USER AND GROUP

ADMINISTRATION
 USER ADMINISTARTION
Types of Users
Super User:
The root user is the super user, it is created by default.. Root user is the
administrator of the system. Root user has the rights to access any file in the file
system.

Regular Users:
Regular users are the normal users created by the root. They have the rights to
access and execute the files present in their corresponding directories only.

System Users:
System users are nologin users. i.e. those users can’t be login in the shell. Those
users are created by default having UID below 500 for running and controlling
various daemons.
 LINUX USER ATTRIBUTES

TYPE EXAMPLE USER ID GROUP ID HOME SHELL

(UID) (GID) DIRECTORY
Super User Root 0 0 /root /bin/bash

System User ftp, ssh, 1 to 499 1 to 499 /var/ftp etc. /sbin/nologin

apache etc.

Normal User visitor, 500 to 60000 500 to 60000 /home/username /bin/bash

user1 etc.
Users Defaults
Red hat Linux uses User Private Group (UPG) Scheme :-
 It means that when ever a user is created is has its own private
group.
 Ex: User is created with name user123, then the primary group for
that user will be user123 only.

When a user is created in Linux the following things created by

default:--
 A home directory created ( /home/username)
 A mail box is created (/var/spool/mail/username)
 unique UID & GID are given to user
User Administration involves
 Creating User Account
 Modifying User Account
 Deleting User Account

 Different shells used in Linux are sh, bash, ksh and csh.
For sh, bash and ksh, regular user prompt will be $ and
root prompt will be #.
 For c shell, regular user prompt is % and root prompt is #.

Users Database Files:

 /etc/passwd
 /etc/shadow
Content of /etc/passwd file
 The information of each user created is stored in a separate
line in the file /etc/passwd
 Each record has seven fields separated by a : as given:-
user1:x:500:500:prog:/home/user1:/bin/bash
Here there are 7 columns,
user1 - user name
x - passwd (encrypted passwd is stored in /etc/shadow file)
500- user id
500- primary group id
prog- comments for the user
/home/user1 - home directory for the user
/bin/bash - shell for the user
 Content of /etc/shadow file
 This file contains the encrypted user passwords ( 8 fields)
 Passwords are encrypted through DES (64 bit) (Data
Encryption Standard ) or MD5 (128 bit) (Message Digest Ver.
5) Algorithm.
user1: hjkadfhs8974uyh5jrt/ :16061:0:99999:7:::

16061—No of days since 1970 (Days since the pw was changed).

0---Min no. of days to change the pw (min life of pw).
99999—Max no of days to change pw (Max life of pw).
7---Warning Days after the pw is expires that the user is disable.
::: --- Reserved field.
Creating a User
Creating a User with default attributes:-
Syntax:
#useradd <username>
Ex: #useradd user1
Creating a User with our own attributes:-
Syntax:
#useradd <options> <username>
Options are:
-u – User Id (UID)
-g – primary group name/GID
-G – Secondary group name /GID
-c – Comment
-s – Shell
-d – Home Directory
Assigning Password To The User
As a root user we can assign any password to any user
Syntax:
#passwd --- to assign pw to the current user ( the one with
which you have logged in, if it is root then roots pw will be
change) .
Ex: passwd
#passwd < username> to assign pw to specific user ( only root
can assign pw to other user).
Ex: #passwd user
Note: To Check password encryption
Syntax: #passwd –S <username> & authconfig-tui
Modifying the user`s Attributes
Syntax:
#usermod <options> <username>
Options are:
All the options which are used with useradd command can be used and,
-l --- to change the login name
-L – to LOCK account
-U – to UNLOCK account

Ex: #usermod –l <new name> < old name>

Ex: #usermod –L <user name>
Ex: #usermod –U <username>
Note: When an account is locked it will show ! ( Exclamation mark) in
/etc/shadow file.
Changing Password Parameters
Changing of the Password Parameters can be done by 2 ways..
Syntax 1:
#chage <username>
Syntax 2:
#chage <option> <value> <username>
Options are:
-d, --LAST_DAY set date of last password change to LAST_DAY
-E, --EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --INACTIVE set password inactive after expiration to INACTIVE
-l, --list show account aging information
-m, --MIN_DAYS set minimum number of days before password change to
MIN_DAYS
-M, --MAX_DAYS set maximum number of days before password change to
MAX_DAYS
-W, --WARN_DAYS set expiration warning days to WARN_DAYS
Deleting a User

