107.1. Manage user and group accounts and related system files
Weight: 5
Description: Candidates should be able to add, remove, suspend and change user accounts.
Key Knowledge Areas:
- Add, modify and remove users and groups
- Manage user/group info in password/group databases
- Create and manage special purpose and limited accounts
Terms and Utilities:
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/skel/
- chage
- getent
- groupadd
- groupdel
- groupmod
- passwd
- useradd
- userdel
- usermod
The passwd command changes passwords for user accounts. A normal user can only change the password for their own account, but the superuser can change the password for any account.
[email protected]:~$ passwd
Changing password for user1.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
- 1.Before a normal user can change their own password, they must first enter their current password for verification. (The superuser can bypass this step when changing another user's password.)
- 2.After the current password has been verified, passwd checks to see if the user is allowed to change their password at this time or not. Then user is then prompted twice.
- 3.Next, the password is tested for complexity.passwords should consist of at least 6 characters.
The root user can change any users password to anything (weak passwords) without providing their current password:
[email protected]:~# passwd user1
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Groups can also have passwords, which you set with thegpasswd
command, but it is not used at all!
We have learned that Linux is a multiuser system.Recall that we can log in as one user and become another user by using the su or sudo commands.
Linux also has the concept of groups .
- each user belongs to one primary group and possibly to additional groups.
- Each file belongs to one user and one group
We learn how to create, delete, and manage users and groups.
We add a user to a Linux system with the
useradd
command. useradd <options> <username_or_login>
switch | description |
-d | home directory of the new account |
-m | create the user's home directory |
-s | login shell of the new account |
-G | add to Additional Groups |
-c | comment, most of the time user's actual name |
In most distributions useradd creates home directory for the new user but we can make sure using -m switch. example(ubunru 16):
[email protected]:~# useradd -m -d /home/user3 -c "Dear user3" -s /bin/bash user3
When you create a new user and a new home directory is created, the directory is populated with several files and subdirectories that, by default, are copied from /etc/skel.
[email protected]:~# ls -a /etc/skel/
. .. .bash_logout .bashrc examples.desktop .profile
We can use the
usermod
command to modify a user account. we can use most of the options that you use with useradd
, except that you cannot create or populate a new home directory for the user.usermod <options> <username_or_login>
switch | description |
-L | lock the user account |
-U | unlock the user account |
-g | force use GROUP as new primary group |
-G | new list of Additional GROUPS ( user will be removed from all previous Additional groups ) |
-aG | append the user to the Additional GROUPS(without removing him/her from other groups) |
[email protected]:~# id user3
uid=1003(user3) gid=1003(user3) groups=1003(user3)
[email protected]:~# usermod -g user1 user3
[email protected]:~# id user3
uid=1003(user3) gid=1001(user1) groups=1001(user1),1003(user3)