User and Group Management
Any User can be assigned to any physical user or accounts that
exists for specific application to use. Each user is assigned
with a unique numerical identification number called UID.
User ID (UID) 0-999 reserved for system purpose and we can
create other user with 1000+.
Groups are logical expression of organization where multiple
users can be assigned to it. It is defined via unique ID called
GID.
Users are of two types system user and normal user. System users
are those which is automatically created when OS install while
normal user we creates.
Root is super user which has access of doing anything and
everything on server.
When a user is created, it makes entry of details in
/etc/passwd, /etc/shadows and a home directory is created also.
/etc/passwd file: Username:x:UID:GID:Comment:Home Directory:
Default Shell
Command line utilities for User and Group management:
id: Display user and group id’s.
useradd, usermod, uderdel: Addition, modification and deletion of users.
groupadd, groupmod, groupdel: Addition, modification and deletion of groups.
chage: change user password expiry information.
sudo: run commands with super user permissions.
# useradd testuser (It will add a normal user)
# passwd testuser (It will set password for that user. Same command can be used to change password as well)
# useradd –d /opt/testuser1 testuser1 (It will create user with mentioned home directory)
# useradd –M testuser2 (It will create user without home directory)
# useradd –u 1005 testuser3 (It will create user with uid 1005)
# useradd –g unix testuser4 (It will create with different GID)
# useradd –G windows, admin, unix testuser5 (It will create user with multiple groups)
# useradd –e 2022-06-31 testuser6 (It will create user with expiry date)
# chage –l testuser6 (You can verify details using this command)
# useradd –f 30 testuser7 (User’s password will expire after 30 days)
# useradd –c “Test user” testuser8 (It will add comment to user)
# useradd –s /bin/sh testuser9 (It will add mentioned shell to user)
# userdel testuser9 (It will delete your account)
# userdel –r testuser8 (It will delete user with its home directory as well)
# userdel –f testuser7 (It will delete user forcefully)
# usermod –c “Updated comment” testuser1 (It will update comment to user)
# usermod –G unix testuser2 (It will add user to unix group)
# usermod –a –G unix testuser1 (It will add testuser1 to supplementary and primary group as well)
# usermod –g windows testuser1 (It will change primary group to wheel)
# usermod –d /opt/testuser1 testuser1 (It will change home directory of user)
# usermod –s /sbin/nologin testuser1 (It will change user’s default shell)
# usermod –e 2022-10-01 testuser1 (It will change account expiry of testuser1)
# usermod –l testuser2 testuser10 (It will change login name)
# usermod –L testuser10 (It will lock your account, You can check ! Sign in /etc/shadow file as well before encrypted password)
# usermod –U testuser10 (It will unlock your account)
# usermod –u 1010 testuser10 (It will change UID of user)
# groupadd testgroup (It will create a group named testgroup)
# groupadd –g 3000 testgroup1 (It will create a group with mentioned gid)
# groupmod –n testgroup1 testgroup2 (It will change group from 1 to 2)
# groupmod –g 4000 testgroup1 (It will change gid to 4000 for testgroup1)
# groupdel testgroup2 (It will delete group)
# chage –l testuser1 (It will give you account aging information)
# chage –M 45 testuser1 (It will expire user password after 45 days)
# chage –W 15 testuser1 (It will prompt for warning of password expiration before 15 days)
# chage –d YYYY-MM-DD testuser1 (It will change last password change date)
# chage –E YYYY-MM-DD testuser1 (It will set account expiry date)
# chage –m num_days testuser1 (It will set minimum days in password change)
# chage –M -1 testuser1 (It will set password to never expire)
# chage –E -1 testuser1 (It will set account expire to never)
# chage –d 0 testuser1 (it will force to change his password at first login)
# chage –I 7 testuser1 (It will force user to be locked in 7 days of no activity)