Thursday, October 7, 2010

User administration in redhat linux

User administration in Linux
In Linux there are three type of users.
1. Super user or root user
Super user or the root user is the most powerful user. He is the administrator user.
2. System users
System users are the users created by the softwares or applications. For example if we install Apache it will create a user apache. This kind of users are
known as system users.
3. Normal users
Normal users are the users created by root user. They are normal users like John, Ramu etc. Only the root user has the permission to create or remove a user.



In linux systems every user will have a unique user ID. It is known as UID. The Range of UIDs will be as follows:
1. Root user          UID will be "0"

2. Systems users      UID will be "1 - 499"

3. Normal users       UID will be "500 - 60000"
The range of MIN_GID and MAX_GID is specified in the file  "/etc/login.defs".

#########
There are three important files a user administrator should be aware of.

1. "/etc/passwd"
2. "/etc/shadow"
3. "/etc/group"

Each of the above mentioned files have specific formats.

1. "/etc/passwd"

The first line will be like this.
root:x:0:0:root:/root:/bin/bash

There are seven fields in it with each separated by ":"
Fields are as follows,

User_name:Pointer_to_Shadow_file:UID:Comment:GID:Home_Directory:Login_shell

1. User_name is the name of the user.
2. Pointer to shadow file is the pointer to the "/etc/shadow" where the encrypted password for that user is stored.
3. UID is the user ID.
4. GID is the goup ID for the user.
5. Comment is a field where we can add some info about that user. Suppose if the user is a group leader, we can specify it there.
6. Home_dir denotes the path of users home directory. By default for root user it'll be "/root" and for normal user it'll be "/home/user_name".
7. Default login shell will be "/bin/bash". If we want to change it to korn shell edit it to "/bin/ksh". If no login shell is required for that user then give
"/sbin/nologin"

2. "/etc/shadow"

Shadow file contains the user's encrypted password and password aging options.

The first line will be like this
root:$1fdsfsgsdfsdkffefje:14757:0:99999:7:::

The fields are as  follows,

1. User_name
2. Encrypted password
3. Days since that password was last changed.
4. Days after which password must be changed.
5. Days before password is to expire that user is warned.
6. Days after the password is expires that the user is disabled.
7. Days since the account is disabled.
8. A reserved field.

3. "/etc/group"

Contains information about groups in the system.

The first line will be like this
root:x:0:root

The fields are as follows.

1. Group_name, the name of the group
2. The encrypted group password
3. GID, Group ID
4. User_list, all the group member's user names. Separated by commas.

How to create a user?

In linux a user can be created with specific UID, GID, comment, Home directory and login shell. The options are as follows.

The command to add a user is #adduser or #useradd. Actually useradd is the real command and adduser is a soft link to the useradd command. But the usage of
both are same.

A command to add a user with all the fields we mentioned before is as follows.
#useradd -u UID  -g GID/Group_name -c COMMENT -d Home_dir  -s LOGIN SHELL  User_name

An example:

#useradd -u 555 -g linux  -c Teamlead -d /teamleads/john -s /bin/ksh john
Prior to the executing of the above command you should create the group 'linux'.

You can also add -p for password and -G for secondary groups which we will see later.
If u want to add the password, u 've to give the password in encrypted form.

For example,
#useradd -p encrypted_password Joseph

#########
How to create a group?

There are two kinds of users in linux. They are,

1. Primary group
2. Secondary group

When we create a user a group also will be created in the same name of the user. Suppose we creating a user abc with uid 540, then a group abc will be created
with same gid. And if the user abc creates a file xyz, it's owner will be user abc and group will be group abc. That is abc is its primary group. Thats normally
all the files and directories created by a user belongs to its primary group.

But what if the user needs access to the directories created by other groups? or a user has to supervise a number of groups? then comes the secondary group concept.
All the other groups are added as the secondary groups of that user.

The command to add a group is #groupadd

eg:

#groupadd group_name
#groupadd -g 540 linux

Suppose we want to create a user rahul with linux, java, hp, ibm as  secondary groups, it can be done as follows

#useradd  -G linux,java,hp,ibm  rahul
You have to specify all the secondary groups in single command, not one after one in different commands.

But you can appended the secondary groups to a user using the  -a option with usermod command.

For example,
A user john is a member of groups linux and java. We can append the group ibm to him as follows.

#usermod -a -G ibm john

Checking the groups of a user

#groups username
Will list all groups that the user belongs to.

How to set a password for a group?

#groupadd  linux
#gpasswd linux

the password will be saved in "/etc/gshadow".

To change the name of a group
#groupmod -n newname oldname

#########
Switching users

sometimes we may need to switch between users.
The command for switching is #su

1. #su
Switches to root user. But only gets privileges.

2. #su -
Switches to root user. Gets privileges and home directory access.

1. su raju
Switches to user raju

2. su - raju
gets also home dir access of raju.

If you are logined as root user and switching to normal user, you wont be prompted for the password. But you'll be prompted for password if otherwise.


Creating more users and setting passwords using a for loop.

Suppose we have to create 5 users linux1 to linux5 whose primary group is linux. And password same as their username.

First you have to create a group linux.
#groupadd linux

then

for i in 1 2 3 4 5
do
useradd - g linux  linux$i
echo linux$i | passwd --stdin linux$i
done

Creating more than 10 users
Suppose we have to create 25 users linux1 to linux25 whose primary group is linux. And password same as their username.

First you have to create a group linux.
#groupadd linux

then

for i in $(seq 1 1 25)
do
useradd - g linux  linux$i
echo linux$i | passwd --stdin linux$i
done

Modifying existing users

We can also modify the existing user with #usermod command.
for example,

#usermod -u 555 -g linux  -c Teamlead -d /teamleads/john -s /bin/ksh john

We can change the login name of a user using the option  -l
Syntax is as follows

#usermod -l new_name  old_name

Locking and unlocking the users

#usermod -L username
Executing the above command will lock the user with username.

#usermod -U username
Executing the above command will unlock the user with username.

#########
Removing a user
we can remove a user using #userdel command

For example,

#userdel user_name
the above command will remove the user but not his home directory. This is for taking back up of the files from it in case needed.

#userdel -r user_name
the above commad will remove the user as well as user's home directory.

#########
Deleting the password of a user or allowing password less login for a user

#passwd -d u_name

Recommended Reading

1. Practical Guide to Linux Commands, Editors, and Shell Programming, A (2nd Edition)
2. UNIX and Linux System Administration Handbook (4th Edition)
3. Linux All-in-One For Dummies
4. Introduction to the Command Line (Second Edition): The Fat Free Guide to Unix and Linux Commands

1 comment:

  1. Really helped a lot. Thank you!

    ReplyDelete