You are on page 1of 30

Unix administration

User Accounts and Groups

Linux is a multiuser operating system, where multiple users can work simultaneously in their own operating environment.Thus user management is an important concept Even if the system is only used by a single user it is still important to create a user account besides the administrative (root) account root has unlimited privileges, many of which are not required for day to day activities Groups allow the grouping of individual users under a single name for file access control

Users & UIDs

Three kinds of users are at work in the typical Fedora Core Linux system environment:

the superuser (root): UID 0 the regular user: UIDs beginning with 500 the system user: UID 1 through 499 and 65,534

Password and Group Files

/etc/passwd stores user account information /etc/group stores group and membership information /etc/shadow shadows the password file and stores encrypted passwords and password expiry information Password file contains the following entries (one line peruser):


User ID: system assigned number Group ID: ID of the user's default group Comment: a descriptive string, usually user's name Home directory: full path to user's home directory Default shell

Creating and Managing User Accounts

Process of creating new user accounts

Add default files to be part of every users home directory to /etc/skel directory Create home directory for all users Configure default settings for all users Create groups Create user account for each person Create valid password for each user

Managing User Accounts Graphically

/etc/passwd file defines user accounts, including:

User name Password UID GID

Comment field Users home directory Users default shell

vipw command edits /etc/passwd file passwd command defines password

Managing User Accounts Graphically (continued)

Utilities to create new user accounts

Graphical tools Command-line utilities

Red Hat graphical user account creation tool Information from /etc/passwd file shown in window Can edit each fields Edit password information stored in /etc/shadow

system-config-users utility


Managing User Accounts Graphically (continued)

User Properties dialog, User Data tab

User name Full name Password and confirm password Home directory Login shell Enable account expiration Lock local password ???

User Properties dialog, Account Info tab

Managing User Accounts Graphically (continued)

User Properties dialog, Password Info tab

View when user last changed password Enable password expiration

Experts recommend changing password every 30 to 60 days User Properties dialog, Groups tab

Lists groups from /etc/group file Each user assigned primary group

Managing User Accounts Graphically (continued)

User private group model

Used by Red Hat Linux and Fedora Users primary group has same name as user Contains only user as member
system-config-users utility Add User button Enter information on dialog Utility creates home directory based on user name

Create new user

/etc/login.defs file

Stores settings used to create new users Comments describe settings

Click Add Group button Enter group name

Create new group

Managing User Accounts Graphically (continued)

Delete user

Select user name on Users tab Click delete button Some administrators prefer to permanently disable, not delete

Adding a New User

Command: useradd [options] user Common options:

-c comment: comment stored in password file, usually user's name -d directory: home directory name -s shell: shell for the account -g initial_group: user's initial login group


useradd joe (add user joe with default values) useradd -s /bin/bash -c 'Joe Smith' joe (add user joe with supplied values)

Creating New Users at the Command Line

useradd utility

Create new users Must be logged in as root Example: useradd -g sales -c Raley Solomon" rsolomon -D option displays the default settings Edit /etc/default/useradd to change defaults
Creates user ID and assigns it to one or more groups -g option specifies initial group -G option specifies additional groups

useradd command adds new user ID

Creating New Users at the Command Line (continued)

passwd command

Change users password Lock user account: passwd -l thomas Unlock account: passwd -u thomas

Change Password

To change your password, type the command passwd at a shell You will be prompted for a new password, and a confirmation - after confirming your current password Bad passwords are disallowed passwords should be at least 6 characters long, contain both letters and digits or punctuation and must not be based on dictionary words There is usually a graphical utility for changing passwords accessible from the application menu (this is desktopspecific)

Creating New Groups

groupadd command

Preferred method for adding new group Example: groupadd managers

groupadd command creates new group ID and makes group available for use

Assign unique ID number to each group Does not automatically assign access rights

File Permissions

Use chgrp command to assign a file or directory to a group

Modifying User and Group Accounts at the Command Line

usermod command

Modify user account Uses same options as useradd command

Modify group -g option: change GID -n option: change name

groupmod command

Disabling User Accounts

Temporarily disable users account

Change password

passwd command

passwd -l [username] to lock account Edit /etc/shadow file in text editor

Place asterisk before encrypted password

Place # at beginning of line for user account in /etc/passwd

Make line into comment

Deleting User And Group

Command: userdel [options] user Common options:

-r: deletes files in the user's home directory userdel joe (delete joe, preserving his home directory) To delete an existing group: Users must be removed from a primary group before that group can be deleted


Command: groupdel group

Deleting User and Group

userdel command

Delete user account permanently Does not remove users home directory or contents
Remove group Be careful deleting groups

groupdel command


Try out following commands chgrp Changes the group ownership of a file or directory. chown Changes the owner of a file or directory. chmod Changes the access permissions of a file or directory.

Compression and Archiving

Compression and Archiving

Compression and archiving are useful for backups and transferring multiple files across a network (via ftp, http, email attachments, etc.) Compression utilities include gzip (.gz extension), bzip2 (.bz2 extension) and zip (.zip extension MS compatible) Archiving utilities include tar (.tar extension most common Linux format) and zip (.zip extension MS compatible)

Compression and Archiving

Command: gzip [options] files Common options:

-d: decompresses instead of compressing -l: lists compression information -t: tests the file's integrity gzip somefile.txt (compresses the file and renames to somefile.txt.gz) gzip -d tarfile.tar.gz (uncompresses the file and renames to tarfile.tar)


bzip2 works similarly to gzip, with a .bz2 filename extension

Compression and Archiving

Command: tar [options] [files] Common options:

-c: creates a new archive -f tarfile: uses the specified tar filename (instead of stdin / stdout) -t: lists the contents of an archive -v: lists files as they are processed -x: extracts files from an archive -z: filters the archive through gzip -j: filters the archive through bzip2

Compression and Archiving


tar -cvf docbackup.tar *.doc (creates a tar file containing all .doc files) tar -zxf somearchive.tar.gz (extracts files in the archive compressed with gzip) tar -jtf somearchive.tar.bz2 (lists files in the archive compressed with bzip2)


Check for zip and unzip