User Management & Group Management

1. How do you create a new user in Linux?

Answer: To create a new user in Linux, you can use the useradd command followed by the username.
For example, to create a user named "john", you would use the command: useradd john.

2. What is the purpose of the /etc/passwd file in Linux?

Answer: The /etc/passwd file in Linux stores user account information. It contains details such as
usernames, user IDs, group IDs, home directories, and default shell. However, the passwords are not
stored in this file, but in the /etc/shadow file instead.

3. How do you set or change the password for a user in Linux?

Answer: You can use the passwd command to set or change the password for a user in Linux. For
example, to set the password for the user "john", you would use the command: passwd john. You will be
prompted to enter the new password.

4. What is the purpose of the userdel command in Linux?

Answer: The userdel command is used to delete a user account in Linux. When you run userdel followed
by the username, it removes the user from the system, deletes the user's home directory (if specified),
and removes the user's mail spool (if present)

5. How do you add a user to a group in Linux?

Answer: You can use the usermod command to add a user to a group in Linux. The syntax is usermod -
aG groupname username. For example, to add the user "john" to the "developers" group, you would use
the command: usermod -aG developers john.

6. How do you list all users in Linux?

Answer: You can use the cut and sort commands in combination with the /etc/passwd file to list all users
in Linux. The command cut -d: -f1 /etc/passwd | sort will display a sorted list of all usernames.

7. How can you lock or unlock a user account in Linux?

Answer: To lock or unlock a user account in Linux, you can use the passwd command with the -l or -u
options, respectively. For example, to lock the user "john", you would use the command: passwd -l john.
To unlock the user, you would use: passwd -u john.

8. How do you assign a specific shell to a user in Linux?

Answer: You can use the chsh command to assign a specific shell to a user in Linux. Running chsh
followed by the username will allow you to change the user's default shell. The command will prompt
you to enter the new shell path.

9. How to create user without useradd command in Linux?

Follow these steps to create a user without using useradd command in Red Hat Linux.

Step 1

Add an entry of user details in /etc/passwd

The field details are as shown below.

username:password:UID:GID:Comments:Home_Directory:Login Shell

# vi /etc/passwd

user:x:501:501:test user:/home/user:/bin/bash

Step 2

You will have to create a group with same name. So add a new entry in /etc/group

# vi /etc/group

user:x:501:

Step 3

Assign a password to the user

# passwd user

Changing password for user user.

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

Now let us try to login with our newly created user

# su - user

-bash-4.1$

You should see [user@test ~]$ instead of -bash-4.1$ prompt. So why does this happens?

Let us check the contents of its home directory

-bash-4.1$ ls -al

drwxr-xr-x 2 root root 4096 Jan 12 14:27 .

drwxr-xr-x. 3 root root 4096 Jan 12 14:27 ..

So, as you see none of the default contents of a normal user home directory is present
like .bashrc, .bash_profile etc.

Final Step 4

NOTE:

/etc/skel directory contains all the defaults files which are present inside the home folder of any user

So, copy the contents from /etc/skel inside /home/user using the below command

[root@test ~]# cp -v /etc/skel/.* /home/user/

cp: omitting directory `/etc/skel/.'

cp: omitting directory `/etc/skel/..'

`/etc/skel/.bash_logout' -> `/home/user/.bash_logout'

`/etc/skel/.bash_profile' -> `/home/user/.bash_profile'

`/etc/skel/.bashrc' -> `/home/user/.bashrc'

`/etc/skel/.emacs' -> `/home/user/.emacs'

cp: omitting directory `/etc/skel/.gnome2'

cp: omitting directory `/etc/skel/.mozilla'

Now re login to the user

[root@test user]# su - user

[user@test ~]$

10. What is the default permission on user's home directory?

answe : 700

11. What is the difference between .bash_profile and .bashrc?

answer : Every time you login to a Linux (Red Hat) machine .bash_profile file is executed but In case you
are already logged in and you open a new terminal then .bashrc file is executed
12. What is the command to create a user with a pre defined uid, shell and home directory?

answer : useradd -m -d /path/to/home -s /bin/bash -u 550 <USER>

13. Explain each field of /etc/passwd

answer : deepak:x:512:512:User:/home/deepak:/bin/bash

1st field: username

2nd field: x tells that an encrypted password is stored in /etc/shadow

3rd field: uid

4th field: gid

5th field: Description

6th field: home directory

7th field: default login shell

14. How to change primary group for any user?

answer : usermod -g <groupname> <username>

15. If I delete a user, does it's home directory gets deleted? If not then what is the command
to delete the home directory of user along with the user ?

answer : No.

