Adding new users
While you can use
codevip to edit the user configuration files, it is better to run
The output should look similar to this:
GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
useradd -c "Comment here" sarah -s /bin/bashsets a comment (-c) and defines the default shell (-s)
useradd bob -s /usr/sbin/nologinsets
nologinas the users's default shell because many users don't need shell access
useradd -m -u 1201 -G ops,dev lindaadds user, adds home directory (-m), adds user to groups ops and dev (-G), assigns _UID 1201+ (-u)
useraddcreates a locked account until you run
The login configuration file
/etc/login.defs file sets the configuration for the for the Shadow Password Suite. The following are some of its most significant attributes:
MOTD_FILE: Defines the file that is used as message of the day file. In this file, you can include messages to be displayed after the user has successfully logged into the server.
ENV_PATH: Defines the
$PATHvariable, a list of directories that should be searched for executable files after logging in.
PASS_WARN_AGE: Define the default password expiration properties when creating new users.
UID_MIN: The first UID to use when creating new users.
CREATE_HOME: Indicates whether or not to create a home directory for new users.
USERGROUPS_ENAB: Set to yes to create a private group for all new users. That means that a new user has a group with the same name as the user as its default group. If set to no, all users are made a member of the group users. 1
System-wide Bash shell startup files
/etc/profileruns system-wide environment variables and startup scripts
/etc/bashrccontains system-wide aliases and functions 2
Bash shell personal startup files
While creating a user,
useradd copies the
/etc/skel user environment configuration files to the new user's home directory. The following are the default configuration files:
~/.bash_profilecontains personal environment variables and startup scripts
~/.bashrccontains personal aliases and functions
~/.bash_logoutcontains personal scripts to run on logout3
Using usermod to modify users
These are a couple common use cases for
usermod -g sales mikeadds mike to sales as primary group
usermod -aG ops lisaadds lisa to ops as a secondary group
Managing password properties
Here are some example use cases for
chage -E 2018-12-31 bobsets Bob's account to expire on a specific date
chage -l lindalists account aging information
passwd -n 30 -x 90 lori -w 3sets minimum password age of 30 days, a maximum password age of 90 days (-w), and starts warning the user 3-days before the password expires (-w)
Linux group management
useradd command creates a default primary group with the same name as the user.
When a user creates a file, the group owner will be set to that user's primary group. Users have access to files owned by their secondary groups.
id command to list a user's group memberships:
The output should look something like this:
uid=1002(linda) gid=1003(account) groups=1003(account),1001(sales)
A common use case for secondary groups is to share documents between departments with a file server.
To create a new group, you can use the
vigr command to directly modify the
/etc/group file or you can run the
groupadd devsadds a group called dev
groupadd -g 404 devprojectadds a group called devproject with Group ID (GUID) 404
grep devproject /etc/groupto confirm that you successfully added a group
Modifying group membership
usermod -g 1003 frankchanges frank's primary group to account, assigning GUID of 1003
usermod -aG dev loriadds account as a secondary group for lori
usermod -g sales anoukchanges anouk's primary group to sales