Command line utilities for managing users and groups
| UTILITIES | DESCRIPTION |
|---|
| Users | useradd | Standard utilities for adding user accounts |
| usermod | Standard utilities for modifying user accounts |
| userdel | Standard utilities for deleting user accounts |
| passwd |
Standard utility for administering the /etc/shadow configuration file. |
| pwck |
A command to verify the /etc/passwd and /etc/shadow files. |
| chage |
A command to modify password aging policies and account expiration. |
| Groups | groupadd |
Standard utilities for adding groups |
| groupmod |
Standard utilities for modifying groups |
| groupdel |
Standard utilities for deleting groups |
| gpasswd | Standard utility for administering the /etc/group configuration file. |
| grpck | Utilities that can be used for verification of the password, group, and associated shadow files.
grpck verifies all entries in the group file. This verifica-
tion includes a check of the number of fields, group name,
group ID, whether any login names belong to more than
NGROUPS_MAX groups, and that all login names appear in the
password file. The default group file is /etc/group. |
| pwconv | Utilities that can be used for the conversion of standard passwords to shadow passwords. |
| pwunconv | Utilities that can be used for the conversion of shadow passwords to standard passwords. |
Adding a New User
useradd [options] username
| Options |
Description |
|---|
| -c 'comment' |
comment can be replaced with any string. This option is generally used to specify the full name of a user. |
| -d home_directory |
Home directory to be used instead of default /home/username/. |
| -e date |
Date for the account to be disabled in the format YYYY-MM-DD. |
| -f days |
Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires. |
| -g group_name |
Group name or group number for the user's default group. The group must exist prior to being specified here. |
| -G group_list |
List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here. |
| -m |
Create the home directory if it does not exist. |
| -M |
Do not create the home directory. |
| -N |
Do not create a user private group for the user. |
| -p password |
The password encrypted with crypt. |
| -r |
Create a system account with a UID less than 500 and without a home directory. |
| -s |
User's login shell, which defaults to /bin/bash. |
| -u uid |
User ID for the user, which must be unique and greater than 499. |
Adding a New Group
groupadd [options] group_name
| Options |
Description |
|---|
| -f, --force |
When used with -g gid and gid already exists, groupadd will choose another unique gid for the group. |
| -g gid |
Group ID for the group, which must be unique and greater than 499. |
| -K, --key key=value |
Override /etc/login.defs defaults. |
| -o, --non-unique |
Allow to create groups with duplicate. |
| -p, --password password |
Use this encrypted password for the new group. |
| -r |
Create a system group with a GID less than 500. |
Related Configuration Files
| Configuration File |
Description |
|---|
| group |
The file containing group information for the system. |
| gshadow |
The file containing passwords of group. |
| passwd |
The file containing user information for the system. |
| shadow |
The file containing passwords and account expiration information for the system. |
- group file is in /etc directory (/etc/group)
mygroup:x:701:
- group name is "mygroup"
- An "x" appears in the password field indicating that the system is using shadow group passwords.
- The GID (Group Identifier) matches the one listed for user in /etc/passwd (Values between 0 and 499 are typically reserved for system accounts.)
- gshadow file is in /etc directory (/etc/gshadow)
mygroup:!::
- group name is "mygroup"
- An exclamation mark (!) appears in the password field of the /etc/gshadow file, which locks the group.
- All other fields are blank.
- passwd is in /etc directory (/etc/passwd)
myuser:x:1001:701:System Administrator:/home/myuser:/bin/bash
- user name is "myuser"
- There is an x for the password field indicating that the system is using shadow passwords.
- UID (Use Identifier) is "myuser" (The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts.)
- GID is 701
- The comment is "System Administrator"
- The home directory for myuser is set to /home/myuser/.
- The default shell is set to /bin/bash.
- shadow is in /etc directory (/etc/shadow)
myuser:!!:15770:0:99999:7:::
- user name is "myuser"
- Two exclamation marks (!!) appear in the password field of the /etc/shadow file, which locks the account. (if use passwd to create/chagne password of myuser will be shown as follow:
myuser:$1$jIYsXaz3$zkRU0XazJ72rrbQLFFutF.:15770:0:99999:7:::
- The password is set to never expire.
Example
- Adding user account, name is "myuser", in "mygrp" group and create password by passwd
[root@myserver etc]#
[root@myserver etc]# groupadd -g 700 mygrp
[root@myserver etc]# useradd -u 1100 -g mygrp -c 'System Administrator' -s /bin/bash -m -d /home/myuser myuser
[root@myserver etc]# passwd myuser
Changing password for user myuser.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@myserver etc]#
No comments:
Post a Comment