User Administration in Linux
User is nothing but an individual who uses the available Hardware & Software resources
In Red hat linux, there are three different types of users.
Super user (or) root user:
-->The root user account is the equivalent of the administrator (or) Enterprise admin account in the windows world.
- It is the most powerful account on the system and has access to every thing.
---> A system account is similar to a normal user account. The main difference is that system users normally don’t have a home directory and can’t login the way normal users do
- May system users are created or associated with applications or service to help run them more securely.
- For example if we install Apache it will create as user apache. These kinds of users are known as system users.
---> Normal users are the users created by the root user. They are normal users like Rahul, sara, Raju----- etc.
- Normal user accounts have no write access to anything on the system except their home directory (they can reed and explore much of the system, however), which is created when the user account is added
- As an Administrator, you can assign access rights to different files & directories, allowing your users to gain access to different areas of the system (outside their home directory).
Some important points related to user administration:
- Users & Groups are used to control access to files and resources.
- Users login to the system by supplying their username & password
- Every file on the system is owned by a user and associated with a group.
- Every process has an owner and group affiliation, and can only access the resources owner or group can access.
- Every user of the system is assigned a unique user ID number.
- Users name and UID are stored in /etc/ passwd.
- Users password is stored in /etc/shadow in encrypted form
- Users are assigned a home directory and a program that is run when they login (usually a shell).
- Users can’t read, write or Execute each other’s files without permissions.
Types of users in Linux & their attributes:-
|System user||ftp, ssh, nobody||1-499||1-499||/var/ftp|
|Normal user||Visitor, sara||500-60,000||500-60,000||/home/user|
Whenever a user is created in Linux things created by default:
A home directory is created (/home/username)
A mail box is created (/var/spool mail)
Unique UID & GID are given to user.
User private Group(UPG):-
In Red Hat linux uses user private Group (UPG) schema. According to UPG scheme, you create the any user account, the user consists the primary group with same name and same ID.
---> For Example if a user is created with the name Raju, then a primary group of that user will be raju only.
---> The user information maintained by the two data base files:
(a) /etc/passwd: à This file maintains user related information.
Syn: <username> : <password> :<UID>: <GID> : <comments> : <Homedir> : <shell>
(b) /etc/shadow: à This file maintains user related password information
Syn: <username> : <encrypted password> : <last passwd change> : <min>: <max> : <warn> : <inactive> : expires> : <not used>
Complexity Requirements of password in linux:-
A root user can change password of self and any user in the system, there are no rules for root to assign a password. Root can assign any length of password either long or short, it can be alphabet or numeric or both on the whole there is no limitation for root for assigning a password.
A normal user can change only its password. Valid password for a normal user should add here to the following rules.
It should be at least 7 characters but not more than 255 character
At least one character should be upper case.
At least one character should be lower case.
At least one character should be a symbol and number.
It should not match the previous password
The login name and the password can’t be same.
To manage user accounts, you can use the following Linux commands
Useradd:- create user (or) system accounts.
Syn: Useradd [options] LOGIN
Options: -U userid
-e Expire –Date
-r Creates a system account
-d Home directory
-g primary group id
-G Secondary group id
Ex: Create a user in linux
- To check the user you just created
# cat /etc/passwd/grep raju
- Let’s create a user with our own attributes
# useradd –u 555 –c “linux user” -d /opt/india –s /bin/sh india
- To check the user:
#cat/etc passwd/ grep india
Tip:- As a good practice, you should provide a label or some description for each account; otherwise, after time, you will forget what it is for.
User mod:- Modifies user accounts.
Syn: User mod [options] LOGIN
Note:- All the options which are used with user add command can be used and,
-l To change login name
-L To Lock account
-U To unlock account
Ex: à Changing the name of the user
#usermod -l newname oldname
- To lock the user account
# Usermod -L Username
- To unlock the user account
#usermod -U username
Note: When an account is locked it will show ! (Exclamation mark) in /etc/shadow file.
Userdel: Removes a user or system account.
Syn: Userdel [options] LOGIN
-f forces deletion of the user even if he’s still loged in.
-r Removes the user’s home directory and mail spool.
Ex: #userdel username
Desired to gain proficiency on Linux? Explore the blog post on Linux training to become a pro in Linux.
Passwd: Sets a password or resets a password for a user account
Syn: passwd [options] [LOGIN]
-l à Locks a user’s account
-u à Unlocks a user’s account
Ex: #passwd raju
- Let’s look at how the password files work
Enables you to modify the parameters surrounding passwords surrounding passwords (complexity, age, expiration)
Syn: Chage [options] user
-d Indicates the day the password was last changed.
-E Sets the account expiration date
-I change the password in an inactive state after the account expires.
-l shows account aging information.
-m sets the minimum number of days between password Change
-M Sets the maximum number of days a password is valid.
-W Sets the number of days to warn before the password expires.
Ex: Find the user’s password information
#chage –l user
- Sets user account to expire in one week
#chage –E 2013-03-28 raju
PWCK: verifies the consistency of password across database files.
- When you create or delete users, sometimes things don’t always work out properly. This can cause the password file to become inconsistent you can use the pwck command to verify the consistency between the /etc/passwd & /etc/shadow file
For indepth understanding of Linux click on