Lecture 6 Users Administration
-
Upload
muhammad-nawaz-rehan -
Category
Documents
-
view
218 -
download
0
Transcript of Lecture 6 Users Administration
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 1/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
Linux Based NetworksPunjab University College of Information Technology
Instructor: Zahid Shafique
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 2/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
User Administration
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 3/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
User Accounts
Because Linux is a multi-user system, the task of adding and maintaining user accounts is common in Linux system administration.
Upon a successful installation of a Linux distribution, twouser accounts are configured: the root user and a normaluser.
These two user accounts represent the two basic types of users that are configurable with Linux.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 4/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
The first type
The first type, the root user , is unique for several
reasons.It is the only user account with system wide privileges.
Other accounts can be set up as an exact clone of theroot
user account, but it is strongly discouraged.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 5/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
System AccountsIn your Linux distribution, you will see a number of
accounts set up, like bin, daemon, adm, Ip, sync,shutdown, mail, operator, and others.
They are called "system accounts" and are used forvarying
purposes, some self-explanatory, some not.
These accounts do not have passwords because theyare not
designed for login.
These special-purpose accounts are also called non-login
accounts.
Do not delete them or some programs will not run.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 6/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
Default Users
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 7/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
Default Groups
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 8/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
Privileges of a root user
System administration tasks are performed from the root or super user account.
The following list summarizes some of the duties andprivileges of a system administrator:
Has complete access to all files and directories regardless of owner and permissions
Controls user account administrationPerforms system maintenance Halts the system when necessarySets up initial user passwords
Changes passwords when necessary. Installs software on the system
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 9/57
Linux Based Networks
User Administration Class Meeting # Slide
Zahid Shafique, Instructor
The Second Type
A normal user account, is the type of account that is set
up for each individual user.
This type of account differs only in respect to accessprivileges and home directories.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 10/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Important
It is good system practice to have a separate account foreach individual user. Avoid accounts that are shared, if possible.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 11/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Adding New Users• Required steps:
– Edit the /etc/passwd file to define the user's account.– Set an initial password.– Create the user's home directory.
• Extra steps (optional):– Copy default startup files to the user's home directory.– Add the user to the /etc/group file.– Set the user's mail home and establish mail aliases.
– Enter the user in the site-wide user database (NIS).– Configure disk quotas.– Verify that the account is set up correctly.– Record accounting information.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 12/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
User Accounts Utilities
Managing users and groups has traditionally beentedious,
Red Hat Linux has a few tools and conventions that makeusers and groups easier to manage.
You can use useradd to create a new user from theshell
prompt
The easiest way to manage users and groups isthrough
$ redhat-config-users$ redhat-config-users
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 13/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Account Setup
Adding and deleting users is simple, but understandingthe files involved with user account management is abit more complex.
The key to managing user accounts is to understand theunderlying configuration files.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 14/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Key Configuration File
The key file used in user account setup and configurationis the /etc/passwd file.
This file is a simple ASCII text file.
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 15/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
/etc/passwd File
Upon a successful installation, the contents of the/etc/passwd file resemble the following:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
apache:x:48:48:Apache:/var/www:/bin/false
named:x:25:25:Named:/var/named:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
rpc:x:32:32:Portmapper RPC user:/:/bin/false
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mailnull:x:47:47::/var/spool/mqueue:/dev/null
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/bin/false
pvm:x:24:24::/usr/share/pvm3:/bin/bashsquid:x:23:23::/var/spool/squid:/dev/null
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 16/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The /etc/passwd file
root:*:0:3:The Big Guy,143 MSB:/:/bin/sh
daemon:*:1:5::/:/bin/sh
farrell:*:100:15:Paul Farrell:/users/research/farrell/:/bin/csh
stacke:*:101:15:Olaf P. Stackelberg:/users/fac/stack:/bin/csh
pwang:*:102:15:Paul S. Wang:/users/research/wang:/usr/local/bin/tcsh
abaqus57:x:53:13:License Manager:/var/log/abaqus57:/usr/bin/csh
matlab:x:54:13:Matlab License Manager:/usr/local/matlab5:/usr/bin/csh
catadm:x:55:13::/usr/local/abaqus:/bin/csh
…
root:*:0:3: The Big Guy,143 MSB:/:/bin/sh
daemon:*:1:5::/:/bin/sh
farrell:*:100:15:Paul Farrell:/users/research/farrell/:/bin/csh
stacke:*:101:15:Olaf P. Stackelberg:/users/fac/stack:/bin/csh
pwang:*:102:15:Paul S. Wang:/users/research/wang:/usr/local/bin/tcsh
abaqus57:x:53:13:License Manager:/var/log/abaqus57:/usr/bin/csh
matlab:x:54:13:Matlab License Manager:/usr/local/matlab5:/usr/bin/csh
catadm:x:55:13::/usr/local/abaqus:/bin/csh
…
login_name:password:user_id:group_id:user
info:home:shell
/etc/passwd
� Each entry in /etc/passwd must be on one line.� Each field within each user's entry is separated from the next by a colon.
