User and Group Management


Features:
          1. The ability to control users and groups

Primary tools:
          1. useradd - used to add users and modify group membership
          2. system-config-users

Tasks:
          1. create a user named 'student' using 'useradd'

Note: default user settings derive from: /etc/login.deps
  a. useradd student
  b. set password for user 'student': passwd student

Default user accounts DB: /etc/passwd


Fields in /etc/passwd:


student:x:501:501::/home/student:/bin/bash

username:shadow_reference:uid:gid:Description:$HOME:$shell

Note: /etc/passwd is a human-readable file
Note: /etc/shadow stores password in encryptes form
Note: /etc/shadow is NOT human-readable


Fields in /etc/shadow:


student:$1$XFSMv2ru$lfTACjN.XxaxbHA0EkB4u0:13891:0:99999:7:::

  1. username:
  2. encrypted password:
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left   before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn: The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive: The number of days after password expires that account is disabled
  8. Expire: days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used



Fields in /etc/gshadow:


sales:$1$1elrv/Cm$SBnkMcvV.Ha0rwJhfTHY00:student:student,anas

1.    username:

2.    encrypted password: The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command. If the value of this field is !, then no user is allowed to access the group using the newgrp command. A value of !! is treated the same as a value of ! — however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group.

3.    group administrators - group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.

  4. group members - group members listed here (in a comma delimited list) are regular, non-administrative members of the group.

                   gpasswd sales - will set the 'sales' group password
                   gpasswd -a  anas sales - append 'anas' amember to a group 'sales'
                   gpasswd -A student sales - add a group administrator
                   gpasswd -M student sales - add a new member 'student' and remove existing members from a group 'sales'
                   gpasswd -r sales - remove the encrypted passwd
                   gpasswd -R sales - will put the value '!' instead of encrypted password

                   sales:!!:student:anas

This line shows that the general group has no password and does not allow non-members to join   using the newgrp command. In addition, student is a group administrator, and anas is regular, non-administrative members.

Fields in /etc/group:


sales:$1$1elrv/Cm$SBnkMcvV.Ha0rwJhfTHY00:514:student

1.    group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.

2.    Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.

3.    Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.

4. Group List: It is a list of user names of users who are members of the group. The user names must be separated by commas.


          2. Modify user 'student' to have password expire after 45 days
            a. usermod
            b. chage
         
Let's say that you want to change student’s shell, you would do the following:
                   usermod -s /bin/tcsh student

Now student’s /etc/passwd file entry would be change to this:
                    student:*:501:501::/home/student:/bin/tcsh

                    Let's make student’s account expire on 09/15/97:
                   usermod -e 09/15/97 student

                    Now student’s entry in /etc/shadow becomes:
                    student:$1$XFSMv2ru$lfTACjN.XxaxbHA0EkB4u0:9559:0:60:0:0:10119:0


Groups:

          1. groupadd - add's new group
          2. groups - lists groups on the system: /etc/group
                   /etc/group - maintains group membership information

Task: create a 'sales' group and add 'student' as member and removing 'student' from the 'sales' group
          1. groupadd sales
          2. usermod -G sales student
          3. gpasswd -d student sales

Note: 2 types of groups exist:
          1. Primary - used by default for a user's permissions
          2. supplimental - used to determine effective permissions

Task: change 'sudent' primary group to 'sales' as a secondary group
          1. usermod -g student -G sales student

Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information

          userdel/groupdel are used to delete users and groups, respectively

To know about the courses CLICK HERE..!!


Contact US CLICK HERE..!!

No comments:

Post a Comment

Subscribe to: Posts (Atom)