User Management
Multiple users can access the system remotely at once, but need special permissions to access all the data
Accounts can have the following:
• username (or login ID)
• UID (user ID): a unique number
• Default group
• Comments
• Shell
• Home Directory location
/etc/passwd
format of the /etc/passwd:
username : password : UID : GID L comments : home_dir : shell
joe : x : 1000 : 1000 : Joe Henderson : /home/joe : /bin/bash
can see user accounts information
password placement
Verify user: cat /etc/passwd or id yellowtail
$ man passwd
/etc/shadow
Encrypted password used to be stored in /etc/passwd
/etc/passwd is readable by everyone
readable by root
prevents users trying to crack passwords
Root account- always UID 0
System accounts have UIDS < 1000 (1-999)
standard users start at 1000
Configured in /etc/login.defs
GID
listed in the /etc/passwd is the default group for an account
new files belong to a user's default group
users can switch groups by using newgrp / groupadd command.
Mostly use groupadd command
Comment Field
• typically contains the user's full name
• often contains what the account is used for
• may contain additional information like phone numbers
• also call the GECOS field
• user add -c ' text'
Shell
• list of available shells are in /etc/shells
• the shell doesn't have to be a shell
• to prevent interactive use of an account, use /usr/sbin/nologin or /bin/false as the shell
• shells can be command line applications
Useradd
Create Password-passwd
Command Structure:
• # passwd [ option ] username
• # passwd grant
Enter new Unix password
Retype new Unix password
Successfully
More options:
-g group ( Specify the default or primary group)
-G group1,group2 ( Used for additional groups or Secondary group)
- u (to specify the UID)
Deleting user
userdel
Command structure:
userdel [option] username
-r
Modifying user
usermod
Command structure:
usermod [option] username
System Accounts
System - application accounts
created for a program that provides a particular service
not created for users to log in
groups - shows the groups a user is in
chage {change age}
allows you to modify account settings relating to account expiration
change -M 90 username
change -m 7 username
su
is used to open a shell as another user
to open a login shell
Sudoers file is composed of two entries:
• Aliases (command aliases for example)
• User specifications (decides who can run what)
ctrl + c to get command stripe back
Su-
• used to open a shell as another user
• for switch user
• useful to open a root shell
• for root, it is useful to test functionality as a user
• password of the target user is required
• use su- to open a login shell/ this will give complete access to the environment of the target user
Sudo
• used to run tasks as another user
• prompts for the password of the current user
• users must be authorized to use "sudo"
• Authorization through /etc/sudoer and /etc/sudoers.d/*
• users who are member of the group wheel can use "sudo" to run administrators tasks
sudo-is a tool that allows an administrator to delegate authority, to give select users (or group) the ability to run some or all the commands as root or another user
used to run tasks as another user
prompts for the password of the current user
authorization through /etc/sudoers /etc/sudoers.d/*
visudo - the command used to make changes to the file.etc.sudoes
do not edit this file directly (with text editors)
Wheel group
have sudo privileges by default
easiest way to give privileges to a user is to add them to the "wheel group"
grep- can grep for a string/ used to search for a specific string
i.e: grep tuesday /etc/group
i.e: grep/gr
To create a group use:
groupadd
anytime you put a command that requires a arguement
ctrl +c (if it still doesn't work )
user can only belong to 1 primary group but can be apart of other secondary groupppp
groupadd
usermod- to add user to a specific group
vis
admins user
group is a file
groups is a command
chage
Knowt
Note
Studied by 11 people
