user, group, passwd - alex-aleyan/linux_wiki GitHub Wiki
-
Useful Administrative Files:
/etc/group - Group account information. /etc/passwd - user account information /etc/shadow - secure user account information /etc/gshadow - shadow secure user account information /etc/login.defs - Shadow password suite configuration. /etc/default/useradd - Default values for account creation. /etc/skel/ - Directory containing default files. /etc/pam.d/passwd - PAM configuration for passwd. -
Useful Administrative Commands:
useradd, adduser - create a user groupadd - create a user lslogins - Lists user's info including the DEFAULT SHELL. chsh - Allows the user to change the user's login shell. usermod,passwd - used to change user's account settings (authentication expiration, lock/unlock account). chfn - used to change a user's finger information (full name, office, office-phone, home-phone)
userdel -r username
-
Create a user:
[root@test1 ~]# useradd user1 [root@test1 ~]# echo $USER [root@test1 ~]# echo $USERNAME -
Verify the user was created:
[root@test1 ~]# cat /etc/passwd | grep user1 user1:x:500:100::/home/user1:/bin/bash -
Create a group:
[root@test1 ~]# groupadd users -
Verify that the group was created:
[root@test1 ~]# cat /etc/group | grep users users:x:100: -
Add the user to the group:
[root@test1 ~]# gpasswd -a <username> <groupname> [root@test1 ~]# gpasswd -a user1 users -
To set/cahnge password:
[root@test1 ~]$ passwd [root@test1 ~]# passwd userName -
To delete a user from a group:
[root@test1 ~]# gpasswd -d <username> <groupname> -
Hint: you can also use this command to list basic info of a user. Use ''lslogins'' by itself to list the summary about all accounts on a system.:
lslogins userName OR lslogins id -
Edit Primary group of a user:
usermod userName -g groupName
Quick Review:
chage -l <username>
passwd -x -1 <username>
chage -m 0 <username>
On host1:
- Skip to Step 5; Remove user:
userdel myuser - Remove user’s home directory:
rm –fr /home/myuser - Add user:
useradd user1 - Add the user to a group
gpasswd -a myuser -g users - List users to determine the UUID of the user:
lslogins #to see UUID of myuser
On host2:
-
SSH as root.
-
Using the UUID from host1, change the UUID of myuser on host2 to match the UUID found on host1:
usermod -u <matchin UUID> myuser
On all hosts do:
-
Make sure the next parameters are set as:
chage -l myuser Last password change : Dec 22, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : -1 Maximum number of days between password change : -1 Number of days of warning before password expires : -1 -
if not, set them using:
chage -E -1 –I -1 –m -1 –M -1 –W -1 myuser
-
Uncomment the "%wheel ALL=(ALL) ALL" line:
[root@test1 ~]# visudo ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL -
Optionally, add command path so the sudoers can launch the commands in the path:
Defaults secure_path = /sbin:/bin:/<yourpathhere> -
List the users:
[root@test1 ~]# cat /etc/passwd -
Add a user to sudoers group (wheel group is a group with god previleges):
[root@test1 ~]# usermod -aG wheel <USERNAME> -
Test the sudoer:
[root@test1 ~]# su <USERNAME> [user@test1 ~]$ groups #make sure user is in the wheel group [user@test1 ~]$ sudo whoami -
To remove a user from a group:
gpasswd -d userName groupName
-
Check if there are any failed logins. The below command will show how many failed logins the particular username has.
#pam_tally --user <username> -
Unlock the user/Reset the failed logins
#pam_tally --user <username> --reset-
For all users, you can simply give
#pam_tally --reset
-