Tuesday, May 17, 2011

User/Group Management

1. The ability to control users and groups

Primary tools:
1. useradd - used to add users and modify group membership
2. system-config-users

1. Create a user named 'student1' using 'useradd'

Note: Default user settings derive from: /etc/login.defs
a. useradd student1
b. set password for user 'student1': passwd student1

Default User Accounts DB: /etc/passwd

Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable

Fields in /etc/shadow:

1. username:
2. encrypted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)

2. Modify user 'student1' to have password expire after 45 days
a. usermod

1. groupadd - adds new group
2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information

Task: Create a 'sales' group and add 'linuxbbt' and 'student1' as members
1. groupadd sales
2. usermod -G sales linuxbbt
3. usermod -G sales student1

Note: 2 types of groups exist:
1. Primary - used by default for a user's permissions
2. Supplemental - used to determine effective permissions

Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information

userdel/groupdel are used to delete users and groups, respectively