Linux User Group Administration


Inroduction

In this tutorial, let`s discuss about the user and group administration on Linux operating system.

1. Login to Linux server as root.

2. To add a user: we use useradd command.

[root@localhost ~]# useradd testuser1
                    

3. After the useradd command gets executed a directory will be created under /home directory on the Linux File System.

[root@localhost ~]# ls /home/
lost+found testuser1 togotutor
                    

4. By default, when a user is created; it automatically adds the user to the /etc/passwd file. The passwd file is going to look like:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
smolt:x:999:998:Smolt:/usr/share/smolt:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
colord:x:998:996:User for colord:/var/lib/colord:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:997:995::/var/lib/chrony:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
pulse:x:996:994:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
togotutor:x:1000:1000:James Anderson:/home/togotutor:/bin/bash
testuser1:x:1001:1001::/home/testuser1:/bin/bash
                    

An entry for newly created user will be added at the end of the /etc/passwd file. Each value within the entry can be defined as follows:

Shadow Password File










5. Next, unlock the user with the passwd command.

[root@localhost ~]# passwd testuser1
Changing password for user testuser1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
                    

After unlocking the user and assigning the password to the user with username 'testuser1'.

Next is to look at the /etc/group file. Command cat /etc/group command will print the content of the file onto the console.

Shadow Group File












The username is identical to the group name and therefore is known as user private group.

In a typical scenarios there`s a group and multiple users are assigned to that group. Here`s the command to create a group in Linux groupadd command

[root@localhost ~]# groupadd togotutortester
                    

groupadd command creates a group named togotutortester as mentioned above. An entry for newly created group will be added at the end of the /etc/group file.

togotutortester:x:1003: (where togotutortester=groupname | x: shadow file reference | 1003: GroupID)

cd /home;mkdir togotutortester
                    

Next, create another user with username testuser3 and assign it to the togotutortester group.

[root@localhost home]# useradd -c “Togotutor Tester User” -d /home/togotutortester/testuser3 -m testuser3
[root@localhost home]# ls /home/togotutortester/
[root@localhost home]# testuser3
                    

usermod command can be used to modify a user.

usermod testuser3 -g togotutortester

Where, username testuser3 is assigned to the primary group.

Next, execute the passwd command to provide some password to the testuser3, after the password is all set for testuser3. Try logging in to the server.

username: testuser3
password: **********
                    

Linux Successful Access


















Perfect, it worked, login is successful. This ends the section on how to create user and groups on Linux operating system.

Next, section will be about on how to delete/remove a user and group on Linux operating system.

groupdel command can be used to remove a group.

groupdel testuser3
                    

userdel command can be used to delete a user.

userdel testuser2
                    

There is a file named login.defs file under the /etc folder which controls the behavior of the tools from the shadow-utils component.

For example; password aging control options can be modified within this file:

# Password aging controls:
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
Or, if you want to encrypt the password or not:
# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512
MD5_CRYPT_ENAB not.
                    

User and Group Administration on Linux Operating System : Completed