Note
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 17/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The /etc/passwd file contents
• Login name– case sensitive and unique for users.– no more than 8 chars long, may include numbers,
except in position 1. (for some old system only)– /etc/aliases can be used to set the alias of user
name for most mail system like sendmail.– Pseudo-Logins execute the correspondingcommands as their shells. Eg daemon, bin.
• Encrypted password– Look like Xv8Q981g71oKK requ, encrypted by MD5 or
DES algorithms.– If null, no password is required, ie Press Enter directly!
– change user's password with passwd.– /etc/passwd is world readable -> no security.
(refer to the /etc/shadow section)
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 18/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The /etc/passwd file contents• User ID
– uid is the ID for the user, which must be unique.– UID 0 is reserved for root, and traditionally the lower numberare kept for systems programs.
– It is recommended that human users start at 500.– uid is a value between 0 and 65536.– It is a good idea to avoid reusing UIDs, since this avoids
confusion when backups are restored.• Group ID
– gid is the ID of the group that the user belongs to.– gid is generally a value between 0 an 65536. GID 0 is reserved
for root and 1 is usually reserved for daemon.
– Groups' info are defined in /etc/groups.• User Info (GECOS field)
– No particular format, can be Full name, Address, Contactnumber, etc.
– The finger command expects one to have comma. delimited– Can be modified by the chfn command.
Li B d N t k
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 19/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The /etc/passwd file contents• Home directory
– Users are placed in their home directory when they log in. Eg./home/staff/zahid.
– Home directories are usually named with the user's login name,and should be read, write and executable by the user.
– If it is missing or invalid, a message such as "no home directory"
will be printed or login disabled or login to the root directory.
# mkdir /home/staff/zahid# chown zahid /home/staff/zahid# chgrp zahid /home/staff/zahid# chmod 700 /home/staff/zahid
# mkdir /home/staff/zahid# chown zahid /home/staff/zahid# chgrp zahid /home/staff/zahid# chmod 700 /home/staff/zahid
Shell Specify a standard shell (sh, csh, bash, ksh, etc.), but can be
a restricted shell, or a program. Can be changed by chsh commands. If the shell field is null, Bourne Shell is used.
Li B d N t k
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 20/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Important Users• daemon: Owner of Unprivileged Software
– Usually has uid 1.– Controls the files that belong to UNIX system.
• bin: Owner of System Commands– Owns directories that contain the system's
command and most of the executable files.• sys (kmem): Owner of the Kernel and Memory Images– Owns special files such as /dev/kmem (kernel's
address space), /dev/mem (the physical memory of
system), and /dev/swap (image of the system'sswap space).
• nobody: Owner of Nothing– The owner of software that doesn't need or
shouldn't have special permissions, eg fingerd.