# userdel -r <username>

16. Name any 3 files which are automatically created inside any user's home directory when a
user is added?

answer :

.bashrc

.bash_profile

.bash_history

17. What is the command to view all the currently logged in users?

answer : w
18. What is the command to change and view the expiry date for any user?

answer : chage

19. What are the details you get with finger command?

answer : Login Details

Mail

Home directory

Last login

20. How can you give a normal user all the root level privileges?

answer : Add the user to wheel group and uncomment the wheel group line in sudoers file

Give the user all command permission in sudoers

How to give normal user root privileges using sudo in Linux/Unix

21. Name any 3 groups of which root is a member by default?

answer : root, bin, daemon, sys, adm, disk, wheel

22. How can you give sudo access to any user without asking him to provide passord every
time he runs a command?

answer : Add an extra parameter NOPASSWD in sudoers file while giving the user permission to run root
level commands

23. Which files stores the user min UID, max UID, password expiration settings, password
encryption method being used etc.,?

ANS : /etc/login.defs

24. How do you make a file copied to a new user account automatically upon user account
creation?

ANS : Store the file in /etc/skel directory.

25. List the fields in /etc/passwd file?

ANS : UserName | Password | UserID | GroupID | Comments | HomeDir | LoginShell

<Couple of lines from /etc/passwd file are pasted below for reference>
redhat:x:500:500:Redhat User:/home/redhat:/bin/bash

mssm:x:501:501:another user:/home/mssm:/bin/bash

– “x” in the password column indicates that the encrypted password is stored in /etc/shadow file.

26. How to lock an user account?

ANS: This can be done by using either “usermod -L <UserName>” or “passwd -l <UserName>”
commands

Example:-

#usermod -L mango

Once an account gets locked, there would be an exclamation mark before the encrypted password files
in “/etc/shadow” as shown below:

mango:!$1$O5zV5Rj/$XhuRe8Og.AiXMXDGSIsae/:16266:0:99999:7:::

To un-lock an account:-

#usermod -U mango

27. How to disable user login via terminals?

ANS: Add “/sbin/nologin” field instead of “/bin/bash” in “/etc/passwd” file.

28. Which commands are normally recommended to edit “/etc/passwd”, “/etc/shadow”,

“/etc/group” and “/etc/gshadow” files?

ANS: vipw > edit the user password file (/etc/passwd)

vigr > edit the user group file(/etc/group)

vipw -s > to edit shadow password file (/etc/shadow)

vigr -s > to edit shadow group file (/etc/gshadow)

These commands would normally lock the file while editing to avoid corruption.

29. Whenever an user tries to login via terminal, system would throw up the error “The
account is currently not available”, otherwise, via GUI when user enters password, it looks to
be logging in, however, comes back to the login prompt. How could this issue be fixed?

ANS: This is because of the shell field set as “/sbin/nologin” in “/etc/passwd” file, so change this back to
“/bin/bash” and user should be allowed to login.
If the shell field is set as “/bin/false” then whenever an user tries to login there would not be any error
or messages, it just comes back to the login prompt and same happens in GUI mode.

30. How do you make a new user to reset his password upon his first login?

{ The prompt should come up like below }

[redhat@localhost ~]$ su – mango

Password:

You are required to change your password immediately (root enforced)

Changing password for mango.

(current) UNIX password:

{ The prompt should come up like above }

ANS: Use ‘chage’ command and set the expiration date as given below

[root@localhost skel]# chage -d 0 mango

<< To view password aging details >>

[root@localhost skel]# chage -l mango

Last password change : password must be changed

Password expires : password must be changed

Password inactive : password must be changed

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7

31. Create users home directory in /home1 directory instead of default /home directory. This
gets applicable to any new users who gets created i.e the home directory of that user should
be /home1/<UserName>/

ANS: – Edit /etc/default/useradd

– Change the line : HOME=/home1

– Save the changes and exit. After this any new users home directory would be under /home1

– You could check the useradd defaults using the command :#useradd -D

OR

#cat /etc/default/useradd

After this you can add users with the command “useradd <UserName>”. This would create the users
home directory with the name of the user under the specified HOME directory as defined in
/etc/default/useradd.

