Sunday, September 4, 2011

User & Group Account Administration Commands

There are three basic types of Linux user accounts: administrative (root), regular, and service.

The Linux administrative root account is automatically created when you install Linux, and it has administrative privileges for all services on Linux Operating System. The root account is also known as super user

Regular users have the necessary privileges to perform standard tasks on a Linux computer such as running word processors, databases, and Web browsers. They can store files in their own home directories. Since regular users do not normally have administrative privileges, they cannot accidentally delete critical operating system configuration files.

Services such as Apache, Squid, mail, games, and printing have their own individual service accounts. These accounts exist to allow each of these services to interact with your computer.

Each user on a Red Hat Enterprise Linux system is assigned a unique user identification number, also known as a UID. UIDs below 500 are reserved for system users such as the root user and service users.

A user group is a group of one or more users. A user can be a member of more than one group. In Red Hat Enterprise Linux, when a user is added, a private user group (primary group) is created—meaning that a user group of the same name is created and that the new user is the sole user in that group.

To add a new user, use the useradd command. The basic syntax is



# useradd vinod

The username is the only information required to add a new user; however, for exam prospective you should know some additional command-line arguments for useradd. The useradd command creates the account, but the account is locked.

To unlock the account and create a password for the user, use the command passwd [username]. By default, the user's home directory is created and the files from /etc/skel/ are copied into it.

The two exceptions are if the –M option is used or if the home directory already exists.

We have already discussed about these two basic commands in our last article. If you haven't completed our last assignments we suggest you to review it before going with this article as it's the sequential of last assignments.

Create a user with additional command-line arguments.In this example you are going to assign home directory on other locations so first create it and same as create first desired user's secondary group. 



#mkdir /test

#groupadd example

#useradd –u 700 –d  /test/user1 –g example –c “testing user” –s /bin/sh –m user1

#passwd user1

useradd command



-c [fullname]    Full name of the user (or a comment about the user).

              If more than one word is needed, place quotation marks

              around the value.

-d [directory]   Home directory for the user. The default value is /home/[username]/.

-g [group]       Default group for the user specified as a group name or group ID

              number. The group name or GID must already exist. The default is

              to create a private user group. If a private user group is not

              created, the default is the users group.

-m               Create a home directory for the user if it doesn't exist. Files from

              /etc/skel/ are copied into the home directory.

-s [shell]       Specify the user login shell for the user. The default shell if not

              specified is /bin/bash.

-u [uid]         Integer to use for the user ID. Must be unique unless -o is used.

              Values less than 500 are reserved for system users.

-M               Do not create a home directory for the user. By default, a home

              directory is created unless this option is used or unless the

               directory already exists.

Now login form this user. And check where did this user logged in and why its shell prompt is looking different.



$pwd

/test/user1

useradd command

By default user gets bash sell prompts. But we modified this by –s switch and given user to /bin/sh shell. Now change user shell again



#usermod –s /bin/bash user1

useradd command

Verify by login again from user1

useradd command


How to manage bulk users

Consider a situation where you need to create more then thousand user. It will be really tedious task if you will do it by simple useradd commands. Here you have to switch to Linux shell scripts.

loop for creating user



# for USER in _ _ _ _ _ _ _ _ _  _ _

> do

>useradd $USER

>echo  _ _ _  _ |passwd  --stdin $USER

>done

Example
(replace users vinita nikkita niddhi sumit shweta vickey kaushal manoj jai to your users)



# for USER in vinita nikkita niddhi sumit shewta  vickey kaushal manoj jai

> do

>useradd $USER

>echo  friends |passwd  --stdin $USER

>done

This simple for loop will create 9 users and set their defaults passwords to friends.

useradd for loop

Loop for creating groups

Now create 3 groups named sales market productions using for loop



#for GROUP in sales market productions

> do

>groupadd $GROUP

>done

Verify by cat and grep commands

groupadd command linux

For loop for deleting bulk users

Now remove all the user which we created in pervious example.



#for USER in vinita nikkita niddhi sumit shweta  vickey kaushal manoj jai

>do

>userdel  -r $USER

>done

userdel linux command

For loop for deleting bulk users

Remove groups which we create in pervious example



#for GROUP in sales market productions

> do

>groupdel $GROUP

>done

groupdel linux command


In Red Hat Enterprise Linux, all files have file permissions that determine whether a user is allowed to read, write, or execute them. When you issue the command ls -l, the first column of information contains these file permissions.Within this first column are places for 10 letters or hyphens.

file permission

The first space is either a hyphen, the letter d, or the letter l.

  • A hyphen means it is a file.
  • If it is the letter d, the file is actually a directory.
  • If it is the letter l, it is a symbolic link to a directory somewhere else on the file system.

The next nine spaces are divided into three sets of three as shown in image.

linux file permission


Files and directories belong to both an owner and a group. A group usually consists of a collection of users, all belonging to the same group. The first set of three is the read, write, and execute permissions for the owner of the file.

A group can also consist of one user, normally the user who creates the file. Each user on the system, including the root user, is assigned his or her own group of which he or she is the only member, ensuring access only by that user. The second set of three is the read, write, and execute permissions for anyone who belongs to the user group for the file.

The last set of permissions is for anyone who has a login to the system.

Ownership

Create a directory /test we will use this for the practical demonstration of permission.



#mkdir /test

#ls –ld /test

linux command chown

The root user, the system administrator, owns most of the system files that also belong to the root group, of which only the root user is a member. Most administration files, like configuration files in the /etc directory, are owned by the root user and belong to the root group. Only the root user has permission to modify them, whereas normal users can read and, in the case of programs, also execute them.

In this example, the root user owns the fstab file in the /etc directory, which also belongs to the root user group.



-rw-r--r-- 1 root root 621 jan 22 11:03 fstab

Certain directories and files located in the system directories are owned by a service, rather than the root user, because the services need to change those files directly. This is particularly true for services that interact with remote users, such as Internet servers. Most of these files are located in the /var directory. Here you will find files and directories managed by services like the Squid proxy server and the Domain Name Server (named).

In this example, the Squid proxy server directory is owned by the squid user and belongs to the squid group:



drwxr-x--- 2 squid squid 4096 Jan 24 16:29 squid

Changing a File's Owner or Group

Although other users may be able to access a file, only the owner can change its permissions. If you want to give other user to control over one of your file's permissions, you can change the owner of the file from yourself to the other user. The chown command transfers control over a file to another user. This command takes as its first argument the name of the other user. Following the username, you list the files you are transferring. In our example, we gives control of the /test directory to user a:



# chown a /test

# ls -ld /test

chown

You can also change the group for a file and directories, using the chgrp command. chgrp takes as its first argument the name of the new group for a files or directories.



#chgrp example /test

chgrp linux commands

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)