User and Group Management¶
Commands for User Management¶
Commands for user management:
| Command | Description |
|---|---|
sudo |
Execute command as a different user |
su |
The su utility requests appropriate user credentials via PAM and switches to that user ID |
useradd |
Creates a new user or update default user information |
userdel |
Deletes a user account and related files |
usermod |
Modifies a user account |
addgroup |
Adds a group to the system |
delgroup |
Removes a group from the system |
passwd |
Changes user password |
chage |
Changes user password expiration date |
gpasswd |
Change the password or membership of groups |
Creating and modifying users¶
useradd username # Add a new user
usermod -aG groupname username # Add user to a supplementary group
userdel username # Delete a user account
passwd username # Set or change password for a user
groupadd groupname # Add a new group
groupdel groupname # Delete a group
id username # Display user and group IDs
whoami # Display your current username
su - username # Switch to another user account
sudo command # Run command as superuser (or another user)
Permissions and ownership¶
ls -l filename # View file permissions
chmod 644 file # Change permissions (owner=read/write, group=read, others=read)
chown user:group file # Change owner and group of a file
chgrp groupname file # Change the group ownership of a file
umask 022 # Set default file permissions for new files
Creating a New User¶
To create a new user using commands, use useradd:
Setting a Password for the New User¶
Use the passwd command to set a user password:
Then check that the entry was added to /etc/passwd:
- The
passwordfield usually has anx(if a password exists). - The
UIDandGID(user/group ID) fields are assigned automatically. - The
GECOSfield stores information about the user. home_diris usually/home/username.- The
login_shellis/bin/bashfor users.- Set to
/sbin/nologinto not allow the user to login with bash.
- Set to
When a user is created, the default files are pulled from /etc/skel and put in the
new user's home directory.
Example of Creating a New User and Home Directory¶
-mcreates the home directory if there isn't one already.-d /custom/home/dirspecifies the home directory for the new user.-s /bin/bashsets the login shell for the user to/bin/bash.
User Files¶
Main user files:
/etc/passwd-
Users are stored in this file as:
- The
passwordfield usually has anx(if a password exists). -
/etc/group- Groups are stored in this file as:
- Groups are stored in this file as:
-
Just like
/etc/passwd, thepasswordfield usually has anx(if a password exists). /etc/shadow- Stores encrypted password hashes and password aging information.
- Accessible only by privileged users (e.g.,
root).
/etc/gshadow- Stores secure group information, such as group passwords and group administrators.
/etc/login.defs- Contains system-wide settings for user and group creation, password policies, and other login-related configurations.
/etc/skel- Contains default files that are copied to a new user's home directory when it's created.
/etc/sudoersand/etc/sudoers.d/- Config files for managing sudo permissions.
- The
-
Permissions:
-rw-r--r--. 1 root root 3435 Oct 17 16:59 /etc/passwd
-rw-r--r--. 1 root root 1399 Oct 17 16:59 /etc/group
----------. 1 root root 614 Jul 8 01:06 /etc/shadow
----------. 1 root root 361 Jul 6 05:16 /etc/gshadow
-rw-r--r--. 1 root root 7778 Oct 30 2023 /etc/login.defs
Passwords are hashed into /etc/shadow based on the algo in /etc/login.defs.
They're never stored in /etc/passwd.
The Shadow Password Suite¶
Four files compromise the shadow password suite.
/etc/passwd/etc/group/etc/shadow/etc/gshadow
One other file is used to store the hashing algorithm:
/etc/login.defs