Li B d N t k
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 21/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The /etc/group fileroot:X:0:root
daemon:X:1:
bin:X:2:root,bin,daemon
sys:X:3:root,bin,sys,adm
adm:X:4:root,adm,daemon
…
root:X:0:root
daemon:X:1:
bin:X:2:root,bin,daemon
sys:X:3:root,bin,sys,adm
adm:X:4:root,adm,daemon
…
/etc/group
Each line has, 4 colon separated fields,
Group name password - never used
GID - group ID number list of members
In practice, users are in the group given in the password filwhether or not they are entered in that group in /etc/grou
Li B d N t k S f
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 22/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
The Startup Files• Startup files traditionally start with period (.) and end with rc
(run command). Eg .cshrc, .login, .profile, etc• It is useful to place system defaults setting in these files.• Depends on the shell used, common startup files are:
csh .login Sets the terminal type, environment variables..cshrc Sets command aliases, path, umask value, prompt..logout Execute when users logout.
sh /etc/profile System wide setup procedure at login..profile Similar to .login and .cshrc for csh.
ksh /etc/profile System wide setup procedure at login..profile User-specific setup for ksh at login..kshrc Addition command to the shell when a new ksh
started.
bash /etc/profile System wide setup procedure at login./etc/bashrc System wide setup when bash started..bash_profile User-specific setup for bash at login.bash_login read by bash if .bash_profile does not exist..bashrc read by bash only when a new bash started.
.bash_logout read by bash when the shell is exited.
csh .login Sets the terminal type, environment variables..cshrc Sets command aliases, path, umask value, prompt.
.logout Execute when users logout.
sh /etc/profile System wide setup procedure at login..profile Similar to .login and .cshrc for csh.
ksh /etc/profile System wide setup procedure at login. .profile User-specific setup for ksh at login..kshrc Addition command to the shell when a new ksh
started.
bash /etc/profile System wide setup procedure at login./etc/bashrc System wide setup when bash started. .bash_profile User-specific setup for bash at login.bash_login read by bash if .bash_profile does not exist..bashrc read by bash only when a new bash started..bash_logout read by bash when the shell is exited.
Li B d N t k Z hid Sh fi I t t
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 23/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
/etc/shadow File
bin:*:11458:0:99999:7:::
daemon:*:11458:0:99999:7:::adm:*:11458:0:99999:7:::lp:*:11458:0:99999:7:::sync:*:11458:0:99999:7:::
shutdown:*:11458:0:99999:7:::halt:*:11458:0:99999:7:::mail:*:11458:0:99999:7:::
The /etc/shadow password file looks similar to the
following:t:$1$d5.gDvSX$nyQhvBgUGbw0GcNTxAdKR1:11507:0:99999:7
Li B d N t k Z hid Sh fi I t t
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 24/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Secure Password Files
• Modern UNIX systems like Linux and Solaris, place thepasswords in a secure file (commonly called a shadowpassword file) or files elsewhere.
• The format and location differs between systems, as doesthe entry in the password section of the normal password
file.• The /etc/shadow file:
– Its access permissions are much more restricted, onlyview by the root.
– Provides also Password Aging, like password expiration.
Lin Based Net orks Z hid Sh fi I t t
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 25/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Much like the /etc/passwd file, the /etc/shadow fileconsists of single-line entries with colon-delimited fields.
root:$1$d5X$nyQBgUGbw0GcNTxAdKR1:11507:0:99999:7:::
ername:password:lastchg:min:max:warn:inactive:expire:fl
username The user's login name (UID).password An encrypted password for the user, a lock string to indicate that the
login is not accessible, or no string, which shows that there is nopassword for the login.
lastchg The number of days between 1/1/70 and the date that the password waslast modified.
min The minimum number of days required between password changes.max The maximum number of days the password is valid.warn The number of days before password expires that the user is warned.inactive The number of days after password expires until the a/c is permanently
disable. (-1 for disable the feature)expire A date, YYYY-MM-DD, specifying when the user will be disabled. (-1 for
disable)flag Reserved for future use.
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 26/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Adding Users
User accounts can be added by directly editing the /etc/passwd file or by using a utility such as useradd,available in all Linux distributions.
