View
222
Download
0
Category
Preview:
Citation preview
8/8/2019 Slide5 User Mgmnt
1/24
8/8/2019 Slide5 User Mgmnt
2/24
You will know about..
useradd
userdel
su
adduser
usermod
groupadd
groupdel
groupmod
passwd/etc/shadow
/etc/passwd
8/8/2019 Slide5 User Mgmnt
3/24
Why manage user?
Users MUST have different account Users MAY have different:
Privileges (give it accordingly to get job done)
Permission Accessibility
Group
Task, process, files Home directory
etc.
8/8/2019 Slide5 User Mgmnt
4/24
Take Advantage of Linux's UID and GID
UID user identification UIDs and GIDs on all Linuxes range from 0 to
65534
Example: Student from 1000 to 1500
Lecturer from 1501 to 2000
Technician from 2001 to 2050 UID for root is always ZERO
8/8/2019 Slide5 User Mgmnt
5/24
Debian/Ubuntu
IDs 0-99 are for system accounts. IDs 100-999 are for user-installed programs and
daemons, such as mail, ftp, apache, mysql etc.
IDs 1000-29999 are ordinary user accounts.
IDs 30000-65533 are reserved, according to theDebian policy manual, but you may use them howeveryou like.
ID 65534 is user "nobody," an account with no rightsor permissions.
8/8/2019 Slide5 User Mgmnt
6/24
RPM based redhat, fedora
IDs 0-499 are reserved for system use. IDs 500-60000 are for ordinary users.
ID 65534 is user "nobody," an account with no rightsor permissions.
8/8/2019 Slide5 User Mgmnt
7/24
/etc/passwd
User account information 7 columns:
Login name
Encrypted password or password placeholder UID (user ID) number
Default GID (group ID) number
GECOS information: full name, office, extension, home
phone Home directory
Login shell
8/8/2019 Slide5 User Mgmnt
8/24
/etc/passwd
Example:# less /etc/passwd
# grep piztol /etc/passwd
piztol:x:500:500:piztol:/home/piztol:/bin/bash
username:passwd_setting:uid:gid:full_name:home_dir:default_shell
8/8/2019 Slide5 User Mgmnt
9/24
/etc/shadow
Secure user account information (password)
8 columns
Username
Encrypted password
Last modified - number of days (since 1st January1970) that the password was last changed
Min days - minimum number of days requiredbefore a password can be changed
Max days - maximum number of days before apassword must be changed
8/8/2019 Slide5 User Mgmnt
10/24
/etc/shadow Warning days - number of days prior to password
expiration that the user will be warned of thepending expiration
Disabled days - number of days to wait after apassword has expired to disable the account.
Expiration date - number of days since January 1,1970 after which the account will be disabled.
8/8/2019 Slide5 User Mgmnt
11/24
Example:piztol:$xvfghJ219$b:14715:0:99999:7:::
Username:Password:Last_Modified:Min_Days:Max_Days:Days_Warn:Disabled_Days:Expire
Last 3columns are set to a null value, indicating the warning day,disabled days are not set and account never expires
8/8/2019 Slide5 User Mgmnt
12/24
useradd
create a new user or update default new userinformation
See default value for new user, according to/etc/default/useradd (if option not specified)
# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
8/8/2019 Slide5 User Mgmnt
13/24
useradd (option)
-c full user name
-d create home dir based on login name(should specify location)
-e expired date, format YYYY-MM-DD
-g group name for new user (must exist)-G to be a member of groups (more than 1)
more..
8/8/2019 Slide5 User Mgmnt
14/24
useradd (option)
-m create home dir if doesn't exist using skeleton
(by default it doesn't)-s specify user's shell (/bin/bash or /bin/sh)
-U create group with the same name of user andadd user to this group
-u specify uid for user
8/8/2019 Slide5 User Mgmnt
15/24
Let's try
# useradd -m footoo# useradd -m -c Dr Sinchan sinchan
# useradd -d /dudu -u 1600 -s /bin/sh dudu
# useradd -m -g admin rocket# useradd -G admin,mysql,root user100
# useradd -e 2010-12-12 tmpuser
Always putusername
at last argument
8/8/2019 Slide5 User Mgmnt
16/24
passwd
Set or change password# passwd username
Options:
-l Locks the users account. This option invalidates the userspassword.
-u Unlocks a users account.
-d Removes a users password.
-n Sets the minimum number of days required before apassword can be changed.
-x Sets the maximum number of days before a password mustbe changed.
8/8/2019 Slide5 User Mgmnt
17/24
8/8/2019 Slide5 User Mgmnt
18/24
userdel
# userdel username# userdel -r username
-r remove home directory
8/8/2019 Slide5 User Mgmnt
19/24
adduser
# adduser username
8/8/2019 Slide5 User Mgmnt
20/24
usermod
To modify user account, including login name Options quite similar with 'useradd'
-c, -m, -d, -s, -e etc
-l change login name example:
# usermod -l new_name old_name
# usermod -d /home/newhomedir user123
8/8/2019 Slide5 User Mgmnt
21/24
groupadd
# groupadd -[option] groupname# groupadd -g 12345 mygroup
# groupadd -r systemgroup1
-f exit successfully if the group already exists, and cancel -g ifthe GID is already used
-g use GID for the new group
-r create a system account
8/8/2019 Slide5 User Mgmnt
22/24
groupdel, groupmod
# groupdel groupname
# groupmod -[option] group
-g change group id (GID)
-n change to new name of group
8/8/2019 Slide5 User Mgmnt
23/24
chage
NOT change, but chage Option
-l show aging information
-E set expire date for passwd
format YYYY-MM-DD or -1 to remove expiration date
-I Set the number of days of inactivity after a passwordhas expired before the account is locked
-d set number of days when the passwd was lastchanged. 0 will require user to change passwd on login
-M set max number of days before pasword change
8/8/2019 Slide5 User Mgmnt
24/24
chage
$ chage -lLast password change : Apr 16, 2010Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Recommended