There are three types of user accounts in Linux operating system. They are
1. root user
The root user is also called as super user. A super user can run any command with out any restrictions. This account gives you the ability to carry out all facets of system administration, including adding accounts, changing user passwords, examining log files, installing software, etc.
When you are signed in as root the shell prompt displays ‘#’ as the last character (if you are using terminal).
2. system user
The System accounts are needed for the operation of system-specific components like mail accounts and the sshd accounts. Also if we install Apache, it will create a user apache. These kind of users are called as system user.
3. normal user
These users are created by root user. Normal user accounts provide access to the system for users and groups of users. These users have limited access to critical system files and directories.
|User Type||User Name||User ID||Group ID||Home Directory||Shell|
|System user||ftp,apache etc||1 to 499||1 to 499||/var/ftp etc||/sbin/nologin|
|Normal user||sree, mark etc||500 to 60000||500 to 60000||/home/sree etc||/bin/bash|
Following are the important files should be aware of for user and group administration :
/etc/passwd: – Keeps user account and password information. This file holds the majority of information about accounts on the Linux system.
/etc/shadow: – Holds the encrypted password of the corresponding account.
/etc/group: – This file contains the group information for each account.
/etc/gshadow: – This file contains secure group account information.
Create a user
# useradd scott
Assign password to user
# passwd scott Changing password for user scott. New password: Retype new password: passwd: all authentication tokens updated successfully. #
Create a user with account expiry date
# useradd -e 2017-04-01 mark # passwd mark Changing password for user mark. New password: Retype new password: passwd: all authentication tokens updated successfully. #
Create a user with specific user id
# useradd -u 504 jones
Create a user with Specific user id and group id
# useradd -u 600 -g 504 ford
Add a user to multiple groups
We can add a user to multiple groups by specifying with group name or group id
# useradd -G dev,qa smith # # id smith uid=601(smith) gid=601(smith) groups=601(smith),3460(dev),3461(qa) # # useradd -G 3460,3461 ward # # id ward uid=602(ward) gid=602(ward) groups=602(ward),3460(dev),3461(qa) #
Add a user with comments
# useradd -c"Developer" james # tail -1 /etc/passwd james:x:603:603:Developer:/home/james:/bin/bash #
Add user with home directory
# useradd -d /home/mydir allen # tail -1 /etc/passwd allen:x:604:604::/home/mydir:/bin/bash #
useradd options :
-u user id -g primary group id -G secondary group id -d home directory -c comment -s shell -s shell
Deleting a existing user
# userdel allen
Delete user even if he is still logged in
# userdel -f jones
Delete user along with home directory
# userdel -r mark
Modify user properties
Changing the home directory of user
# grep jones /etc/passwd jones:x:504:504::/home/jones:/bin/bash # # usermod -d /home/jon jones # # grep jones /etc/passwd jones:x:604:604::/home/jon:/bin/bash #
Changing the primary group of a user
# usermod -g dev ford
Locking(-L) and Unlocking(-U) users
# usermod -L scott # usermod -U scott
Verify in /etc/shadow file it shows exclamation(!) mark at user name when user locked. After unlock it will disappear.
# usermod -L scott # cat /etc/shadow |grep scott scott:!$1$nAgOX9u$GLtQsaMcMBvlPUPgY.0:17143:0:99999:7::: # # usermod -U scott # cat /etc/shadow |grep scott scott:$1$nAgOX9u$GLtQsaMcMBvlPUPgY.0:17143:0:99999:7::: #
Changing login name and password
# usermod -l karen james # usermod -p P@ssWord karen
View account aging information
# chage -l smith Last password change : Dec 08, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Changing password parameters
# chage smith Changing the aging information for smith Enter the new value, or press ENTER for the default ................ ................
Usage: chage [options] [LOGIN]
-d, –last day LAST_DAY set date of last password change to LAST_DAY -E, –expire date EXPIRE_DATE set account expiration date to EXPIRE_DATE -I, –inactive INACTIVE set password inactive after expiration to INACTIVE -m, –min days MIN_DAYS set minimum number of days before password change to MIN_DAYS -M, –max days MAX_DAYS set maximum number of days before password change to MAX_DAYS -W, –warn days WARN_DAYS set expiration warning days to WARN_DAYS