dcsimg

User and Group Management 101

Whether you're new to managing users and groups or just need a quick refresher, this tutorial will sharpen your sys admin chops.

OK, class settle down, find your seats, fire up your Linux systems and follow along with me for this user and group administration tutorial. This article is your short course on user and group administration using some commands that you’ve perhaps never seen or used before. User management doesn’t have to induce hair pulling (yours or theirs) nor does it have to make you hate user’s existence. Following a single, simple rule will make your life as a system administrator easier: Give your users access to what they need, no more and no less.

Any salty system administrator (SA) will tell you that you’re supposed to manage users with group permissions, and that’s true, but you still have to create those users, place them into groups, remove users and manage user access. It is these basic user management activities that you’ll explore in this week’s post.

Group Commands

Let’s appease those rusty old system administrators by first learning about groups and how to manage them. Group definitions reside in the /etc/group file. A standard Linux /etc/group file contains the following information: groupname:x:groupid:user list.

The “x” in the group definition file is a deprecated placeholder for a group password.

To find out which groups you belong to, type groups at a command prompt.

$ groups
khess rdpusers

By default on most Linux systems, when an administrator creates a new user account, the system automatically creates a group account with the same name as the user account. An SA can specify a group when he creates the account but the group must already exist.

Here are two illustrative examples:

# useradd fred

# grep fred /etc/passwd
fred:x:504:506::/home/fred:/bin/bash

# grep fred /etc/group
fred:x:506:
# useradd -g 100 -c "Bob Alobdob" bob

# grep bob /etc/passwd
bob:x:505:100:Bob Alobdob:/home/bob:/bin/bash

# grep bob /etc/group
#

Why did the system return no response when you typed in grep bob /etc/group? It’s because the users group is Bob’s primary group. If users were a secondary group, Bob’s username would appear in the list. For example, create a new user with rpdusers (Group ID 504) as a secondary group.

# useradd -G 504 -c "Jon Shmon" john

# grep john /etc/passwd
john:x:506:507:Jon Shmon:/home/john:/bin/bash

# grep john /etc/group
rdpusers:x:504:khess,john
john:x:507:

A group must exist before you assign users to it. The groupadd command creates new groups with a specific Group ID (GID) and name.

# groupadd -g 1040 accounting

# grep 1040 /etc/group

accounting:x:1040:

You may also create a new group with just a group name and the system will assign a GID for you with the command, # groupadd groupname.

The groupmod command allows you to change the group name but the SA will have to change any files associated with the old group manually.

# groupmod -n accounting beancounters
# grep 1040 /etc/group
beancounters:x:1040:

Note: Don’t confuse chgrp (changes group permissions) with groupmod (changes the name of a group).

You can remove a group with the groupdel command.

# groupdel beancounters

If you prefer to edit configuration files directly, although you shouldn’t, the vigr command edits the /etc/group file in a safe manner by setting locks so that only one administrator at a time can edit the file.

Administrators rely heavily on the “group” commands for group administration, user administration and in scripting those functions for automated solutions.

User Commands

I call this collection of utilities the “user” commands because their functionality centers on user administration and not on action taken by the users themselves. Even if a user knows the location of these commands (/usr/sbin), they still can’t issue them without root privilege.

For example, a clever user on your system tries to issue useradd and vipw.

$ /usr/sbin/useradd steve
useradd: Only root may add a user or group to the system.

$ /usr/sbin/vipw
vipw: Couldn't lock file: Permission denied
vipw: /etc/passwd is unchanged

The User commands have their Group analogs; you add a new user with useradd, modify a user account with usermod and delete a user account with userdel. And you edit the /etc/passwd file directly with vipw. You’ve already seen the useradd command in action in the Group Commands discussion.

The usermod allows SAs to alter any user account attribute including the user’s real name (comment field), home directory name, account expiration date, disabling functionality, group add and change, login name, account locking and unlocking, alter the user’s shell and more.

# grep khess /etc/passwd
khess:x:500:500:Kenneth Hess:/home/khess:/bin/bash

# usermod -c "Ken Hess" khess

# grep khess /etc/passwd
khess:x:500:500:Ken Hess:/home/khess:/bin/bash

The usermod command requires some restraint and careful typing when issuing commands that can make a user account unusable. Let’s say that Bob Alobdob, from an example in the Group discussion, wants his login name and home directory changed to robert.

# usermod -d "/home/robert" -m -l robert bob 

# grep robert /etc/passwd
robert:x:505:100:Bob Alobdob:/home/robert:/bin/bash

Notice how I explicitly entered “/home/robert” in the command? If you don’t specify the whole path, Robert won’t have a home directory nor will its contents exist anymore. The command, as shown, changes his current home directory from /home/bob to /home/robert, his login from bob to robert and the -m moves the contents of his “bob” home directory to his “robert” home directory. User permissions change to robert as well for all files in his home directory.

Note: You cannot change the login name of a currently logged in user.

The userdel command’s function might seem obvious to you but you might surprise yourself after issuing the command to find that the user’s home directory is still intact.

Why would any programmer allow that directory to remain as clutter on your home filesystem? This is actually a failsafe mechanism and you should thank the thoughtful programmer who maintains userdel.

