Professional Documents
Culture Documents
1
Administering User Accounts
Administering user and group accounts, is a fundament
al Linux system administration activity. Ordinarily, most
people understand user accounts as accounts tied to a
particular physical user.
Fedora Core or RHEL systems also have logical user ac
counts, user accounts that exist for particular applicatio
ns, such as MySQL, or system functions, such as the m
ail and bin user accounts.
Both actual and logical have user identification number
s (UIDs), numeric values that the kernel and many app
lications use instead of the account name.
Ordinarily, each user account has a unique UID (on a g
2 iven system), but this is not strictly required.
Working with User Accounts
One of the most common administrative tasks is working with
user and group accounts.
Although some administrators find the traditional command lin
e tools for managing users and groups tedious or inconvenient
to use.
Table 29-1 lists the commands for adding, modifying, and del
eting user accounts.
You use the following commands most often:
■■ useradd — Create user login accounts
■■ userdel — Delete user login accounts
■■ usermod — Modify user login accounts
■■ passwd — Set or change account passwords
■■ chsh— Set or change a user’s default shell
3 ■■ chage — Modify password expiration information
4
The useradd command creates new user accounts and,
when invoked with the -D option, modifies the default v
alues applied to new accounts. As a result,it can be invo
ked in two ways. The syntax of the first form is:
useradd [-c comment] [-d dir] [-e date]
[-f time] [-g initial] [-G group[,...]]
[-m [-k dir] | -M]
[-p passwd] [-s shell] [-u uid [-o]]
[-n] [-r] username
10
11
The chpasswd command updates existing user pa
sswords en masse. It reads a file consisting of col
on-separated username:password pairs. Passwor
d must be plain text, which will be encrypted at r
untime, unless chpasswd is invoked with the -e o
ption, in which case password must already be en
crypted using a crypt(3)-compatible encryption al
gorithm.
12
Viewing Login and Process Informat
ion
To view current and past login information and to deter
mine what processes users are running, you can use on
e of the following commands:
■■ last — Displays historical login information
■■ who — Displays information about currently logged
in users
■■ w— Displays a user’s currently running process
For all logins, last prints the user name, TTY, date, time
, elapsed time, and the host name or IP address of the r
emote host, if applicable, from which the login originate
d of all user logins, starting with the most recent login.
Its syntax is:
13
last [-R | [-ai]] [-num |-n num] [username] [tty]
The who command displays information about cu
rrently logged-in users. Its default output include
s the user name, login TTY, and the date and tim
e each user logged in.
who’s syntax is:
who [-Hil] | [-q]
19
Modifying and Deleting Grou
ps
To add a user to the group, a group administrator must us
e the -a username option. The -d username option remove
s a user from a group. The next example shows how to ad
d and remove bubba using gpasswd’s -a and -d options:
# gpasswd -a bubba admins
Adding user bubba to group admins
# grep admins /etc/group
admins:!:507:marysue,joebob,bubba
# gpasswd -d bubba admins
Removing user bubba from group admins
# grep admins /etc/group
admins:!:507:marysue,joebob
20
Using a Shadowed Group File
Much of the behavior described in the previous subsection
does not apply if the shadow group file, /etc/gshadow, is
present. In particular, if the shadow group file is in use:
■■ Adding a group creates an entry for that group in the
shadow group file that resembles the following:
admins:x:507:
admins:!::
■■ Adding a user to a group adds that user to both the s
tandard group file and the shadow group file:
# gpasswd -M marysue admins
# grep admins /etc/group /etc/gshadow
group:admins:x:507:marysue
gshadow:admins:!::marysue
21
■■ The third field in the shadow group file holds th
e name of the group administrator, not the GID, if
an administrator is added using gpasswd’s -A usern
ame option:
# gpasswd -A marysue admins
# grep admins /etc/gshadow
admins:!:marysue:marysue
23
Administering Users and Groups with User
Manager
User Manager is a graphical tool for administering user and group accoun
ts.