To delete a user the Syntax used is

#userdel < user name>

Syntax: ( To delete the user with its home directory)

#userdel –r < user name>

Setting local and global user profile
Local User Profile:
~/.bashrc – Defines functions & Aliases
~/.bash_profile -- is the personal initialization file, executed for login shells
and also set environment variables such as PATH, HOME etc. ~/.bash_profile
runs only with login shells i.e when you first log in into system.
~/.bash_logout – Defines any commands that should be executed before user
logout.
Global user Profile:
/etc/bashrc – Defines functions & Aliases
/etc/profile – Runs only with login shells i.e when you first log in into system.
/etc/profile.d – specifies a directory that contains scripts that are called by the
/etc/profile file.
/etc/login.defs – file controls specifics relating to system-wide user logins and
passwords.
Default User Profile:
While each user is created, default user profile will be created for him. This is
nothing but copying file from /etc/skel directory to his home directory.
Ex: ls –la /etc/skel and ls –la /home/username
GROUP ADMINISTRATION
Group
 In group administration which includes creating, modifying,
deleting group accounts, adding users to group and
removing users from group.
 Group is a collection of users to whom the same
permissions are to be applied.
 There are 2 types of groups
-- Primary
-- Secondary
 A user primary group is defined in the /etc/passwd file and
Secondary groups are defined in the /etc/group file.
 Each user is a member of at least on group, called a primary
group.
 Group Database files
The information regarding the groups are stored in the
following files:-
-- /etc/group
--/etc/gshadow
Content of /etc/group
Group1:x:500:sachin,virat
Group1 – Group name
X – Mask Password
500 – GID
Sachin, virat – secondary members
Content of /etc/gshadow

This file contains the encrypted group password.

Passwords are encrypted using MD5 Algorithm.

Group1:jkgfdsgdsh7dh4hjbsa:admin:sachin,virat

Admin – List of administrative members

Sachin, virat – List of members
Creating a Group

Creating a Group with default options:-

Syntax:
#groupadd <Name for the group>
Ex: groupadd Group1

Creating a Group with user specified options:-

Syntax:
#groupadd <options> <Name for the group>
Options are:
-g – GID
-o -- Override
Ex: groupadd –g 1705 Group1
Modifying a Group

 To Modify the group properties the syntax is

#groupmod <option> <arguments> <group name>

The options are:

-g – to change group id
-o – to override the previous assigned id, if it matches with the
new one
-n – to change the group name

Ex: #groupmod –n <new name> <old name>

Group Membership
To add members (users) to the group the syntaxes are..
To Add Single user to the Group
Syntax:
#usermod –G <group name> <user name>
Ex: #usermod –G Group1 user1
Adding Single or Multiple users to the group with various attributes
Syntax:
#gpasswd <option> <argument> <group name>
Options are:
-M – for adding multiple users to a group
-a -- for adding single user to a group
-A – for Adding a group Administrator
-d – for removing a user from a group
Gpasswd Examples
Syntax:
#gpasswd –M <user> <user> <user> <group>
Ex: gpasswd –M user1 u2 group1 (verify it in /etc/group)

#gpasswd –a user2 group2 (verify it in /etc/group)

Making a user as a Administrator

#gpasswd –A user2 group1 (verify it in /etc/gshadow)

#gpasswd –d user2 group2 (verify it in /etc/group)

Deleting a group
Syntax:
#groupdel <group name>
Note: A group cannot be deleted if it has primary members.
Printing the groups a user is in
Syntax is
#groups [username]
This command displays what groups the given user is a member.
If no username is given, it defaults to the current user.
Ex: # groups
root
Ex: # groups admin
test1 : test2
Graphical Tool

For user and group administration…

#system-config-users &
For Authentication Configuration..
#authconfig-tui

Changing Ownership:-
#chown <user name : group name> <file/dir>

If you only want to change the file's group, run the command:
#chgrp <new group> <filename>
Thank You…