Adding | Modifying | Deleting Users

We all know that Linux is a multi-user operating system, where multiple people can log in at once.  Each user has a unique ID known as UID or User ID. All of this information is stored in the etc (pronounced: “et-see”) file.

Here is what it looks like at glance: username:password:UID:GID:comments:home_dir:shell
Here is another example :root:x:0:0:root:/root:/bin/bash
In this case, the password is listed as “x” which means it is stored in etc, in the shadow file. Meaning, it’s encrypted. Meaning that you cannot read it in plain text.

The UID is 0 and the GID is 0.  UID  is unique numbers and accounts meant to be used by the system are usually lower than 1000.  Root, for example, is always listed as UID Zero. The UIDs can be configured in /etc/login.defs.

The comment is “Root”. This field usually contains the user’s full name, it also contains what the account is used for. Finally, it could contain additional useful information. Information like phone numbers and such.

The home directory is “/root”. The home directory of a user is where they will be placed after login in. For example, let’s say that Bob’s home directory is /home/bob. After entering his password, bob will appear in the /home/bob and can go from there. If a home directory isn’t defined. Then the user will be placed in root or “/”.

Finally, the shell is /bin/bash. Shell will be executed when a user logs in. you can view a list of available shells in /etc/shells. Whatever is listed in the shell directory will be executed..even if it isn’t a shell.

Passwords are stored in /etc/password which can be read by everyone. Of course, that is a serious issue. Now, all encrypted passwords are stored in /etc/shadow and that can only be read by root.  This prevents users that are trying to crack passwords.
Understanding a shadow file is a bit more complex but here is an easy breakdown for it.

USERNAME:PASSWORD:LASTPASSWORDCHANGE:MINIMUM:MAXIMUM:WARN:INACTIVE:EXPIRE::

Username: It is your login name.

Password: It is your encrypted password. The password should be minimum 6-8 characters long including special characters/digits and more.

Last password change (last changed): Days since Jan 1, 1970, that password was last changed.

Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password). If this field contains 99999 then the password will never have to change.

Warn: The number of days before password is to expire that user is warned that his/her password must be changed.
Inactive: The number of days after password expires that account is disabled.

Expire: days since Jan 1, 1970, that account is disabled…an  absolute date specifying when the login may no longer be used. The final 9th field is used for future use.


Let’s jump into creating a user.

#useradd
The Options:
-c = “Comment goes here”
-m = create a home directory
-s = /shell/path  which is usually /bin/bash or whatever you want it to be
-g = group
-G = additional group.

Here is an example of what the output will look like.
#useradd -c “JBOD” -m -s /bin/bash -g support -G engineers JBOD

Keep in mind that accounts/users don’t have to be just for us humans. They can also be used for applications like Apache


#usermod is used to modify users. For more information check out the man page or –help.

When modifying the user or users your output will look very similar to “useradd”.
#usermod

The Options:
-c = “Comment goes here”
-m = create a home directory
-s = /shell/path  which is usually /bin/bash or whatever you want it to be
-g = group
-G = additional group


Deleting users are by far the easiest one of these. simply type out “#userdel -r “. Poof, user JBOD is gone but the groups will still remain. The command will look like this.
#userdel -r JBOD

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s