Create Users

Creating a user is rather simple. While logged in as root, type:

useradd username

Where “username” is the name of the user you want to add. There are a couple options to this command as well.

-s allows you to specify what shell you want this user to have. For instance, the default is the “bash” shell, but if you wanted a user to have the ZSH shell you’d do the following:

useradd username -s /bin/zsh

-d will specify a home directory. Usually in most modern linux systems, this gets specified automatically with useradd as /home/<username>. If you wish to specify someplace different simply do this:

useradd -d /new/path/of/home username

-g will specify what group you want this user to have as its default group. This is option as the system will auto-assign a group to the user.

-m - this tells the system that to create the user´s home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the -k option) will be copied to the home directory. By default the “skeleton” directory is /etc/skel. Any file in this directory will be copied to newly created home directories.

-k This allows you to assign a skel directory other than the default.

For the rest of the useradd options please see

man useradd

       By default, no home directories are created.

passwd

Once your user is created you’ll want to set a password for that user. While logged in as root or the user that will be changed, type:

passwd username

Where “username” is the name of the user whose password you want to change. If “passwd” is typed, the password will be changed for the user, you are logged in as. This command also works to change passwords for already existing users. If you wish to change the password for yourself, just type “passwd” and do not specify a user.

/etc/passwd

lets say this is a line out of my /etc/passwd file:

tuxtraining:x:1000:100:tuxtraining:/home/tuxtraining:/bin/bash

Each field is seperated by a “:”, this is what each field represents.

1. Username: This is the name for a user when a user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file. (See Below)
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file). It tells the system which group this user belongs to.
5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of the default shell (usually /bin/bash).

/etc/shadow

The /etc/passwd file can be readable by other uses on the system. Even though an encrypted password can be used in the /etc/passwd file, it is safer practice to place an x in the password field, telling /etc/password to look in the /etc/shadow file for the encrypted password. In the /etc/shadow file there will be a line for every user and they’re encrypted password. Only a user with root privileges can view this file.

tuxtraining:$srtiJOIUHJRGrst5gubrthj98456yW1iog475srt5strh8R.:14536:0:99999:7:::

Again, each field is separated by colons “:”

1. User name : It is your login name
2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

The last 6 fields provides password aging and account lockout features (you need to use chage command to setup password aging). According to man page of shadow - the password field must be filled. The encrypted password consists of 13 to 24 characters from the 64 character alphabet a through z, A through Z, 0 through 9, . and /. Optionally it can start with a “$” character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with “$1$” it means the MD5-based algorithm was used.

Modify Users

The usermod command can change just about anything that you can create with useradd. You can change the shell (-s) the UID (-u), the login name (-l , though this will not change permissions set to your old login name), the initial group (-g), supplemenary groups (-G)

The syntax is generall the same too:

usermod <options> <username>

Comman usages are to lock a user account (-L) This puts a ‘!’ in front of the encrypted password, effectively disabling the password. Another is to unlock it (-U).

See: man usermod

Delete users

While logged in as root, type:

userdel -r username

Where “username” is the name of the user you want to remove. This will remove the user’s home directory. You can delete the user without the “-r” option and delete the user’s home directory manually. If the group the user was in, is no longer needed, you may delete it by editing the “/etc/group” file.

 groupadd [-g gid [-o]] [-r] [-f] group

groupadd group

groupmod [-g gid [-o]] [-n group_name ] group

groupdel group

find /var/tmp -gid 1000

video:x:100:tuxtraining,bob,mary