Introduction: Managing users and groups on a Linux system is fundamental for system administrators to control access permissions, ensure security, and facilitate effective resource management. This module covers creating, modifying, and deleting user accounts, implementing password management policies, and administering groups.
1. Manipulating User Accounts
Introduction and Fundamentals: User accounts are essential for identifying and authenticating individuals accessing the system. Each user account is associated with a username (login name), a unique user ID (UID), a primary group ID (GID), and optionally, additional supplementary groups. Manipulating user accounts involves creating new users, modifying existing accounts, and deleting accounts that are no longer needed.
Commands:
- Create a User (useradd):
useradd <username>
This command adds a new user to the system with default settings. It creates a home directory (/home/<username> by default), assigns a UID and GID, and sets the default shell specified in /etc/default/useradd.
- Modify User Account (usermod):
usermod <options> <username>
usermod modifies user account attributes such as the username, home directory path, default shell, user ID (UID), and group ID (GID). Options include -d for changing the home directory, -s for changing the login shell, and -g for changing the primary group.
- Delete a User (userdel):
userdel <username>
userdel removes a user account from the system, along with their home directory and mailbox if specified. It does not remove files owned by the user in other locations unless the -r option is used to remove the home directory recursively.
- View User Details (id):
id <username>
id displays information about a user, including their UID, GID, and supplementary group memberships. It provides a quick overview of the user’s access permissions and group associations.
2. Password Management and Aging
Introduction and Fundamentals: Password management involves setting policies that enforce security standards for user passwords. This includes configuring password complexity rules, expiration dates, and restrictions on password reuse to protect against unauthorized access.
Commands:
- Set Password (passwd):
passwd <username>
passwd allows users (or administrators) to set or change passwords. It prompts for the new password and verifies its strength according to system-defined password policies.
- Password Aging Policies (chage):
- Set Password Expiry Date:
chage -E <date> <username>
chage sets the expiration date for a user’s password. The -E option specifies the date in YYYY-MM-DD format when the password will expire.
- Set Password Inactivity Period:
chage -I <days> <username>
chage sets the number of days of inactivity allowed before a password expires. The -I option specifies the number of days after password expiration until the account is locked.
- View Password Aging Information:
chage -l <username>
chage displays the current password aging information for a user, including password expiration date, inactivity period, and other related settings.
3. Managing Groups
Introduction and Fundamentals: Groups are collections of user accounts that share common permissions and privileges. Group management involves creating new groups, modifying group attributes, adding or removing users from groups, and deleting groups that are no longer needed.
Commands:
- Create a Group (groupadd):
groupadd <groupname>
groupadd creates a new group with the specified group name. It assigns a unique group ID (GID) and adds the group to the system’s group database (/etc/group).
- Modify Group (groupmod):
groupmod <options> <groupname>
groupmod modifies group attributes such as the group name or GID. Options include -g for changing the GID and -n for renaming the group.
- Delete a Group (groupdel):
groupdel <groupname>
groupdel deletes a group from the system. It removes the group entry from /etc/group and any files or directories that had the group as their primary group.
- Add User to a Group (usermod):
usermod -aG <groupname> <username>
usermod adds a user to a specified group. The -aG options append the user to the supplementary group list (/etc/group) without affecting their primary group.
- Remove User from a Group (gpasswd):
gpasswd -d <username> <groupname>
gpasswd removes a user from a specified group. The -d option deletes the user from the group’s membership list in /etc/group.
Additional Points
- Each command includes a detailed description of its purpose and usage, providing comprehensive insights into how to perform specific tasks related to user and group management effectively.
- Understanding user and group management is critical for maintaining system security, organizing user access permissions, and facilitating efficient resource management.
- Practical examples and scenarios enrich comprehension and facilitate practical application of knowledge in real-world Linux environments.
This study material provides a deep and comprehensive understanding of managing users and groups within a Linux environment, covering theoretical concepts and practical command usage in detail.
