Table of Content
107.1 Manage user and group accounts and related system files
Weight: 5
Description: Candidates should be able to add, remove, suspend and change user accounts.
Key Knowledge Areas:
- Add, modify and remove users and groups
- Manage user/group info in password/group databases
- Create and manage special purpose and limited accounts
Terms and Utilities:
/etc/passwd /etc/shadow /etc/group /etc/skel/ chage getent groupadd groupdel groupmod passwd useradd userdel usermod
group
/etc/group Groups are not accounts, help organize collections of accounts oldhorse@dclab:~$ cat /etc/passwd|grep root root:x:0:0:root:/root:/bin/bash oldhorse@dclab:~$ cat /etc/passwd|grep oldhorse oldhorse:x:1000:1000:dreamcloud,,,:/home/oldhorse:/bin/bash change new group sudo addgroup testgrp change group by chgrp ls -ltr ttt -rw-rw-r-- 1 oldhorse oldhorse 0 Feb 12 07:51 ttt oldhorse@dclab:~$ sudo chgrp testgrp ttt oldhorse@dclab:~$ ls -ltr ttt -rw-rw-r-- 1 oldhorse testgrp 0 Feb 12 07:51 ttt change group by chown oldhorse@dclab:~$ chown :oldhorse ttt oldhorse@dclab:~$ ls -ltr ttt -rw-rw-r-- 1 oldhorse oldhorse 0 Feb 12 07:51 ttt
useradd
# useradd -m -d /home2/sally -g project4 -G project1,project4 sally oldhorse@dclab:/etc/skel$ cat /etc/login.defs|grep HOME DEFAULT_HOME yes The /etc/login.defs file specifies whether or not to create a user’s home directory when the account is created via the CREATE_HOME setting. If set to yes, the -m option has no effect. If set to no, the -m option toggles this specification and a user’s home directory is created. -g default group -G groups
passwd
passwd // change new password -l parameter locks an account by prefixing the hashed password with an exclamation mark (!) -u parameter unlocks an account by removing a leading exclamation mark oldhorse@dclab:/etc/skel$ passwd -S oldhorse oldhorse P 09/13/2015 0 99999 7 -1 oldhorse@dclab:/etc$ cat /etc/passwd|grep oldhorse oldhorse:x:1000:1000:dreamcloud,,,:/home/oldhorse:/bin/bash 7 fields username:password:UID:GID:comment:home:shell root@dclab:/etc# cat shadow|grep oldhorse oldhorse:$1$MySBJvCJ$emv0BL6gQweU13kzUqLqi1:16691:0:99999:7::: root@dclab:/etc# ls -ltr shadow -rw-r----- 1 root shadow 1282 Sep 14 06:42 shadow
usermod
# groups sally sally : sally users project1 # usermod -a -G Production sally # groups sally sally : sally users project1 Production
chage
modify account settings relating to account expiration chage [-l] [-m mindays] [-M maxdays] [-d lastday] [-I inactivedays] [-E expiredate] [-W warndays] username
userdel
-f, --force force removal of files,even if not owned by user -r, --remove remove home directory and mail spool if user files out of home, can find them by before delete user account cat /etc/passwd|grep // find uid # find / -uid smbpasswd -x sally to delete the sally account from Samba’s database
groupadd
groupadd [-g GID [-o]] [-r] [-f] groupname
groupmod
groupmod [-g GID [-o]] [-n newgroupname] oldgroupname
gpasswd
gpasswd [-a user] [-d user] [-R] [-r] [-A user[,...]] [-M user[,...]] group gpasswd // changes the password for the group gpasswd -d// remove one user from group ## /etc/grouproot@dclab:/etc# cat group|grep oldhorse adm:x:4:syslog,oldhorse cdrom:x:24:oldhorse sudo:x:27:oldhorse dip:x:30:oldhorse plugdev:x:46:oldhorse lpadmin:x:115:oldhorse oldhorse:x:1000: sambashare:x:131:oldhorse 4 fields group:password:GID:user list## /etc/gshadow
root@dclab:/etc# cat gshadow|grep oldhorse adm:*::syslog,oldhorse cdrom:*::oldhorse sudo:*::oldhorse dip:*::oldhorse plugdev:*::oldhorse lpadmin:!::oldhorse oldhorse:!:: sambashare:!::oldhorse root@dclab:/etc### groupdel
root@dclab:/etc# groupdel -h -h, --help display this help message and exit -R, --root CHROOT_DIR directory to chroot into if delete group, better to find all this group owned files , delete the files or assign them other group ownership using the chown or chgrp # find / -gid 1003## getent
The getent command allows you to access records stored in one of the system databases. getent database key passwd (the /etc/passwd fi le) shadow (the /etc/shadow fi le) group (the /etc/group fi le) root@dclab:/etc# getent passwd oldhorse oldhorse:x:1000:1000:dreamcloud,,,:/home/oldhorse:/bin/bash root@dclab:/etc# getent group sudo sudo:x:27:oldhorse root@dclab:/etc# getent shadow oldhorse oldhorse:$1$MySBJvCJ$emv0BL6gQweU13kzUqLqi1:16691:0:99999:7::: root@dclab:/etc# groups oldhorse oldhorse : oldhorse adm cdrom sudo dip plugdev lpadmin sambashare