To use it, you must be logged in as root or otherwise have root access.
To start User Manager, click Main Menu ➪ System Settings ➪ Users and
Groups. You can start from a command line using the command system-
config-users in a terminal window.
The initial screen resembles Figure 29-1. From this screen you can view,
modify, and delete existing user and group accounts or create new ones.
To reduce the list of displayed accounts or to search for a specific accoun
t, type the first few letters of an account name in the Filter by text box an
d click the Apply filter button.
You can update most windows by clicking the Refresh button on the toolb
ar.
To get context-sensitive help, click the toolbar’s Help button or, to view th
e entire User Manager manual, select Help ➪ Manual from the toolbar.
24
Figure 29-1 The main Red Hat User Manager dialog box.
25
Creating User Accounts
To add a new user:
1. Click the Add User button. The Create New User dialog bo
x, shown in Figure 29-2, appears.
2. Type the new account name in the User Name text box.
3. Type the user’s full name in the Full Name text box.
4. Type the user’s password in the Password and Confirm Pa
ssword fields. The password must be at least six characters.
5. Select a login shell. If you choose not to accept the defaul
t shell, select an alternative shell from the Login Shell drop-d
own box.
6. As noted earlier in this chapter, the default home director
y is /home/username. You can change the home directory b
y editing the Home Directory text box or not create a home
directory at all by clearing the Create home directory check
26 box.
Figure 29-2 Adding a new user.
27
7. To prevent creation of a user private group, re
move the check from the Create new group for th
e user check box. A completed Create New User
dialog box might resemble Figure 29-3.
8. Click OK to create the user.
28
Figure 29-3 A newly created user account in User Manager.
29
Modifying and Deleting User Accounts
After you have created a user account, you can configure addition
al properties by clicking User Manager’s User tab, selecting the use
r, and clicking the Properties button to open the User Properties di
alog box.
To add the user to additional groups, click the Groups tab (see Fig
ure 29-4). Click the check box next to the groups of which the user
should be a member, then click the Apply button.
Other account data you can modify from the User Properties windo
w includes the basic user information you supplied when you creat
ed the user (the User Data tab), account information (the Account
Info tab), and password expiration information (the Password Info
tab).
On the Password Info tab, click the Enable account expiration chec
k box to set the user account’s expiration date if you want the acc
ount to expire on a certain date.
To prevent this user account from logging in, place a check mark i
30
n the User account is locked check box.
Figure 29-4 Adding a user to additional groups.
31
Click the Password Info tab to view and change the account
password expiration information. (See Figure 29-5.) The dat
e that the user last changed her password appears across th
e top of the tab.
Click Enable password expiration to force a password change
after a certain number of days, and then enter the number o
f days between required password changes in the Days befo
re change required text box.
You can also set the number of days before the user can cha
nge her password, the number of days before the user is wa
rned to change her password, and the number of days befor
e the account becomes inactive.
When you have finished modifying the user account properti
es, click OK to apply the changes and close the User Properti
es dialog box.
Finally, to delete a user account, click the account to delete
on User Manager’s Users tab, and then click the Delete butto
32 n.
Figure 29-5 Modifying user account password expiration information.
33
Creating Group Accounts
34
Figure 29-6 Adding a new group.
35
Modifying and Deleting Group Accounts
To view or modify the properties of an existing group, selec
t the group to modify from the group list on the Groups tab
and click the Properties button.
The Group Properties dialog box, shown in Figure 29-7, app
ears.
The Group Users tab, shown in Figure 29-8, displays the us
ers that are members of the group.
To add other users to the group, place a check mark next t
o the user account names in the list, and deselect account
names to remove them from the group.
Click OK to apply the changes and close the Group Properti
es box.
After you have finished adding or modifying user and group
accounts, click File ➪ Quit or press Ctrl+Q to save your cha
36 nges and close User Manager.
Figure 29-7 Modifying group properties.
37
Figure 29-8 Modifying group properties.
38