Table 4.1. Command line utilities for managing users and groups
Utilities | Description |
---|---|
useradd , usermod , userdel | Standard utilities for adding, modifying, and deleting user accounts. |
groupadd , groupmod , groupdel | Standard utilities for adding, modifying, and deleting groups. |
gpasswd | Standard utility for administering the /etc/group configuration file. |
pwck , grpck | Utilities that can be used for verification of the password, group, and associated shadow files. |
pwconv , pwunconv | Utilities that can be used for the conversion of passwords to shadow passwords, or back from shadow passwords to standard passwords. |
root
:
useradd
[options] username
useradd
command creates a locked user account. To unlock the account, run the following command as root
to assign a password:
passwd
username
Table 4.2. useradd command line options
Option | Description |
---|---|
-c 'comment' | comment can be replaced with any string. This option is generally used to specify the full name of a user. |
-d home_directory | Home directory to be used instead of default /home/username/ . |
-e date | Date for the account to be disabled in the format YYYY-MM-DD. |
-f days | Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires. |
-g group_name | Group name or group number for the user's default group. The group must exist prior to being specified here. |
-G group_list | List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here. |
-m | Create the home directory if it does not exist. |
-M | Do not create the home directory. |
-N | Do not create a user private group for the user. |
-p password | The password encrypted with crypt . |
-r | Create a system account with a UID less than 1000 and without a home directory. |
-s | User's login shell, which defaults to /bin/bash . |
-u uid | User ID for the user, which must be unique and greater than 999. |
useradd juan
is issued on a system that has shadow passwords enabled:
juan
is created in /etc/passwd
:
juan:x:501:501::/home/juan:/bin/bash
juan
.
x
for the password field indicating that the system is using shadow passwords.
juan
is set to /home/juan/
.
/bin/bash
.
juan
is created in /etc/shadow
:
juan:!!:14798:0:99999:7:::
juan
.
!!
) appear in the password field of the /etc/shadow
file, which locks the account.
Note
-p
flag, it is placed in the /etc/shadow
file on the new line for the user.
juan
is created in /etc/group
:
juan:x:501:
/etc/group
has the following characteristics:
juan
.
x
appears in the password field indicating that the system is using shadow group passwords.
juan
in /etc/passwd
.
juan
is created in /etc/gshadow
:
juan:!::
juan
.
!
) appears in the password field of the /etc/gshadow
file, which locks the group.
juan
is created in the /home/
directory:
~]# ls -l /home
total 4
drwx------. 4 juan juan 4096 Mar 3 18:23 juan
juan
and group juan
. It has read, write, and execute privileges only for the user juan
. All other permissions are denied.
/etc/skel/
directory (which contain default user settings) are copied into the new /home/juan/
directory. The contents of /etc/skel/
may vary depending on installed applications.
~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan 18 Jul 09 08:43 .bash_logout
-rw-r--r--. 1 juan juan 176 Jul 09 08:43 .bash_profile
-rw-r--r--. 1 juan juan 124 Jul 09 08:43 .bashrc
drwxr-xr-x. 4 juan juan 4096 Jul 09 08:43 .mozilla
-rw-r--r--. 1 juan juan 658 Jul 09 08:43 .zshrc
juan
exists on the system. To activate it, the administrator must next assign a password to the account using the passwd
command and, optionally, set password aging guidelines.