User Management In Linux

User Management In Linux

Pranav Jambare's photo
Pranav Jambare
·

4 min read

User Management Includes Below Tasks :

  1. Adding User:
    "useradd" & "adduser" commands are used for creating a new user in Linux
    Sudo permissions are required to create a user
    Create a user :

     [root@ip-172-31-32-5 ec2-user]# useradd testuser
 OR
 [root@ip-172-31-32-5 ec2-user]# adduser testuser1

    Verify the user

     [root@ip-172-31-32-5 ec2-user]# id testuser
 uid=1002(testuser) gid=1002(testuser) groups=1002(testuser)
 [root@ip-172-31-32-5 ec2-user]# id testuser1
 uid=1003(testuser1) gid=1003(testuser1) groups=1003(testuser1)

  2. Deleting User:

    "userdel" command is used for creating a new user in Linux
    "-r" is used for deleting the home directory for the user with user deletion
    Sudo permissions are required to create a user

     [root@ip-172-31-32-5 ec2-user]# userdel testuser
 [root@ip-172-31-32-5 ec2-user]# userdel -r testuser1

    Verify the user

     [root@ip-172-31-32-5 ec2-user]# cd /home/
 ansible/  ec2-user/ testuser/
 #Only "testuser" home directory is present B'coz it was deleted without "-r"

  3. Managing Password Policy :
    A password policy is a set of guidelines for creating, controlling, and managing user passwords.
    You can create your own password policy rules if necessary.
    Fields of /etc/passwd file :

     testuser:x:1002:1002::/home/testuser:/bin/bash

    Where,
    testuser --> Name of the user
    x --> Encrypted password
    1002 --> User-Id of the user
    1002 --> Group-Id of the user
    :: --> Con-name i.e Nickname of the user
    /home/testuser --> Home directory of the user
    /bin/bash --> Default shell of the user

    To check the password policy :*

     [root@ip-172-31-32-5 ec2-user]# chage -l testuser
 Last password change                        : May 14, 2023
 Password expires                            : never
 Password inactive                           : never
 Account expires                             : never
 Minimum number of days between password change   : 0
 Maximum number of days between password change   : 99999
 Number of days of warning before password expires : 7

    How to change the password policy :

     [root@ip-172-31-32-5 ec2-user]# chage -m5 -M30 -W12 -I50 -E 2023-12-12 testuser

    Options in password policy :

     [root@ip-172-31-32-5 ec2-user]# chage -h
 Usage: chage [options] LOGIN

 Options:
   -d, --lastday LAST_DAY        
   -E, --expiredate EXPIRE_DATE  
   -h, --help                    
   -I, --inactive INACTIVE      
   -l, --list                 
   -m, --mindays MIN_DAYS        
   -M, --maxdays MAX_DAYS  
   -R, --root CHROOT_DIR 
   -W, --warndays WARN_DAYS

  4. Change / Restrict User
    To prohibit a user from logging in, we can use the nologin command. It exits with a non-zero status code to signal failure and prints a message. With the -s flag of the usermod command, we can alter a user's login shell.

    No Login To User:

     [root@ip-172-31-32-5 ec2-user]# usermod testuser -s /sbin/nologin

    Verify the changes

     [root@ip-172-31-32-5 ec2-user]# su - testuser
 This account is currently not available.

    Revert the changes to the login

     [root@ip-172-31-32-5 ec2-user]# usermod testuser -s /bin/bash
 [root@ip-172-31-32-5 ec2-user]# su - testuser
 Last login: Sun May 14 19:26:45 UTC 2023 on pts/2
 -bash-4.2$ exit
 logout

    Lock & Unlock the user:

     [root@ip-172-31-32-5 ec2-user]# usermod -L testuser
 [root@ip-172-31-32-5 ec2-user]# usermod -U testuser

  5. Adding Group :
    Groups are a collection of users, we can collectively make a group and provide permission to a group that will be assigned to the members who belong to the group.
    Create a group :

     [root@ip-172-31-32-5 ec2-user]# groupadd testing
 [root@ip-172-31-32-5 ec2-user]# cat /etc/group |grep testing
 testing:x:1003:

    Verify the group

     [root@ip-172-31-32-5 ec2-user]# cat /etc/group |grep testing
 testing:x:1003:

    Add user to a group :

     [root@ip-172-31-32-5 ec2-user]# usermod -G testing testuser

    Verify the user added to the group

     [root@ip-172-31-32-5 ec2-user]# id testuser
 uid=1002(testuser) gid=1002(testuser) groups=1002(testuser),1003(testing)

  6. Deleting Group:
    You can delete the group with the "groupdel" command.
    It is simply used for deleting the created group
    Delete a group :

     [root@ip-172-31-32-5 ec2-user]# groupdel testing

    Verify the deleted group

     [root@ip-172-31-32-5 ec2-user]# cat /etc/group |grep testing
 [root@ip-172-31-32-5 ec2-user]# id testuser
 uid=1002(testuser) gid=1002(testuser) groups=1002(testuser)

  7. Special commands for the user :
    Check the id of the user

     [ec2-user@ip-172-31-32-5 ~]$ id testuser
 uid=1002(testuser) gid=1002(testuser) groups=1002(testuser)

    Change the user-id of the user

     [root@ip-172-31-32-5 ec2-user]#  usermod -u 1008 testuser
 [root@ip-172-31-32-5 ec2-user]# id testuser
 uid=1008(testuser) gid=1002(testuser) groups=1002(testuser)

    Note:
    0- 999 --> Only allocated to the system user
    1000 - 60000 --> Can be allocated to other users

    To change the default user creation configuration, you can modify this file.

     [root@ip-172-31-32-5 ec2-user]# cat /etc/default/useradd
 # useradd defaults file
 GROUP=100
 HOME=/home
 INACTIVE=-1
 EXPIRE=
 SHELL=/bin/bash
 SKEL=/etc/skel
 CREATE_MAIL_SPOOL=yes

Bonus Information :
What are the files impacted when the user is created :

  1. /etc/passwd

  2. /etc/gpasswd

  3. /etc/shadow

  4. /etc/gshadow

  5. /home --> New directory is created with the user name

Linuxlinux for beginnerslinux-basics#learnwithpra9Devops