Linux Basics/User management

User management functions

 * Functions: adding, deleting user, setting password, modifying
 * Adding user: adduser(under Ubuntu), useradd



Adding user
Syntax: useradd [options] username Options:


 * : setting the user id (UID)
 * : note
 * : setting group membership
 * : setting HOME folder to /home/user.
 * : default shell (here the user gets bash as default
 * : separating them with commas, if the user is member of other groups
 * : it creates the home folder based on an existing user's home folder.
 * -m switch refers to create home directory, -k indicates where we want to copy the default files from (e.g. /etc/skel -> the skeleton folder of the home folder)

so the command looks like this: useradd -c "test account" -u 1001 -g users -G info,sysadmin -d /home/test -s /bin/bash -m -k /etc/skel test

getent
User information: getent getent passwd If we want to get information about infotech group: getent group infotech

/etc/passwd file
Location of user data: /etc/passwd

Content of /etc/passwd is like: janos:x:1000:1000:Nagy János:/home/janos:/bin/bash Passwd file's entries are separated with comma, and the explanation of the fields are the following:


 * 1) Username.
 * 2) Encrypted password.
 * 3) User ID(uid).
 * 4) Group ID (gid).
 * 5) Full name and other information
 * 6) Home folder
 * 7) Selected shell

/etc/shadow file
Content of /etc/shadow file is like: smithj:Ep6mckrOLChF.:10063:0:99999:7::: As with the passwd file, each field in the shadow file is also separated with ":" colon characters, and are as follows


 * 1) Username, up to 8 characters.  Case-sensitive, usually all lowercase.  A direct match to the username in the /etc/passwd file.
 * 2) Password, 13 character encrypted.  A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a ``* '' entry (eg. :*:) indicates the account has been disabled.
 * 3) The number of days (since January 1, 1970) since the password was last changed.
 * 4) The number of days before password may be changed (0 indicates it may be changed at any time)
 * 5) The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
 * 6) The number of days to warn user of an expiring password (7 for a full week)
 * 7) The number of days after password expires that account is disabled
 * 8) The number of days since January 1, 1970 that an account has been disabled
 * 9) A reserved field for possible future use

chage
Changing user rules: chage

We can regulate with changing it when will the password of a user expires.

For example, output of chage -l joska will display the data for it: Last password change                                : Feb 28, 2019 Password expires 	                               : never Password inactive 	                               : never Account expires 	                               : never Minimum number of days between pasword change	: 0 Maximum number of days between pasword change	: 99999 Number of days of warning before password expires 	: 7 We want joska user's password to expire in 10 days: chage -M 10 joska When will we want joska's password to expire? chage -E "2019-12-31" joska Lockdown after inactive days

We lock joska's password after 10 inactive days. chage -I 10 joska chage --inactive 10 joska

User password
User password: passwd

Changing own password: With superuser privilege we can change anybody's password: Storing password encrypted: /etc/shadow
 * 1) passwd
 * 1) passwd username

Generating password:
 * 1) makepasswd

chfn
Modifying user data: chfn

We need finger package for it.

e.g.: Kapcsolók:
 * 1) chfn -f János janos
 * 2) chfn --full-name "Nagy János" janos


 * -f, --full-name
 * -o, --office -- office room number
 * -p, --office-phone - office phone number
 * -h, --home-phone - home phone number

Deleting user
Deleting user: deluser, userdel

It's recommended to regulate it with help of /etc/deluser.conf, We should look up deluser.conf(5) manual.

e.g.: deluser --remove-home deluser --remove-all-files deluser --backup deluser –backup-to

Handling user groups
Creating group: addgroup, groupadd

Location of group data: /etc/group

/etc/group file can be edited manually (text editor, mcedit, nano etc) by root.

A group is created with every user's name (like in case of kathy user a kathy group is created).

Adding to group: gpasswd -a kathy infotech


 * We add kathy to infotech group

Csoportból kivétel: gpasswd -d kathy infotech


 * We delete kathy from infotech group

Handling user groups (and user data)
„usermod” command:


 * Changing user accounts.

Adding user mary to infotech group: usermod -a -G infotech mary (For -a the group name is appended, so the other group remains for that user. If we omit -a, then all the existing groups the user is assigned in gets deleted for that user.

Usermod command's other switches:


 * -u value user: it changes user ID (UID)
 * -g group user: it changes user group (e.g. usermod -g infotech mari)
 * -G group1,group2: it adds the user to the given groups (but without appending)

usermod -G human,economy,sysadmin mary

usermod -L -e 1970-01-01 mary (expiration date can be older than the current date) (--lock)
 * -L user: it locks the access of the user / bans the user (so you can't log in)
 * -e value: expire date (--expiredate)
 * -U user: unlocks the ban from the user
 * -d user: setting new home folder (--home)
 * -s user: setting shell (--shell)

id command:

Requesting information about the user.

group member: id id -nG

User account settings
In /etc/login.defs directory/file there can be set some properties for users. For example, where should the user emails be stored. MAIL_DIR /var/mail Logging failed logins into /var/log/faillog file: FAILLOG_ENAB yes Logging unknown usernames in case of failed logins: LOG_UNKFAIL_ENAB no Logging successful logins: LOG_OK_LOGINS no Controlling passwords. By default, when it's gonna expire, when the user can change it, what's the minimum length of the password, and when the warning should be: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 User ID minimum and maximum ID's in case of useradd: UID_MIN 1000 UID_MAX 60000 Minimum and maximum number group IDs: GID_MIN 1000 GID_MAX 60000 Denying login after this number of fails: LOGIN_RETRIES 5 The length of lockdown after exceeding the number of unsuccessful logins: LOGIN_TIMEOUT 60

User defaults
/etc/default folder contains it.

E.g. /etc/default/useradd GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
 * 1) useradd defaults file


 * /etc/skel folder contains the base home directory's content.