bob with the user joe as a member of the private group joe
Managing users and groups
User management is maintained by:
- useradd
- usermod
- userdel
Group management with:
- groupadd
- groupmod
- groupdel
Passwords are managed with:
- passwd
- chage