Default characteristics for each user account are definedby the settings in the /etc/login .defs file, as follows
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 27/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
/etc/login.defs#QMAIL_DIR MaildirMAIL_DIR /var/spool/mail#MAIL_FILE .mail# Password aging controls:# PASS_MAX_DAYS Maximum number of days a password may be used.# PASS_MIN_DAYS Minimum number of days allowed between password changes.# PASS_MIN_LEN Minimum acceptable password length.# PASS_WARN_AGE Number of days warning given before a password expires.#PASS_MAX_DAYS 99999PASS_MIN_DAYS 0PASS_MIN_LEN 5PASS_WARN_AGE 7#
# Min/max values for automatic uid selection in useradd#UID_MIN 500UID_MAX 60000## Min/max values for automatic gid selection in groupadd#GID_MIN 500GID_MAX 60000## If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by# the user to be removed (passed as the first argument).##USERDEL_CMD /usr/sbin/userdel_local
## If useradd should create home directories for users by default# On RH systems, we do. This option is ORed with the -m flag on# useradd command line.#
CREATE_HOME yes
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 28/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
When we create a new home directory
A new directory, /home/username, is created andpopulated with copies of the default files in the /etc/skel and /etc/skel.d directories (in that order).
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 29/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Managing Users with Command Line Tools
Creating a new user account To create a user from your command line you can runthe useradd command.
This will add a new entry in /etc/passwd and in/etc/shadow if you use shadow passwords using system
defaults.
#useraddnewuser
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 30/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Creating a new user account When I run the preceding command on my Red Hat
system,
/etc/passwd shows a new line such as the following:
newuser:!!:506:506::/home/newuser:/bin/bash
If you remember the /etc/passwd fields from earlierdiscussion, You will see that the password field (thesecond field) is set to !!.
This means that this password is not set and the usercannot log in just yet.
So you will need to create a password for this user byrunning the passwd command as follows: #passwd newuser
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 31/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Default Settings
The UID and the GID values will be automaticallyselected by useradd.
The home directory is created in the default top-level home
directory
The login shell is also selected from a system default.
You will learn to set these defaults in a later section.
Linux Based Networks Zahid Shafique Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 32/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Overriding System Default
If you would like to override a system default, you canspecify a command line option
To override the default home directory, use the -d newdirectory option
#useradd newuser -d/www/newuser
Note: useradd will create only the final directory and not the entire path.
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 33/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Private Group
The useradd that comes with Red Hal Linux creates a
private group for the user with the same name as theusername.
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 34/57
Linux Based Networks
User Administration Class Meeting # Slide :
Zahid Shafique, Instructor
Overriding System Default
You can override the idea of private group by using the -ggroup option For example:
This will make useradd create the new user (mjkabir) withthe default group set to the users.
#useradd mjkabir -g
users
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 35/57
Linux Based Networks
User Administration Class Meeting # Slide :
q ,
Assigning user an additional group
You can use the -G comma-separated list of groups option.For example:
Here the new user (mjkabir) will be added
to the wheel and admins groups in the/etc/group file.
#useradd mjkabir -G
wheel,admins
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 36/57
Linux Based Networks
User Administration Class Meeting # Slide :
q ,
To Find Out which groups user belong to
You can use the
command to find out which user belongs to what group.
#groupsusername
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 37/57
Linux Based Networks
User Administration Class Meeting # Slide :
q ,
Creating a new group
To create a new group, use the groupadd command. Forexample:
#groupadd mygroup
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 38/57
Linux Based Networks
User Administration Class Meeting # Slide :
q
To change or set a user's password, use the passwdcommand.For example:
Note: When an ordinary user runs the passwd program,no username argument is required, because it will allowher to change only her own password.
#passwdzahid
CHANGING A PASSWORD
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 39/57
Linux Based Networks
User Administration Class Meeting # Slide :
CHANGING THE SHELL
If the default shell is not appropriate for a user, you maychange it to any shell you list in /etc/shells. Use the chshcommand to change a user's shell.For example:
Note that a user can change her own shell using thiscommand as well.
You can also use the usermod command to modify theshell information as follows:
#chshzahid
#usermod -s new shell pathusername
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 40/57
Linux Based Networks
User Administration Class Meeting # Slide :
CHANGING THE HOME DIRECTORY
To change the home directory of an existing user, run theusermod command as follows:
For example, you can run the command as follows:
However, if you would like to move the home directorycontents to the new location, use the -m option as follows:
#usermod -d new home directory username
#usermod -d /home2/zahid zahid
#usermod -d /home2/zahid -m zahid
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 41/57
Linux Based Networks
User Administration Class Meeting # Slide :
CHANGING A DEFAULT GROUP
To change the default group for a user, usethe usermod command as follows:
For example:
#usermod -g group name or GID
username
#usermod -g 777zahid
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 42/57
Linux Based Networks
User Administration Class Meeting # Slide :
CHANGING ACCOUNT EXPIRATION DATE
If you are using shadow passwords, you can changethe expiration date of a user account using theusermod command as follows:
For example:
This command will reset the account expiration date for user zahid to 12/31/2002.
