LE Module 14

Module 14
Managing Users and

Groups
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
Copyright Network Development Group 2013.
Exam Objective
5.2 Creating Users and Groups
Objective Summary
Understanding user and group
commands
Creating User IDs
Working with Groups
Creating a Group
The most common reason to create a
group is to provide a way for users to
share files. After creating or modifying a
group, you can verify the changes by
viewing the /etc/group file or running the
getent command.
The groupadd Command
The groupadd command creates a new
group.
The -g option can be used to specify a
group id:
groupadd -g 506 research
If the -g option is not provided, the
groupadd command will automatically
provide a GID for the new group.
Group ID Considerations
Avoid creating GIDs in the same numeric
ranges where you expect to create user
IDs if your system uses UPG.
Recall that GIDs of under 500 are reserved
for system use.
The -r option will assign the new group a
GID that will be less than the lowest
standard UID.
Group Naming
Considerations
The first character of the name should be
either an underscore (_) or a lower-case
alphabetic character (a-z).
Up to 32 characters are allowed on most
Linux distributions, but using more than
16 can be problematic as some
distributions may not accept more than
16.
After the first character, the remaining
characters can be alphanumeric, dash (-)
and underscore(_).
The last character should not be a
Modifying a Group
The groupmod n command changes a
groups name.
The groupmod g command changes a
groups ID.
If you change the GID for a group, then
all files that were associated with that
group will no longer be associated with
that group.
These are called orphaned files.
To find orphaned files: find /
-nogroup
Deleting a Group
Delete a group with the groupdel
command.
This may result in orphaned files.
Only supplemental groups can be
deleted.
Working with Users
The /etc/default/useradd File
The /etc/default/useradd file is used
to define default settings when creating
user accounts.
Default settings can be viewed of
modified with the useradd -D command.
Editing this file requires root access.
The /etc/default/useradd File
Field Exampl Description
e
GROUP 100 The default primary group for a new user.
HOME /home The default base directory under which
the user's new home directory will be
created
INACTIVE -1 This value represents the number of days
after the password expires that the
account is disabled.
EXPIRE Account expiration date.
SHELL / The SHELL setting indicates the default

bin/bash shell for user's when they login to the
system.
SKEL /etc/skel The contents of this directory are copies
into the new user's home directory and
the new user is given ownership of these
files
CREATE_MAIL_SPO yes A "mail spool" is a file where incoming
OL email is placed. ".
The /etc/login.defs File
The /etc/login.defs file is used to
define default settings when creating
user accounts.
These default settings can be viewed
only by viewing the contents of this file.
These settings can also only be modified
by editing the file directly.
Editing this file required root access.
The /etc/login.defs File
Field Example Description
MAIL_DIR /var/mail/spool The directory in which the user's mail spool file will be
created.
PASS_MAX_DAYS 99999 The maximum number of days that a user can continue
to use the same password.
PASS_MIN_DAYS 0 The shortest time that a user are required to keep a
password.
PASS_MIN_LEN 5 This indicates the minimum number of characters that
a password must contain.
PASS_WARN_AGE 7 This is the default for the warning field
UID_MIN 500 The UID_MIN determines the first UID that will be
assigned to an ordinary user.
UID_MAX 60000 The UID_MAX determines the highest possible UID that
will be assigned to an ordinary user.
GID _MIN 500 The GID _MIN determines the first GID that will be
assigned to an ordinary group.
GID _MAX 60000 The GID_MAX determines the highest possible GID that
will be assigned to a regular group.
CREATE_HOME yes The value of this determines whether or not a new
directory will be created for the user, when their
account is created.
UMASK 077 Determines what the default permissions will be for the
user's home directory.
Working with Account
Information
Advantages to Individuals
having Separate Accounts
Accounts can be used to grant selective
access to files or services.
The sudo command can be configured to
grant the ability to specify individuals to
permit execution of select administrative
commands.
Each account can have group
memberships and rights associated with
it allowing for greater management
flexibility.
Account Considerations
Before creating a user account, consider
what values you want to set for the
following:
User name
UID
Primary Group
Supplementary group(s)
Home Directory
Skeleton Directory
Shell
Comment
The useradd Command
The useradd command will allow you to
create new users. Example:
useradd -u 1000 -c 'Jane Doe' jane
Modifies the following files:
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
Creates mail spool
(/var/spool/mail/jane) and users
home directory (/home/jane).
Password Security
Picking a Password
Avoid using personal information in
passwords.
Encourage complex passwords.
Encourage longer passwords, but not too
long as to make them hard to remember.
Consider how often users will be required
to reset their passwords.
Setting a Password
The passwd command will allow you to change
a password.
The root user can change any user password:
passwd user_name
The root user can break password rules besides
no empty passwords.
A user can change their own password by
running the passwd command with no
argument.
Regular users can not break password rules.
Password rules vary from one distribution to
another.
chage Command
Using the chage Command
Used to change password aging settings
for option
Short a user.
Long option Description
-l --list List the account aging information
-d LAST_DAY --lastday LAST_DAY Set the date of the last password change
to LAST_DAY
-E --expiredate Set account to expire on EXPIRE_DATE
EXPIRE_DATE EXPIRE_DATE
-h --help Show the help for chage
-I INACTIVE --inactive INACTIVE Set account to permit login for INACTIVE
days after password expires
-m MIN_DAYS --mindays MIN_DAYS Set the minimum number of days before
password can be changed to MIN_DAYS
-M MAX_DAYS --maxdays MAX_DAYS Set the maximum number of days before
a password should be changed to
MAX_DAYS
-W --warndays Set the number of days before a password
WARN_DAYS WARN_DAYS expires to start displaying a warning to
WARN_DAYS
Modifying a User Account
Modify a User
The user may need to be logged off to
modify the account.
Use the who, w or last commands to
determine if a user is currently logged in
to the system.
The usermod Command
Used to modify a user account.
Option Description
-c COMMENT Sets the value of the GECOS or comment field to COMMENT.
-d HOME_DIR Sets a new home directory for the user.
-e Set account expiration date to EXPIRE_DATE.
EXPIRE_DATE
-f INACTIVE Set account to permit login for INACTIVE days after password
expires.
-g GROUP Set GROUP as primary group.
-G GROUPS Set supplementary groups to a list specified in GROUP .
-a Append the user's supplemental groups with those specified
by G.
-h Show the help for usermod.
-l NEW_LOGIN Change the user's login name.
-L Lock the user account.
-s SHELL Specify the login shell for the account.
-u NEW_UID Specify the user's UID to be NEW_UID .
-U Unlock the user account.
Removing a User
Delete a User
Use the userdel command to delete a
user account.
By default, only the account is deleted,
not any of the files owned by the user.
By using the r option, files in the users
home directory and the users mail spool
are deleted.

LE Module 14

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LE Module 14

Uploaded by

Copyright:

Available Formats

Module 14

Managing Users and

SHELL / The SHELL setting indicates the default

You might also like