The Saigon CTT Managing Users The Saigon CTT  Objectives Objectives  Define the requirements for user accounts  Explain group and group accounts  Construct configuration files (group, passwd, shadow)  Demonstrate adding users  Describe modifying user details  Explain user passwords  Demonstrate deleting users The Saigon CTT  New User Requirements New User Requirements  When adding a new user, you need be familiar with files : passwd, shadow, group, gshadow under /etc directory  /etc/passwd contains information of all users : Login name, User ID, Group ID, Descriptive name, Home directory, Login shell  /etc/shadow stores parameters to control account access: user’s password hash and password aging information  /etc/group contains information about user’s groups  /etc/gshadow stores group’s password hash,…(rarely used) The Saigon CTT  Preparing Groups Preparing Groups  Carefully constructed groups are very useful to users who are all working in the same department or project  Groups not only allow for a second level of access control but also allow the members in group to share files in secured environment  Each line in /etc/group file correspond to a group  Commands to modify groups: groupadd, groupmod, groupdel The Saigon CTT  The /etc/passwd The /etc/passwd  Each line in this file correspond to a user, has the following form : name:password:UID:GID:comment:home directory:shell # more /etc/passwd root:x:0:0:Super User:/root:/bin/bash henry:x:101:101:Thiery Henry:/home/henry:/bin/ksh . The Saigon CTT  Allocating User IDs Allocating User IDs  All Linux system come with several administrator users pre-configured, are intended to perform certain administrative work. They are typically assigned UID less than 100: root, bin, daemon, sys, adm, lp, …  System with administration tools allocate UIDs automatically, greater than 100 in general The Saigon CTT  Adding Users Adding Users  The useradd utility is recommended for administering users. It creates the required record in /etc/passwd and /etc/shadow  A list of options can be used with useradd to override defaults: -u UID Specify new user ID (default: next available number) -g GID Specify default (primary) group ( default other group ) -c comment Description of user ( default: blank ) -d directory Define home directory ( default /home/username ) -m Make home directory -k skel_dir Skeleton directory ( default /etc/skel ) -s shell Specify login shell ( default /bin/bash ) The Saigon CTT  Changing User Attributes Changing User Attributes  If you edit files manually, you risk corrupting file, resulting with users not being able to log in at all. Instead, use usermod utility # usermod –g users –c “Henry Blake” henry # usermod –u 321 –s /bin/ksh majorh # usermod –f 10 henry # usermod –e 2004-12-20 majorh The Saigon CTT  Changing Group Membership Changing Group Membership  Each user belongs to a group (primary) that can be changed by usermod –g  User can also belongs to secondary groups, controlled by usermod –G # grep blofeldt /etc/passwd blofeldt:x:416:400::/home/blofeldt:/bin/bash # groups blofeldt blofeldt: : mash # groupadd –g 600 fleming # usermod –G fleming blofeldt # grep blofeldt /etc/group fleming:x:600: blofeldt The Saigon CTT  Removing Users Removing Users  When a user leaves, there are two main concerns:  Protect the system from unauthorized access via his/her account  Protect and manage his/her files, directories left on the system  The userdel command takes care of removing a user account. userdel can remove user’s home directory but does not user’s mail, crontab table, atd queues, … [...]...  Define the requirements for user accounts  Explain group and group accounts  Construct configuration files (group, passwd, shadow)  Demonstrate adding users  Describe modifying user details  Explain user passwords  Demonstrate deleting users ...The Saigon CTT  Removing Users - userdel  Command format: userdel [option] -r This option will remove home directory  To safely remove a user from a The Saigon CTT system: 1 Lock the account password until you are . 100 in general The Saigon CTT  Adding Users Adding Users  The useradd utility is recommended for administering users. It creates the required record in. passwd, shadow)  Demonstrate adding users  Describe modifying user details  Explain user passwords  Demonstrate deleting users The Saigon CTT  New User