technical skills grow

Responsive Ads Here

Sunday, July 18, 2021

Root user | Create User | Group | Userdel | usermod | useradd | etc/passwd" | /etc/shadow | gpasswd | password aging policies


Linux there are three types of users.

1. Super user or root user

Super user or the root user is the most powerful user. He is the administrator user.

2. System user

System users are the users created by the softwares or applications. For example if we install

Apache it will create a user apache. These kinds of users are known as system users.

3. Normal user

Normal users are the users created by root user. They are normal users like Rahul, Musab etc.

Only the root user has the permission to create or remove a user .

Whenever a user is created in Linux things created by default:-

 1. A home directory is created(/home/username)
 2. A mail box is created(/var/spool/mail)
 3. unique UID & GID are given to user

Linux uses UPG (User Private Group) scheme
1. It means that whenever a user is created is has its own private group For Example if a user is created with the name Rahul, then a primary group for that user will be Rahul only

There are two important files a user administrator should be aware of.
1. "/etc/passwd"
2. "/etc/shadow"
Each of the above mentioned files have specific formats.
1. /etc/passwd
The above fields are
 root =name
 x= link to password file i.e. /etc/shadow
 0 or 1= UID (user id)
 0 or 1=GID (group id)
 root or bin = comment (brief information about the user)
 /root or /bin = home directory of the user
 /bin/bash or /sbin/nologin = shell

2. /etc/shadow
root:$1fdsfsgsdfsdkffefje:14757:0:99999:7:::
The fields are as follows,
1. root = User name
2. :$1fdsfsgsdfsdkffefje = Encrypted password
3. 14757 = Days since that password was last changed.
4. 0 = Days after which password must be changed.
5. 99999 = Days before password is to expire that user is warned.
6. 7 = Days after the password is expires that the user is disabled.
7. A reserved field.

LAB WORK:-

Creating a user

The syntax for creating a user in Linux is

# useradd <option> <username>

options are

-u user id

-G Secondary group id

-g primary group id

-d home directory

-c comment

-s shell

In how many ways can we create the users?
(i) # useradd - <options><user name>
(ii) # adduser - <options><user name>
(iii) # newusers <file name> (In this file we have to enter the user details same as /etc/passwd file)

What is the syntax ofuseradd command with full options?
# useradd -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s
<shell><user name>
Example : # useradd -u 600 -g 600 -G java -c "oracle user" -d /home/raju -s /bin/bash raju

What is the syntax of adduser command with full options?
# adduser -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s
<shell><user name>
Example : # adduser -u 700 -g 700 -G linux -c "oracle user" -d /home/ram -s /bin/bash ram

What is the syntax of newuser command?

# newusers <file name> (This command will create multiple users at a time)
* First we should a file and enter user's data as fields same as the fields of /etc/passwd file for how
many users do you want to create and mention that file as an argument for newusers command.
* When we execute this command new users will be created but their environmental files like
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory.
So, we have to copied manually from /etc/skell directory.

What is the syntax of userdel command with full options?

# userdel <options><user name>
* The options are,
-f -----> forcefully delete the user even through the user is login. The user's home directory, mail and
message directories are also deleted.
-r -----> recursively means files in the user's home directory will be deleted and his home directory also
deleted but the other files belongs to that user should be deleted manually. 

How to check whether user is already created or not?

We can check in different ways.
(i) # id <user name>
(It shows the user id group id and user name if that is already created)
(ii) # grep <user name> /etc/passwd

What is syntax of the usermod command with full options?

# usermod <options><user name>
* The options are, -L -----> lock the password
-U -----> unlock the password
-o ----->creates duplicate user modify the user's id same as other user
-u ----->modify user id
-g -----> modify group id
-G -----> modify or add the secondary group
-c -----> modify comment
-d -----> modify home directory
-s -----> modify user's login shell
-l -----> modify user's login name
-md ----> modify the users home directory and the old home directory

How to create the duplicate root user?

# useradd -o -u 0 -g root <user name> 

What are the uses of .bash_logout, .bash_profile and .bashrc files?

.bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It
consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for that user's only.

What is a group?

The collection of users is called a group. There are two types of groups.
Primary group : It will be created automatically whenever the user is created. User belongs to on group is called as
primary group.
Secondary group : It will not create automatically. The admin user should be 
 created manually and users belongs to more than one group is called secondary group. A user can be assigned to max. 16 groups. ie.1 primary group and 15 secondary groups.
 

What is the command to check the user belongs to how many groups?

# groups <user name>

 What is the syntax to create the group?

# groupadd <options><group name>
The options are, -f -----> add the group forcefully
-g -----> group id no.
-o ----->non-unique (duplicate group id)

What is the syntax to modify the group?

# groupmod <options><group name>
The options are,
-g ------> group id
-n ------> new name for existing one, ie., rename the group
-o ------> non-unique (duplicate group id)
-p ------> group passwd
-R ------>root group

What is syntax to delete the group?

# groupdel <group name>
(to delete the group without options)
# groupdel -R <group name>
(to delete the group and apply changes to the root directory)

 How to assign the password to the group?

# gpasswd <group name>
(to assign a password to the group without any options)
# gpasswd <options><group name>
The options are,
-a ------>add users to the group
-d ------> delete the user from the group
-r ------> remove the group password
-R ------> restrict to access that group
-A ------> set the list of Administrative users
-M ------> set the list of group members

 How to check the integrity or consistency of the group?

# grpck (it will check the integrity or consistency in /etc/gpasswd and /etc/gshadow files)

How to restore /etc/gshadow file if deleted by mistake?

# grpconv(it creates the /etc/gshadow file from /etc/group file)

How to change the password aging policies?

we can change the password policies in 2 ways.
(i) First open the /etc/login.defs file and modify the current values.
Example : # vim /etc/login.defs
min - 0 -----> means the user can change the password to any no. of times.
min - 2 -----> means the user can change the password within 2 days. ie., he can change the
password after 2 days.
max - 5 -----> means the user should change the password before or after 5 days. Otherwise the
password will be expired after 5 days.
inactive - 2 -----> means after password expiry date the grace period another 2 days will be given to
change the password.
warning - 7 -----> means a warning will be given to the user about the password expiry 7 days before
expiry date.
(ii) second by executing the # chage command.
Example : # chage <options><user name>
The options are, -d -----> last day
-E -----> expiry date
-I -----> inactive days
-l -----> list all the policies
-m -----> min. days
-M -----> max. days
-w -----> warning days
Note : Whenever we change the password aging policy using # chage command, the information is
will be modified in /etc/shadow file.


No comments:

Post a Comment

Powered by Blogger.

Labels

Contact Form

Name

Email *

Message *

Search This Blog

Blog Archive

Ad Code

Responsive Advertisement

Recent Posts