LE Module 14 PDF

Module 14
Managing Users and Groups
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group
Exam Objective
5.2 Creating Users and Groups
Objective Summary
– Understanding user and group commands
– Creating User IDs
Working with Groups
Creating a Group
• The most common reason to create a group is to
provide a way for users to share files. After creating
or modifying a group, you can verify the changes by
viewing the /etc/group file or running the
getent command.
The groupadd Command
• The groupadd command creates a new group.
• The -g option can be used to specify a group id:
• If the -g option is not provided, the groupadd

command will automatically provide a GID for the
new group.
Group ID Considerations
• Avoid creating GIDs in the same numeric ranges
where you expect to create user IDs if your system
uses User Private Group.
• Recall that GIDs of under 500 are reserved for system
use.
• The -r option will assign the new group a GID that
will be less than the lowest standard UID.
Group Naming Considerations
• The first character of the name should be either an
underscore (_) or a lower-case alphabetic character
(a-z).
• Up to 32 characters are allowed on most Linux
distributions, but using more than 16 can be
problematic as some distributions may not accept
more than 16.
• After the first character, the remaining characters
can be alphanumeric, dash (-) and underscore(_).
• The last character should not be a hyphen (-).
Modifying a Group
• The groupmod –n command changes a group’s
name.
• The groupmod –g command changes a group’s

ID.
Modifying a Group
• If you change the GID for a group, then all files that
were associated with that group will no longer be
associated with that group.
• These are called “orphaned” files.
• To find “orphaned” files: find / -nogroup
Deleting a Group
• Delete a group with the groupdel command.
• This may result in “orphaned” files.
• Only supplemental groups can be deleted.
Working with Users
The /etc/default/useradd File
• The /etc/default/useradd file is used to
define default settings when creating user
accounts.
• Default settings can be viewed or modified with
the useradd -D command.
• Editing this file requires root access.
The /etc/default/useradd File
Field Example Description
GROUP 100 The default primary group for a new user.

HOME /home The default base directory under which the user's
new home directory will be created
INACTIVE -1 This value represents the number of days after the
password expires that the account is disabled.
EXPIRE Account expiration date.
SHELL /bin/bash The SHELL setting indicates the default shell for
user's when they login to the system.
SKEL /etc/skel The contents of this directory are copied into the
new user's home directory and the new user is given
ownership of these files
CREATE_MAIL_SPOOL yes A "mail spool" is a file where incoming email is

placed. ".
The /etc/login.defs File
• The /etc/login.defs file is used to define
default settings when creating user accounts.
• These default settings can be viewed only by
viewing the contents of this file.
• These settings can also only be modified by editing
the file directly.
• Editing this file requires root access.
The /etc/login.defs File
Field Example Description
MAIL_DIR /var/mail/spool The directory in which the user's mail spool file will be created.
PASS_MAX_DAYS 99999 The maximum number of days that a user can continue to use the
same password.
PASS_MIN_DAYS 0 The shortest time that a user are required to keep a password.
PASS_MIN_LEN 5 This indicates the minimum number of characters that a password
must contain.
PASS_WARN_AGE 7 This is the default for the warning field
UID_MIN 500 The UID_MIN determines the first UID that will be assigned to an
ordinary user.
UID_MAX 60000 The UID_MAX determines the highest possible UID that will be
assigned to an ordinary user.
GID _MIN 500 The GID _MIN determines the first GID that will be assigned to an
ordinary group.
GID _MAX 60000 The GID_MAX determines the highest possible GID that will be
assigned to a regular group.
CREATE_HOME yes The value of this determines whether or not a new directory will be
created for the user, when their account is created.
UMASK 077 Determines what the default permissions will be for the user's
home directory.
Working with Account
Information
Advantages to Individuals
having Separate Accounts
• Accounts can be used to grant selective access to
files or services.
• The sudo command can be configured to grant
the ability to specify individuals to permit
execution of select administrative commands.
• Each account can have group memberships and
rights associated with it allowing for greater
management flexibility.
Account Considerations
• Before creating a user account, consider what
values you want to set for the following:
– User name
– UID
– Primary Group
– Supplementary group(s)
– Home Directory
– Skeleton Directory
– Shell
– Comment
The useradd Command
• The useradd command will allow you to create
new users. Example:
useradd -u 1000 -c 'Jane Doe' jane
• Modifies the following files:
– /etc/passwd
– /etc/shadow
– /etc/group
– /etc/gshadow
• Creates mail spool (/var/spool/mail/jane)
and user’s home directory (/home/jane).
Password Security
Picking a Password
• Avoid using personal information in passwords.
• Encourage complex passwords.
• Encourage longer passwords, but not too long as to
make them hard to remember.
• Consider how often users will be required to reset
their passwords.
Setting a Password
• The passwd command will allow you to change a
password.
• The root user can change any user password:
passwd user_name
• The root user can break password rules besides “no empty
passwords”.
• Users can change their own password by running the
passwd command with no argument.
• Regular users can not break password rules.
• Password rules vary from one distribution to another.
chage Command
Using the chage Command
• Used to change password aging settings for a user.
Short option Long option Description
-l --list List the account aging information
-d LAST_DAY --lastday LAST_DAY Set the date of the last password change to
LAST_DAY
-E EXPIRE_DATE --expiredate EXPIRE_DATE Set account to expire on EXPIRE_DATE
-h --help Show the help for chage

-I INACTIVE --inactive INACTIVE Set account to permit login for INACTIVE days after
password expires
-m MIN_DAYS --mindays MIN_DAYS Set the minimum number of days before password
can be changed to MIN_DAYS
-M MAX_DAYS --maxdays MAX_DAYS Set the maximum number of days before a

password should be changed to MAX_DAYS
-W WARN_DAYS --warndays WARN_DAYS Set the number of days before a password expires
to start displaying a warning to WARN_DAYS
Modifying a User Account
Modify a User
• The user may need to be logged off to modify the
account.
• Use the who, w or last commands to determine
if a user is currently logged in to the system.
The usermod Command
• Used to modify a user account.
Option Description
-c COMMENT Sets the value of the GECOS or comment field to COMMENT.
-d HOME_DIR Sets a new home directory for the user.
-e EXPIRE_DATE Set account expiration date to EXPIRE_DATE.
-f INACTIVE Set account to permit login for INACTIVE days after password expires.
-g GROUP Set GROUP as primary group.
-G GROUPS Set supplementary groups to a list specified in GROUP .
-a Append the user's supplemental groups with those specified by –G.
-h Show the help for usermod.
-l NEW_LOGIN Change the user's login name.
-L Lock the user account.
-s SHELL Specify the login shell for the account.
-u NEW_UID Specify the user's UID to be NEW_UID .
-U Unlock the user account.
Removing a User
Delete a User
• Use the userdel command to delete a user
account.
• By default, only the account is deleted, not any of
the files owned by the user.
• By using the –r option, files in the user’s home
directory and the user’s mail spool are deleted.

LE Module 14 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

LE Module 14 PDF

Загружено:

Авторское право:

Доступные форматы

Module 14

Managing Users and Groups

• If the -g option is not provided, the groupadd

• The groupmod –g command changes a group’s

GROUP 100 The default primary group for a new user.

EXPIRE Account expiration date.

CREATE_MAIL_SPOOL yes A "mail spool" is a file where incoming email is

-h --help Show the help for chage

-M MAX_DAYS --maxdays MAX_DAYS Set the maximum number of days before a

Вам также может понравиться