In This article, we will see how user and group administration are done in Linux. We will see we can create new users, modify them, change passwords and even work with groups.
1. Create User
In order to create a user, we can use “adduser” or “useradd” like
useradd <U Name> or adduser <U Name>
Provide Password to the User
passwd <U Name>
Ex:
[root@vx111a ~]# useradd jagadesh
[root@vx111a ~]# passwd jagadesh
Changing password for user jagadesh.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
We can see once the password is set for the user name, it says successfully.
Once the user is created, the newly created user information is updated in the database file in Linux which is located in /etc.The name of the file is passwd.Similarly the password information for that user is stored in /etc/shadow file. So whenever a user is created ,the information regarding user is stored in /etc/passwd, password information in /etc/shadow, group information to which the user belongs is stored in /etc/group, the newly created user home directory will be /home/<User Name>(jagadesh).
Let’s see what the passwd file contains, search for jagadesh in the /etc/passwd file like
[root@vx111a ~]# cat /etc/passwd | grep jagadesh
jagadesh:x:614:618::/home/jagadesh:/bin/bash
The above line says that
- Jagadesh : user name
- X: points to the password in the shadow file
- 614: User ID
- 618: Primary group ID
- /home/jagadesh: home directory location for user name jagadesh
- /bin/bash: shell assigned to the user jagadesh
The default values for the user add are available in
[root@vx111a ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
The same results can be seen using “useradd –D”.
For every user we create a new user id will be generated which range starts from 500.Initially when we install the Linux OS , a few users for the services are created which user id range from 1-500.The administrator(root) will have the user ID as “0”.
Let’s see what the shadow file says, search for the user jagadesh in /etc/shadow like
[root@vx111a ~]# cat /etc/shadow | grep jagadesh
jagadesh:$1$9Z4JqSTU$PJZwWJxKhmm22tbKVqZsJ1:15179:0:99999:7:::
The above line says that
- jagadesh : User Name
- $1$9Z4JqSTU$PJZwWJxKhmm22tbKVqZsJ1: password for the user
- 15179: The number of days since the password was last changed since 1970
- 0:The number of days since the password may change(0 says anytime it may change)
- 99999: maximum number of days for a password, after this the user is forced to change his password.
- 7:grace period(this days says about warn for the password modification, password expires in 7 days)
- The number of days after password expires that account is disabled(see that there are 2 more colons are the end, which h says about two more options)
- Days since the account is disabled
Now let’s see the group information, search for user jagadesh in /etc/group like
[root@vx111a ~]# cat /etc/group | grep jagadesh
jagadesh:x:618:
For every user created, a group is also created which contains various information about to which group the user belongs, his primary group information, secondary group information and group password information. The above line says that
jagadesh:x:618:
- jagadesh : Group name
- x:password for group
- 618:Primary group ID
- The last column says about the secondary groups that the user may belong.
Now search the gshadow file for the user jagadesh like
[root@vx111a ~]# cat /etc/gshadow | grep jagadesh
jagadesh:!::
The format of the gshadow file looks like
- Jagadesh : <group name>
- !:says that the password is not set
- The third one says about the group administrators who has the ability to add or remove users to group
- The fourth one says about the group users
So these are the important files that get modified whenever a user is created.
Let’s see some other ways of creating a user and assigning a password to user
Password for an already existing user
Password for a already existing user, say that we have a user kiran and we need to ask him for the password ,for this we can use the passwd command to ask him enter his choice of password. If we have the password for that user we can create the password for kiran like (if you are the root)
[root@vx111a ~]# echo "kiran12345" | passwd --stdin "kiran"
Changing password for user kiran.
passwd: all authentication tokens updated successfully.
Create multiple users at the same time
There may be many cases where we require creating multiple users at a same time, for this purpose we have the newusers command. We use this like
First create a text file with new users and passwords (the file should be in the /etc/passwd format) like
vi sample (enter the below content, make sure that there are no blank lines else they will also gets read and thrown an error as invalid line)
baby1:baby1baby1:1017:1021:Student Account:/home/baby1:/bin/bash
baby2:baby2baby2:1018:1022::/home/baby2:/bin/bash
baby3:baby3baby3:1019:1023::/home/baby3:/bin/bash
Once entered save the file and give the permission to the file as
chmod –R 600 sample
Now let’s use newusers command as
newusers <location of the file>
ex:newusers /root/sample
Confirm the users by checking in the /etc/passwd file.
Now let’s see the various working with useradd (or) adduser
Comment a new user with adduser command like
adduser -c "welcome to sam" sam
[root@vx111a ~]# cat /etc/passwd | grep sam
sam:x:615:619:welcome to sam:/home/sam:/bin/bash
By default every user is given with a bash shell when the user gets created. If we want to assign with a new shell we can use
[root@vx111a ~]# useradd -s /bin/ksh sam
[root@vx111a ~]# cat /etc/passwd | grep sam
sam:x:615:619::/home/sam:/bin/ksh
If we don’t know how many shells are available, check /etc/shells like
[root@vx111a ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/ksh
/bin/zsh
If we need to check the current shell,
[root@vx111a ~]# echo $SHELL
/bin/bash
User Modification
Once we are done with user creation, let’s see how we can modify an existing user.
Usermod: Linux has usermod command which allows us to modify already existing user.
