|
User and Group administration IntroductionYou'll remember from the Fundamentals course that the user information is stored in the system /etc/passwd and /etc/shadow files, and that additionally, group membership information is stored in the /etc/group file. While it is possible to edit these files by hand, it is not recommended. There exist several command line tools, which can be used to manage these files instead: useraddSYNTAX:
useradd [switches] <username>
This is a powerful command, which lets you easily create new users on the system, with a range of options. The most common ones are:
useradd options
The last parameter should be the desired login name for the user. You can consult man page for the other options, and for further details. One additional switch worth mentioning is "-D", which controls the defaults for useradd. Specifying the "-D" switch on its own will simply display the default settings, while specifying -D in conjunction with other switches will change the defaults to those values.
debian:~# useradd -D
GROUP=100
INACTIVE=-1HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
debian:~# useradd -D -s /bin/sh
debian:~# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
As you can see, this changes the default shell for created users from "bash" to "sh". Let's change it back though, and create a test user:
debian:~# useradd -D -s /bin/bash
debian:~# useradd -c "Joe Blogs" -m jblogs
debian:~# finger jblogs
Login: jblogs Name: Joe Blogs
Directory: /home/jblogs Shell: /bin/bash
Never logged in.
No mail.
No Plan.
debian:~# ls -la /home/jblogs
total 24
drwxr-xr-x 2 jblogs users 4096 Mar 12 05:58 .
drwxrwsr-x 4 root staff 4096 Mar 12 05:58 ..
-rw-r--r-- 1 jblogs users 266 Mar 12 05:58 .alias
-rw-r--r-- 1 jblogs users 509 Mar 12 05:58 .bash_profile
-rw-r--r-- 1 jblogs users 1093 Mar 12 05:58 .bashrc
-rw-r--r-- 1 jblogs users 375 Mar 12 05:58 .cshrc
You can see that the user's home directory has been populated with the files from "/etc/skel". Default configuration files (such as .bashrc, .bash_profile) should be kept here, so that new users that you create will be given them automatically. Remember, though, that you can set your system wide defaults in the /etc/profile file. groupaddSYNTAX:
groupadd <groupname>
This command simply creates additional groups.
debian:~# groupadd testing
debian:~# tail -1 /etc/group
testing:x:1001:
groupmodSYNTAX:
groupmod -n <newname> <oldname>
This command renames a group, from oldname to newname.
debian:~# tail -1 /etc/group
testing:x:1001:
debian:~# groupmod -n jblogs testing
debian:~# tail -1 /etc/group
jblogs:x:1001:
groupsSYNTAX:
groups [username]
This simple command displays what groups a user is a member of. It takes the username of user as a parameter. If no username is given, it defaults to the current user.
debian:~# groups
root
debian:~# groups jblogs
jblogs : users
usermodSYNTAX:
usermod [flags] <username>
This command alters account information for users, which already exist. It takes most of the same switches as the useradd command. So, if we wanted to make user "jblogs"'s primary group also be "jblogs" (the group we renamed above), then we could do something like this:
debian:~# groups jblogs
jblogs : users
debian:~# usermod -g jblogs jblogs
debian:~# groups jblogs
jblogs : jblogs
The usermod command also allows the system administrator to disable and re-enable accounts. It's usually a good idea to disable accounts which you know aren't being used, or if you suspect malicious activity from that user. You can disable an account by using the "-L" (lock) switch:
debian:~# usermod -L student
Now when the user "student" attempts to log in, they will be prevented from doing so. You can then re-enable the account, using the "-U" (unlock) switch:
debian:~# usermod -U student
This will allow "student" to log in again as normal, with the same password as his account had previously. userdelSYNTAX:
userdel [-r] <username>
This command removes a user from the password database. If the "-r" flag is specified, the users home directory and files are also removed.
debian:~# ls -la ~jblogs
total 24
drwxr-xr-x 2 jblogs users 4096 Mar 12 05:58 .
drwxrwsr-x 4 root staff 4096 Mar 12 07:57 ..
-rw-r--r-- 1 jblogs users 266 Mar 12 05:58 .alias
-rw-r--r-- 1 jblogs users 509 Mar 12 05:58 .bash_profile
-rw-r--r-- 1 jblogs users 1093 Mar 12 05:58 .bashrc
-rw-r--r-- 1 jblogs users 375 Mar 12 05:58 .cshrc
debian:~# userdel -r jblogs
debian:~# ls -la ~jblogs
ls: ~jblogs: No such file or directory
groupdel
SYNTAX:
groupdel <group>
This command removes a group from the group database. adduser, addgroup, deluser and delgroupThe adduser, addgroup, deluser and delgroup commands are more user- friendly front-ends to the commands explained earlier. They will prompt you interactively instead of requiring command line switches.
debian:~# adduser
Enter a username to add: jane
Adding user jane...
Adding new group jane (1001).
Adding new user jane (1001) with group jane.
Creating home directory /home/jane.
Copying files from /etc/skel
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for jane
Enter the new value, or press return for the default
Full Name []: Jane Doe
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/n] y
debian:~# ls -la ~jane
total 24
drwxr-xr-x 2 jane jane 4096 Mar 12 08:02 .
drwxrwsr-x 4 root staff 4096 Mar 12 08:02 ..
-rw-r--r-- 1 jane jane 266 Mar 12 08:02 .alias
-rw-r--r-- 1 jane jane 509 Mar 12 08:02 .bash_profile
-rw-r--r-- 1 jane jane 1093 Mar 12 08:02 .bashrc
-rw-r--r-- 1 jane jane 375 Mar 12 08:02 .cshrc
You'll notice that, by default, the adduser command creates a group with the same name as the username, and makes this group the primary group for that user. This is called a user private group (UPG).
|