What if two user names only differ by a single letter and you removed the wrong one? The incorrectly deleted user’s home directory and files were wiped from the system with a slip of your finger. With the failsafe mechanism in place, you have to manually remove the home directory and hopefully you would catch your error before doing so.

This introduction to user and group administration will point you in the right direction in your own duties as a new system administrator. Remember to think in terms of groups and add users to those groups as needed. Use the administrative tools and utilities provided to you and avoid directly editing any system file.

Have you ever wanted to see more information from your system than proc files or dmesg could give you? Well, your search is over. There are native tools that give you more than you imagined and we’ll have a look at them next week.

Comments on "User and Group Management 101"

Every after inside a even though we choose blogs that we read. Listed below would be the most up-to-date web pages that we pick out.

That will be the end of this post. Here you will locate some web pages that we think you?ll appreciate, just click the links.

The time to read or pay a visit to the subject material or internet sites we’ve linked to below.

Here are some hyperlinks to web pages that we link to mainly because we think they’re really worth visiting.

We prefer to honor quite a few other world-wide-web web sites around the web, even if they aren?t linked to us, by linking to them. Beneath are some webpages worth checking out.

Check beneath, are some totally unrelated internet sites to ours, nevertheless, they are most trustworthy sources that we use.

Here are a few of the web pages we recommend for our visitors.

Just beneath, are numerous entirely not associated websites to ours, nonetheless, they may be surely worth going over.

We came across a cool web page that you just could possibly appreciate. Take a appear in the event you want.

We like to honor many other internet sites around the net, even though they aren?t linked to us, by linking to them. Underneath are some webpages worth checking out.

Below you will come across the link to some web sites that we feel you must visit.

Every after in a though we pick out blogs that we study. Listed beneath are the latest websites that we select.

The info talked about in the report are a number of the best readily available.

Very handful of internet websites that transpire to become comprehensive beneath, from our point of view are undoubtedly nicely really worth checking out.

The info talked about inside the report are a number of the most effective accessible.

Usually posts some incredibly exciting stuff like this. If you?re new to this site.

Here are a number of the internet sites we advise for our visitors.

Here is a great Blog You may Obtain Interesting that we encourage you to visit.

qKjSJK cbdrlmtqfmbi, [url=http://sjewwhzrkqiq.com/]sjewwhzrkqiq[/url], [link=http://kymfalazdgmc.com/]kymfalazdgmc[/link], http://jfbdijkynosp.com/

The data talked about in the article are some of the most beneficial obtainable.

Always a significant fan of linking to bloggers that I like but do not get quite a bit of link enjoy from.

We came across a cool web page that you may well enjoy. Take a look when you want.

Below you will locate the link to some websites that we assume you should visit.

Here are some hyperlinks to web sites that we link to for the reason that we think they may be really worth visiting.

The information talked about inside the post are some of the top accessible.

Below you?ll obtain the link to some web-sites that we consider you’ll want to visit.

Although web sites we backlink to below are considerably not connected to ours, we really feel they are essentially really worth a go through, so possess a look.

Please pay a visit to the sites we stick to, including this 1, as it represents our picks through the web.

Check beneath, are some entirely unrelated websites to ours, nonetheless, they may be most trustworthy sources that we use.

This is the right webpage for everyone who really wants to understand this topic.

You understand a whole lot its almost tough to argue with you (not that
I personally will need to?HaHa). You certainly put a
fresh spin on a subject that’s been written about for many years.
Excellent stuff, just wonderful!

Feel free to visit my webpage – TitusWBoxell

Very handful of internet websites that happen to be comprehensive beneath, from our point of view are undoubtedly well worth checking out.

Here are several of the web sites we advise for our visitors.

Every the moment inside a when we choose blogs that we read. Listed beneath are the most current web pages that we opt for.

Just beneath, are many entirely not associated web pages to ours, nonetheless, they’re certainly worth going over.

We prefer to honor several other world wide web web pages around the web, even if they aren?t linked to us, by linking to them. Underneath are some webpages worth checking out.

We like to honor many other web sites around the net, even if they aren?t linked to us, by linking to them. Under are some webpages worth checking out.

That could be the finish of this article. Here you?ll locate some web-sites that we feel you will enjoy, just click the hyperlinks.

Here are some of the sites we advocate for our visitors.

Always a massive fan of linking to bloggers that I enjoy but do not get a whole lot of link really like from.

Check beneath, are some absolutely unrelated sites to ours, nonetheless, they’re most trustworthy sources that we use.

Here is a superb Weblog You might Uncover Intriguing that we encourage you to visit.

Here is an excellent Blog You may Locate Intriguing that we encourage you to visit.

We came across a cool web page which you may appreciate. Take a search should you want.

Here is a good Weblog You may Find Exciting that we encourage you to visit.

That may be the finish of this post. Here you will locate some web pages that we believe you?ll value, just click the links.

I always used to study article in news papers but now because i am an individual of web so from now I am just using net for articles or reviews, thanks to web.

Check out my website OlinBVibbert

Please pay a visit to the web-sites we follow, such as this a single, as it represents our picks through the web.

Here are some hyperlinks to web pages that we link to for the reason that we believe they may be really worth visiting.

Here are some links to sites that we link to mainly because we assume they may be worth visiting.

Check below, are some totally unrelated web-sites to ours, even so, they’re most trustworthy sources that we use.

Leave a Reply