EXAMPLE:- adding user with “-d”

[root@Redhat5Lvm ~]# useradd -d /root/doctor alldoctors

[root@Redhat5Lvm ~]# grep alldoctors /etc/passwd

alldoctors:x:912:913::/root/doctor:/bin/bash

[root@Redhat5Lvm ~]# ls -ali /root/doctor/

total 28

607780 drwx—— 3 alldoctors alldoctors 4096 Aug 3 00:31 .

543457 drwxr-x— 18 root root 4096 Aug 3 00:31 ..

608253 -rw-r–r– 1 alldoctors alldoctors 33 Aug 3 00:31 .bash_logout

608252 -rw-r–r– 1 alldoctors alldoctors 176 Aug 3 00:31 .bash_profile

608251 -rw-r–r– 1 alldoctors alldoctors 124 Aug 3 00:31 .bashrc

608248 drwxr-xr-x 4 alldoctors alldoctors 4096 Aug 3 00:31 .mozilla

32. How do you make/grant complete access (rwx) on files created for a user and deny any
level of access to others including group?

ANS : – Need to define the umask value for the required user.

– This can be done by editing .bash_profile file.

For example, if we need to define this for a user “mmurthy” then we need to edit this file
“/home/mmurthy/.bash_profile” and define umask as given below (assuming that the default home
directory location is not changed):

umask 0077

– Save and exit the file.

– Next time this user logs in, files/directories would get exclusive permissions only for this user as
masked by umask parameter.

– For root user the umask is defined in “/etc/init.d/functions” file. Otherwise, in /etc/profile (login shell)
or /etc/bashrc (non-login shell) file.

33. How to check if an user account has been locked?

ANS:- Run the command “passwd -S <UserName>”, this would show if the password has been locked or
not. Otherwise, grep for the username from /etc/shadow file and you could see “!” mark prefixed to the
encrypted password field.

[root@server6 ~]# passwd -S smurthy

smurthy LK 1970-01-01 0 99999 7 -1 (Password locked.)

[root@server6 ~]# grep smurthy /etc/shadow

smurthy:!!$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::

If you notice a double exclamation mark here (“!!”) this indicates that the account got locked-up by
running the command “passwd -l <UserName>” command (available only for root user). Otherwise, a
single exclamation mark indicates that the account got locked with the command “usermod -L
<UserName>”. Accounts locked with usermod command would record it in /var/log/secure file by
default.

To “unlock” an user account, run this command “passwd -u <UserName”>. Otherwise, run “usermod -U
<UserName” command twice to get rid off double exclamation marks in the encrypted password field.

Otherwise, “usermod -U <UserName” would unlock an account locked by the “usermod -L <UserName>”
command.

EXAMPLE:-
[root@server6 ~]# grep smurthy /etc/shadow

smurthy:!!$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::

[root@server6 ~]# passwd -S smurthy

smurthy LK 1970-01-01 0 99999 7 -1 (Password locked.)

[root@server6 ~]# passwd -u smurthy

Unlocking password for user smurthy.

passwd: Success

[root@server6 ~]# grep smurthy /etc/shadow

smurthy:$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::

[root@server6 ~]# passwd -S smurthy

smurthy PS 1970-01-01 0 99999 7 -1 (Password set, SHA512 crypt.)

34. How to find out the shadow password encryption method being used in Linux? How
could this be changed (example : from md5 to sha512)?

ANS:- We can find out the password encryption method being used for shadow passwords as shown
below:

– Check in /etc/login.defs

[root@server8 ~]# grep -i crypt /etc/login.defs

# Use SHA512 to encrypt password.

ENCRYPT_METHOD MD5

MD5_CRYPT_ENAB yes

OR

– Check using “authconfig” command:

[root@server8 ~]# authconfig –test|grep hashing

password hashing algorithm is md5