User and Group Management

Trung tm Internet Vit Nam (VNNIC)
USER, GROUP
MANAGEMENT
HCM, 2011
Copyright 2011 by VNNICHCM 1 1
Contents
User, Superuser
How to choose a password
Become root
Group.
The user and group management (Graphic and command line)
User and group information.
Questions and Practices
Copyright 2011 by VNNICHCM 2
User
User is user can access to the system.
User information of the username and password.
The user types: super user, regular user.
Each user has a UID.
Super user's UID is 0.
Regular user's UID is> = 100

The Superuser
UID of zero
May perform any valid op on a file or process
May execute some system calls
May change ownership credentials at will
login program
Choosing a Root Password
Should not be easily guessed or discovered
Random sequence of letters, punctuation, & digits
Case sensitive
Only first eight characters are significant
Change password too
Becoming Root
May login as root
su to root
su username as root to get to an account
Must be in wheel group
sudo: A limited su
/etc/sudoers lists people authorized
Who and what are logged
Timeout protected

Other Important Users
root is only user with special status
Some nonhuman logins for special purposes
daemon: Owner of Unprivileged Software
bin: Owner of System Commands
sys: Owner of the Kernel & Memory Images
nobody: Owner of Nothing
Group.
Group is a collection of multiple users.
Each user is always a member of a group.
Each group has a GID.
The user has the same group shall have the same
GID

Operations management and user group
Command.
Using graphical tools.
Directly edit the file.

Create a user with User Manager tool.
System -> Administration -> User and group

Group created by Manager Tools group.
User and group information
/etc/passwd
Each line in the file consists of seven fields, separated by a
colon
Account_name:Password:UID:GID:Full_name:Directory:Program

/etc/group
Each line in the file consists of four fields, separated by
colons.
group_name:Password:Group ID (GID):Group List

Add User
User and group management commands
The useradd command, which is the same program as the
adduser command, creates a new user account. The basic form of
the command is:

#useradd -d home -e expire -f inactive -g group -G groups -m -s \
shell -u uid username

Only the final argument (username), which specifies the login
name, is required.
For example:
#useradd c Phan Kim Son d /home/pks m g hocvien pks

Add user
The remaining arguments have these meanings:
-d home Specifies the users home directory.
-e expire Specifies the expiration date of the account.
Specified as yyyy-mm-dd.
-f inactive Specifies the number of days after password
expiration that the account is disabled. The default
value, -1, prevents the account from being disabled.
-g group Specifies the users home group name or
number. The default value is 100. Used with the n flag.
-u uid The numerical ID of the user. If not specified, the
system chooses the next available user ID.

-G groups A comma-separated list of group names or
numbers, specifying supplementary groups of which
the user is to be made a member.
-m Specifies that the users home directory is to be
automatically created.
-n Specifies that no private user group should be
created.
-s shell Specifies the users shell. If not specified, the
system will launch the default shell when the user logs
in.
Add User
The remaining arguments have these meanings:
Change password & Lock User
Set or Change User Password
$ passwd or #passwd username

Lock User Password
#passwd -l {username}

UnLock User Password
#passwd -u {username}

Modify User
Change user information: The usermod command lets
you modify an existing user account. Its form
resembles that of the useradd command
#usermod -d home -e expire -f inactive -g group -G
groups l login -s shell -u uid username
All arguments are optional, except the last; however, at
least one additional argument must be specified. The
argument -l login lets you change the login name
associated with the account. The name of the users
home directory is not affected by this change.
For example: to change for group giaovien tdhanh.
#usermod g giaovien tdhanh

Delete User
Delete user:
Syntax: # userdel [option] username
For example: # userdel r chphuc
Lock / unlock user accounts:
passwd l <username> passwd u
usermod L <username> usemod U
In /etc/ shadow can lock the account by changing
the keyword by keyword x *.

The chfn Command
(Modify User Full name)
The chfn command lets you change the full name associated
with a user account. The form of the command is
#chfn user
Name
Office
Office phone
Home phone
If you dont wish to specify a value for a prompted field,
simply press Enter.
The chsh Command
(Change the login shell)

The chsh command lets you change the command
interpreter associated with a user account.
#chsh s shell user
shell specifies the path of the desired command
interpreter
user specifies the login name of the user account to be
modified.
Only approved command interpreters listed in
/etc/shells can be specified.

Group Management Commands
Create a group:
# groupadd <groupname>
For example: # groupadd hocvien.
Delete group:
# groupdel <groupname>
For example: # groupdel hocvien
Modifying group name
#groupmod n <newname> <groupname>

Sharing Data question?
Often, users need to share data that they dont
want others to be able to access or modify.

For example suppose tom, dick, and harry want to:
Have access to the directory bigdeal
But want to prohibit access by others.

Sharing Data Answer?
You could:
create a group named PrivateGroup (as
a reminder of its members)
Set the group ownership of the bigdeal
directory to PrivateGroup.
Assign permissions of 770 to the
directory.
Questions?
1. When you create a user account by using useradd, which of the following is
true of the initial password?
A. Locked
B. Randomly chosen
C. The same as the login name
D. The same as your login name

2. The name of the default group assigned to a new user account is which of the
following?
A. Null
B. The same as the login name
C. The same as the name of the user who created the user account
D. Users
Practices
1. Use the command line to create an ordinary user
account with a login of test101.
2. Use the command line to modify the account to
have the associated full name goner.
3. Use the command line to delete the user account
you created.
4. Inspect /etc/passwd to verify that the account was
deleted.
5. Lock and unlock the user
Practices
1. Define new users with login names test01, test02,
and test03.
2. Define a new group named testgroup.
3. Add each of the new users to the group.
4. Check your work by inspecting /etc/group.
5. Delete the test03 user from the group.
6. Check your work by inspecting /etc/group.
Practices
Define new users with login names Student
Set password for user Student is 123456
Which group that user student belongs to?
(/etc/group)
Home directory of user Student? (/etc/passwd)
Define new group StudentGrp
Change the group information for user Student belong
to StudentGrp (supplementary) and Root (Primary)
Practices
Change the note for user Student to Vietnam-Lao
admins
Login to RHL by user Student (use logout command to exit
the current user)
Use the root permission, lock account Student
Login to RHL by account Student, note the result
Unlock this account, login and note the result
Ask this user to change password on next 7 days
Set the account expire to 10-May-2011
Change the system time to 13-May-2011 (: date s 13 May
2011), login with account Student, note the results

Copyright 2011 by VNNICHCM
30

User and Group Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

User and Group Management

Uploaded by

Copyright:

Available Formats

Trung tm Internet Vit Nam (VNNIC)

You might also like