Linux is a multi-user operating system. One of the most important roles of a system administrator is to manage the users and groups in a system.
Linux User
The full account information is stored in the /etc/passwd file and a hash password is stored in the file /etc/shadow.
There are two types of users:
- Super or root user – can access all the files, can add, delete and modify a user account.
- Normal users – limited access to files
Any user will have
- Unique ID (UID)
- Group
Creating the local user account
A user can be added by running the useradd command and then set a password using the passwd utility. System automatically assigns a UID, creates the home directory (/home/<username>) and sets the default shell to /bin/bash.
Useradd command usage
[root@localhost linuxuser]# useradd demouser [root@localhost linuxuser]# passwd demouser Changing password for user demouser. New password: Retype new password: passwd: all authentication tokens updated successfully.
Options for the useradd command:
-m to create a home directory (default option for useradd command)
-c to specify the user’s full name
-u to create a user with a custom UID
-d to set a non-default home directory
-g to specify a primary group
-G to specify a supplementary groups
-s to specify the user shell
-N -> no private group
For more options use ‘man useradd’
Options usage:
[root@localhost linuxuser]# useradd -c “Demo User” demouser [root@localhost linuxuser]# useradd -u 1036 demouser [root@localhost linuxuser]# useradd –d /home/test demouser [root@localhost linuxuser]# useradd -g “student” -G “staff” demouser
Options for the passwd command
-l to lock the user
-u to unlock the user
Options Usage
[root@localhost linuxuser]# passwd -l demouser Locking password for user demouser. passwd: Success[root@localhost linuxuser]# passwd -u demouser Unlocking password for user demouser. passwd: Success Setting password from the command line - echo 'demouser:password'| chpasswd echo password1 | passwd demouser --stdin
Add user in this group using usermod command
usermod –G test vinita
By default user gets bash sell prompts. But we modified this by –s switch and given the user to /bin/sh shell.
usermod –s /bin/sh demouser
Linux Group
Group is to organize a collections of users. Each group is also associated with unique ID (GID).
Group related information is stored in ‘/etc/group’ and respective passwords information stored in ‘/etc/gshadow’ files.
There are two types of groups
- Primary Group
- Supplementary group
Each User is associated with primary group and one or more supplementary groups.
Creating a group – We use ‘groupadd’ command as a root user to create group with default options.
[root@localhost linuxuser]# groupadd sales -g option to specify the GID for the group [root@localhost linuxuser]# groupadd -g 1100 manager
Adding users to the group
- passwd -a demouser sales – adding a single user to the group
- gpasswd -M demouser1, demouser2 sales – adding multiple users to the group.
- We can use ‘newgrp groupname’ to switch the group for that session
Changing the group name – We can groupmod command as below to change the existing group name.
[root@localhost linuxuser]# groupmod -n sales marketing
-g option with groupmod to change the GID of a existing group.
Deleting a group – We can use groupdel command to delete a group. You cannot delete users primary group until user exists, before deleting a primary group, delete the users of that primary group.
[root@localhost linuxuser]# groupdel marketing
Linux uses following files for user and group management.
- /etc/shadow -> To Store all the Linux password in MD5 encryptions format
- /etc/passwd-> To Store all user related information
- /etc/group -> TO Store all group related information
By default, the user’s home directory is created and the files from /etc/skel/ are copied into it.
E.g.: Creating multiple users at a time
Addusers.sh
#To add users hr, sales, operations and developer for USER in hr sales operations developer do useradd $USER #Each user given a password 'changeme' echo changeme |passwd --stdin $USER done