#usermod -e MM /DD/YY username
#usermod -e 12/31/2002 zahid
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 43/57
Linux Based Networks
User Administration Class Meeting # Slide :
CHANGING FINGER INFORMATION
You can also change the finger information, such as the full name and
phone numbers.
Run the chfn command to change a user's finger information.
For example:
#chfn zahid
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 44/57
User Administration Class Meeting # Slide :
Modifying an existing group
To modify an existing group name or GID, usethe groupmod command. To rename a groupto a new name, use the following syntax:
For example:
Here the existing novices group is renamed toexperts.
#groupmod -n new group current group
#groupmod -n experts novices
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 45/57
User Administration Class Meeting # Slide :
Deleting a user account
To delete an existing user use the userdel command. For example:
This deletes a user called snake.
If you would like to remove the user's home directory and all the
contents within the directory, use the -r option.
# userdel snake
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 46/57
User Administration Class Meeting # Slide :
Caution!!
userdel will not delete the user if the user is currently logged in.
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 47/57
User Administration Class Meeting # Slide :
Disabling a user accountIf you would like to temporarily disable a user account,
you can do one of the following:Use the usermod -s new shell username' commandto change the shell to /bin/false (make sure it is inyour / etc/shells). This will disallow the user fromlogging into the system
If you are using the shadow passwords, you can usethe
usermod -e MM/DD/YY username command to cause
the user account to expire.
If you would like to disable all user account accessfor a
temporary reason, you can create a file called/etc/nolo in with a messa e ex lainin wh ou arc
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 48/57
User Administration Class Meeting # Slide :
Creating default user settings
The default settings for creating new users using useradd
come from /etc/default/useradd.
An example /etc/default/useradd file
GROUP=100HOME= /homeINACTIVE= -1EXPIRE=SHELL= /bin/bashSKEL= /etc/skel
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 49/57
User Administration Class Meeting # Slide :
GROUP=100
The GROUP=100 line specifics that the default group ID is100. This value is used only when you disable (using the-n option) the default private group (that is the group withthe same name as the new user). You can specify a groupname instead of the numeric value as well. The value youspecify in this line must exist In /etc/group.
Yon can change this value as follows:
#useradd -D -g news group name or GID
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 50/57
User Administration Class Meeting # Slide :
HOME=/home
The HOME=/home line specifies the default top-level
home directory for new users.
You can change this value as follows:
#useradd -D -bdirectory
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 51/57
User Administration Class Meeting # Slide :
INACTIVE=-1
The INACTIVE=-1 line specifies when (in days) theaccount willbecome inactive after the password expires.
This is useful only if you are using shadow passwords.
The default value of -l states that accounts are neverinactive. You can change this value as follows:
#useradd -D -f number of days
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 52/57
User Administration Class Meeting # Slide :
EXPIRE=
The EXPIRE= line specifics when a account should hedisabled.
This is useful only if you are using shadow passwords.
By default, accounts never become disabled.
You can change this value as follows:
#useradd D -eMM /DD/YY
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 53/57
User Administration Class Meeting # Slide :
SHELL=/bin/bash
The SHELL=/bin/bash line specifies the default login shellpath. You can change this value as follows:
#useradd D -s/bin/tcsh
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 54/57
User Administration Class Meeting # Slide :
SKEL=/etc/skel
The files in this directory are copied to the new homedirectory of a new user account.
Normally, you do not want to change this path to someother directory.
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 55/57
User Administration Class Meeting # Slide :
Linux Based Networks Zahid Shafique, Instructor
8/6/2019 Lecture 6 Users Administration
http://slidepdf.com/reader/full/lecture-6-users-administration 56/57
User Administration Class Meeting # Slide :
Exercise:
Linux Based Networks Zahid Shafique, Instructor