Information Technology College of HoChiMinh city Faculty of Information Technology Course: Fundamentals of Linux OS Unit Managing Users and Groups Lecturer: Võ Tấn Dũng votandung@yahoo.com http://sites.google.com/site/votandungsg/ What Users and Groups Are • The user of the system is an account identified by a unique numerical identification number called user ID (UID) • Users within a group can have read permissions, write permissions, execute permissions or any combination of read/write/execute permissions for files owned by that group • A group is an organization unit tying users together for a common purpose, which can be reading permissions, writing permission, or executing permission for files owned by that group • Similar to, UID, each group is associated with a group ID (GID) VÕ TẤN DŨNG Owner and group owner of a file • Each member of the system is a member of at least one group, a primary group A supplementary group is an additional group for accessing files owned by this group • Red Hat Enterprise Linux reserves user and group IDs below 500 for system users and groups • A user who creates a file is also the owner and primary group owner of that file • The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else • The file owner can be changed only by root, and access permissions can be changed by both the root user and file owner VÕ TẤN DŨNG Relating files of user and group • These files are readable only by the root user • The files affected include /etc/passwd which stores user accounts information • And /etc/shadow, which stores secure user account information • With a group, the files affected include /etc/group which stores group account information • And /etc/gshadow, which stores secure group account information VÕ TẤN DŨNG Managing Users via Command-Line Tools VÕ TẤN DŨNG Creating Users • The useradd utility creates new users and adds them to the system Following the short procedure below, you will create a default user account with its UID, automatically create a home directory where default user settings will be stored, /home/username/, and set the default shell to /bin/bash Command Format useradd username • By setting a password unlock the account to make it accessible Type the password twice when the program prompts you to Command Format passwd VÕ TẤN DŨNG Creating a User with Default Settings • Example: ~]# useradd robert ~]# passwd robert Changing password for user robert New password: Re-type new password: passwd: all authentication tokens updated successfully • If you run cat /etc/passwd to view the content of the /etc/passwd file, you can learn more about the new user from the line displayed to you: robert:x:502:502::/home/robert:/bin/bash VÕ TẤN DŨNG Creating a User with Default Settings (cont.) robert:x:502:502::/home/robert:/bin/bash • • • • • robert has been assigned a UID of 502 GID=502, group ID of User Private Group, equals to UID The home directory is set to /home/robert and login shell to /bin/bash The letter x signals that shadow passwords are used and is stored in /etc/shadow VÕ TẤN DŨNG Change the basic default setup for the user • If you want to change the basic default setup for the user while creating the account, you can choose from a list of command-line options modifying the behavior of useradd • You can add one or more options: Command Format useradd [option(s)] username VÕ TẤN DŨNG Specifying a User's Full Name when Creating a User • As a system administrator, you can use the -c option to specify, for example, the full name of the user when creating them Use -c followed by a string, which adds a comment to the user: Command Format useradd -c "string" username ~]# useradd -c "Robert Smith" robert ~]# cat /etc/passwd robert:x:502:502:Robert Smith:/home/robert:/bin/bash A user account has been created with user name robert, sometimes called the login name, and full name Robert Smith VÕ TẤN DŨNG Move the user's home directory • With the usermod command you can also move the content of the user's home directory to a new location, or lock the account by locking its password ~]# usermod -m -d /home/jane -L jane • In this sample command, the -m and -d options used together move the content of jane's home directory to the /home/dir_3 directory • The -L option locks the access to jane's account by locking its password VÕ TẤN DŨNG Switching temporarily to another user • To temporarily become another user without logging out the current user, we can use the su command: Command Format su switching-username • If no switching-username, then the default switchingusername, user root, is used • When you use the su command, the system will ask to enter the password of switching-username • who command: show who are logged in your Linux system VÕ TẤN DŨNG View information of a user • The following command allows to view information about a user: Command Format id [options] username Some options for this command: -g: show the main group that