User Administration in Linux

  • User is nothing but an individual who uses the available Hardware & Software resources
  • In Red hat Linux, there are three different types of users.

Superuser (or) root user:

-->The root user account is the equivalent of the administrator (or) Enterprise admin account in the windows world.

  • It is the most powerful account on the system and has access to everything.

System users:

---> A system account is similar to a normal user account. The main difference is that system users normally don’t have a home directory and can’t log in the way normal users do

  • May system users are created or associated with applications or services to help run them more securely.
  • For example, if we install Apache it will create as user apache. These kinds of users are known as system users.

Normal user’s:

---> Normal users are the users created by the root user. They are normal users like   Rahul,  sara, Raju----- etc.

  • Normal user accounts have no write access to anything on the system except their home directory (they can reed and explore much of the system, however), which is created when the user account is added
  • As an Administrator, you can assign access rights to different files & directories, allowing your users to gain access to different areas of the system (outside their home directory).

Some important points related to user administration:

  • Users & Groups are used to control access to files and resources.
  • Users login to the system by supplying their username & password
  • Every file on the system is owned by a user and associated with a group.
  • Every process has an owner and group affiliation, and can only access the resources owner or group can access.
  • Every user of the system is assigned a unique user ID number.
  • Users name and UID are stored in /etc/ passwd.
  • Users password is stored in /etc/shadow in encrypted form
  • Users are assigned a home directory and a program that is run when they login (usually a shell).
  • Users can’t read, write, or Execute each other’s files without permission.

Types of users in Linux & their attributes:-  

TypeExampleUIDGIDHome Directory
SuperuserRootʘʘ/root
System userftp, ssh, nobody1-4991-499/var/ftp
Normal userVisitor, sara500-60,000500-60,000/home/user

Whenever a user is created in Linux things created by default:

  • A home directory is created (/home/username)
  • A mailbox is created (/var/spool mail)
  • Unique UID & GID are given to user.

User private Group(UPG):-

In Red Hat, Linux uses user private Group (UPG) schema. According to the UPG scheme, you create any user account, the user consists of the primary group with the same name and same ID.

---> For Example if a user is created with the name Raju, then a primary group of that user will be raju only.  

The user information maintained by the two database files:

(a)   /etc/passwd: à This file maintains user-related information. Syn:  <username> : <password> :<UID>: <GID> : <comments> : <Homedir> : <shell>

(b)  /etc/shadow: à This file maintains user-related password information

Syn: <username> : <encrypted password> : <last passwd change> : <min>: <max> : <warn> : <inactive> : expires> : <not used>

Complexity Requirements of password in linux:-

A root user can change the password of self and any user in the system, there are no rules for root to assign a password. The root can assign any length of password either long or short, it can be an alphabet or numeric or both, on the whole, there is no limitation for root for assigning a password.

A normal user can change only its password. A valid password for a normal user should add here to the following rules.

  • It should be at least 7 characters but not more than 255 characters
  • At least one character should be upper case.
  • At least one character should be lower case.
  • At least one character should be a symbol and number.
  • It should not match the previous password
  • The login name and the password can’t be the same.

User Administration

To manage user accounts, you can use the following Linux commands

User add:- create user (or) system accounts.

Syn: Useradd [options] LOGIN

Options:        

  • U        userid
  • c         comment
  • e         Expire –Date
  • s         SHELL
  • r         Creates a system account
  • d         Home directory
  • g         primary group id
  • G        Secondary group id

Ex: Create a user in linux

#useradd raju

  • To check the user you just created

# cat /etc/passwd/grep raju

  • Let’s create a user with our own attributes

# useradd –u 555 –c “linux user”  -d /opt/india –s /bin/sh india

  • To check the user:

#cat/etc passwd/ grep india

Tip:- As a good practice, you should provide a label or some description for each account; otherwise, after time, you will forget what it is for.

User mod:- Modifies user accounts.

Syn: User mod [options] LOGIN

Note:- All the options which are used with the user add command can be used and,

  • l To change the login name
  • L To Lock account
  • U To unlock the account

Ex: à Changing the name of the user

#usermod       -l newname oldname

  • To lock the user account

# Usermod      -L Username

  • To unlock the user account

#usermod       -U username

Note:  When an account is locked it will show! (Exclamation mark) in /etc/shadow file.

Userdel:  Removes a user or system account.

Syn:  Userdel [options] LOGIN

  • f          forces deletion of the user even if he’s still logged in.
  • r         Removes the user’s home directory and mail spool.

Ex: #userdel username

Inclined to build a profession as Linux Developer? Then here is the blog post on, explore Linux Training

Passwd: Sets a password or resets a password for a user account

Syn: passwd [options] [LOGIN] -l à Locks a user’s account -u à Unlocks a user’s account

Ex: #passwd raju

  • Let’s look at how the password files work

#cat/etc/shadow/grep raju

Chage:

Enables you to modify the parameters surrounding passwords (complexity, age, expiration)

Syn: Chage [options] user

  • d         Indicates the day the password was last changed.
  • E         Sets the account expiration date
  • I          change the password in an inactive state after the account expires.
  • l          shows the account of aging information.
  • m        sets the minimum number of days between password Change
  • M       Sets the maximum number of days a password is valid.
  • W       Sets the number of days to warn before the password expires.

Ex: Find the user’s password information #chage –l user

  • Sets user account to expire in one week

#chage –E 2013-03-28 raju  

PWCK: verifies the consistency of passwords across database files.

  • When you create or delete users, sometimes things don’t always work out properly. This can cause the password file to become inconsistent you can use the pwck command to verify the consistency between the /etc/passwd & /etc/shadow file

#pwck

For an in-depth understanding of Linux click on