If we need to modify the comment on user ‘sam’ use
usermod -c "welcome to hell" sam
[root@vx111a ~]# cat /etc/passwd | grep sam
sam:x:615:619:welcome to hell:/home/sam:/bin/bash
Lock & UN lock: we can user usermod to lock and unlock users like
[root@vx111a ~]# cat /etc/shadow | grep sam
sam:$1$QE4k5b/u$udPa/gdXBlt.TIna21yWR.:15179:0:99999:7:::
[root@vx111a ~]# usermod -L sam
[root@vx111a ~]# cat /etc/shadow | grep sam
sam:!$1$QE4k5b/u$udPa/gdXBlt.TIna21yWR.:15179:0:99999:7:::
[root@vx111a ~]# usermod -U sam
[root@vx111a ~]# cat /etc/shadow | grep sam
sam:$1$QE4k5b/u$udPa/gdXBlt.TIna21yWR.:15179:0:99999:7:::
See that the once the usermod –L sam is executed, the shadow file is updated with a “!’ in the beginning of the password which indicated that the account is locked and the user can work with it only once it is unlocked. The unlock can be done by
Usermod –U sam
Password Management
Once a user is created and if we need to modify any options already given to a password we can use chage command. If we need to see the password options for a user we can use
[root@vx111a ~]# chage -l sam
Last password change : Jul 24, 2011
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
You can see how we can get various information regarding the password of a given user.
If we need to update this information we can use
[root@vx111a ~]# chage sam
Changing the aging information for sam
Enter the new value, or press ENTER for the default
Minimum Password Age [0]:
Maximum Password Age [99999]: 1
Last Password Change (YYYY-MM-DD) [2011-07-24]:
Password Expiration Warning [7]: 0
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
If we press enter without any value, it takes the default one given in sq brackets.
Check the values whether they are updated or not like
[root@vx111a ~]# chage -l sam
Last password change : Jul 24, 2011
Password expires : Jul 25, 2011
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 1
Number of days of warning before password expires : 0
Generally in organization environment, users are normally created by administrator (root).so when a user is created ,we should make sure that the user should change his password once he log in to his account for the first time. let’s see how we can do this
First Lock the user using,
[root@vx111a ~]# usermod -L jagadesh
You have new mail in /var/spool/mail/root
Change the password expiry date to 0, which means the user should change the password once he login in the first time password
[root@vx111a ~]# chage -d 0 jagadesh
Un locks the user account
[root@vx111a ~]# usermod -U jagadesh
Now once you login in to the user, it asks for the password modification like,
[sam@vx111a ~]$ su -l jagadesh
Password:
You are required to change your password immediately (root enforced)
Changing password for jagadesh
(current) UNIX password:
Let’s says we need to lock account if password is not changed after 10 days
Chage –T 10 sam
ID
We have one more command “id” by which we can get various information about the currently logged in user like
Simple “id” gets the current user information
[root@vx111a ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[jagadesh@vx111a ~]$ id
uid=614(jagadesh) gid=618(jagadesh) groups=618(jagadesh)
[jagadesh@vx111a ~]$
Print the Group name to which the user belongs
[root@vx111a ~]# id -g -n root
Root
Print the secondary group name to which the user belongs
[root@vx111a ~]# id -g -n jagadesh
jagadesh
Delete User
The last step is delete the users available by using the userdel command like
Userdel <username>
Ex:userdel jagadesh (deletes the user from the database file)
Userdel –rf jagadesh(deletes the complete user details ,like user home directory e.t.c)
Group Administration
Since we are done with the users, let’s see how we can create groups; add users to them and other options. There are 2 types of groups in Linux
Primary Group: every user will be given a primary group. This is mandatory group for a user
Secondary Group: a user may or may not be with a secondary group.
Total group a user can register is 16[1 Primary and 15 secondary]
Add Group:
To create a group use “groupadd” command like
Ex: groupadd SamSecond
Once we add the group, check /etc/group like cat /etc/group | grep sam
newgrp: If we need to login into a new group , we can use newgrp command like
[root@vx111a ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@vx111a ~]# newgrp samGroup
[root@vx111a ~]# id
uid=0(root) gid=627(samGroup) groups=0(root), 1(bin), 2(daemon), 3(sys), 4(adm), 6(disk), 10(wheel), 627(samGroup)
Modify Group: In order to modify group, we can use
[root@vx111a ~]# groupmod -n samSecond samGroup
[root@vx111a ~]# cat /etc/group | grep sam
sam:x:624:
dick:x:626:sam
samSecond:x:627:
Delete Group: to delete a group we gave “groupdel” like
[root@vx111a ~]# groupdel samSecond
[root@vx111a ~]# grep sam /etc/group
sam:x:624:
dick:x:626:sam
gpasswd: this command is used in performing various operations on groups like adding users to group, removing them, adding groups to users
To add users to group
[root@vx111a ~]# gpasswd -a jagadesh samSecond
Adding user jagadesh to group samSecond
Once done, login into jagadesh to see the new group details like,
[root@vx111a ~]# su -l jagadesh
i[jagadesh@vx111a ~]$ id
uid=614(jagadesh) gid=618(jagadesh) groups=618(jagadesh),627(samSecond)
Remove user from groups
[root@vx111a ~]# gpasswd -d jagadesh samSecond
Removing user jagadesh from group samSecond
Login into jagadesh and check like
[jagadesh@vx111a ~]$ id
uid=614(jagadesh) gid=618(jagadesh) groups=618(jagadesh)
add multiple users
gpasswd –M user1,user2 <group Name>
add multiple groups to a user
gpasswd –G gname1,gname2 –a <user Name>
additional:
If we need to list the groups that user belongs, use
groups <user Name>
So More articles to come. Happy Coding …J