contains this user -u: only display the UID of the this user -G: displays all groups that the user is a member VÕ TẤN DŨNG Deleting Users • If you want to remove a user account from the system, use the userdel command on the command line as root userdel username • Combining userdel with the -r option removes files in the user's home directory along with the home directory itself userdel -r username VÕ TẤN DŨNG Managing Groups via Command-Line Tools VÕ TẤN DŨNG Creating Groups • Groups are a useful tool for permitting co-operation between different users • There is a set of commands for operating with groups such as groupadd, groupmod, groupdel, or gpasswd • The files affected include /etc/group which stores group account information and /etc/gshadow, which stores secure group information • To add a new group to the system with default settings, the groupadd command is run at the shell prompt as root Command Format groupadd [option(s)] groupname VÕ TẤN DŨNG Creating a Group with Default Settings ~]# groupadd friends • This groupadd command creates a new group called friends You can read more information about the group from the newly-created line in the /etc/group file: friends:x:505: • Automatically, the group friends is attached with a unique GID (group ID) of 505 and is not attached with any users • Optionally, you can set a password for a group by running: gpasswd groupname VÕ TẤN DŨNG Creating a Group with Specified GID groupadd -g GID • If you want to specify the numerical value of the group's ID (GID) when creating the group, run the groupadd command with the -g option • Remember that this value GID must be unique • The command below creates a group named schoolmates and sets GID of 60002 for it: ~]# groupadd -g 60002 schoolmates • When used with -g and GID already exists, groupadd refuses to create another group with existing GID VÕ TẤN DŨNG Create a system group • You may also create a system group by attaching the -r option to the groupadd command • System groups are used for system purposes, which practically means that GID is allocated from to 499 within the reserved range of 999 groupadd -r group_name VÕ TẤN DŨNG Attach, remove Users to/from Groups • If you want to add an existing user to the named group, you can make use of the gpasswd command gpasswd -a username which_group_to_edit • To remove a user from the named group, run: gpasswd -d username which_group_to_edit • To set the list of group members, write the user names after the members option dividing them with commas and no spaces: gpasswd members username_1,username_2 group_to_edit VÕ TẤN DŨNG Add group administrators • A group administrator can add and delete users as well as set, change, or remove the group password • A group can have more than one group administrator • The root user can add group administrators with the command: gpasswd -A users groupname • where users is a comma-separated list of existing users you want to be group administrators (without any spaces between commas) VÕ TẤN DŨNG Change, remove a group's password • For changing a group's password, run the gpasswd command with the relevant group name You will be prompted to type the new password of the group gpasswd groupname ~]# gpasswd crowd Changing password for group crowd New password: Re-enter new password: The password for the group crowd has been changed • You can also remove the password from the named group by using the -r option gpasswd -r schoolmates VÕ TẤN DŨNG Modifying Group Settings • When a group already exists and you need to specify any of the options now, use the groupmod command The logic of using groupmod is identical to groupadd as well as its syntax: groupmod option(s) groupname • To change the group ID of a given group, use the groupmod command in the following way: groupmod -g GID_NEW which_group_to_edit • To change the name of the group, run the following on the command line The name of the group will be changed from GROUP_NAME to NEW_GROUP_NAME name groupmod -n new_groupname groupname VÕ TẤN DŨNG Deleting Groups • The groupdel command modifies the system account files, deleting all entries that refer to the group The named group must exist when you execute this command groupdel groupname VÕ TẤN DŨNG END OF UNIT • remember to your homework (see http://sites.google.com/site/votandungsg/) VÕ TẤN DŨNG ... Format useradd -e YYYY-MM-DD username ~]# useradd -e 201 5-1 1-0 5 emily The account emily will be created now and automatically disabled on November, 2015 VÕ TẤN DŨNG Adding a User with Non-default Shell... userdel with the -r option removes files in the user's home directory along with the home directory itself userdel -r username VÕ TẤN DŨNG Managing Groups via Command-Line Tools VÕ TẤN DŨNG Creating... options for this command: -L: lock an user account -U: Unlock a locked account -l new-user-name: username is changed to the new name -u UID-new: change the user's identification -g: changing group which