GNU/Linux Howtos

Linux and what you can do with it, including hosting, applications, and Raspberry Pi

Managing Users and Groups

Adding new users

While you can use codevip to edit the user configuration files, it is better to run useradd.

vim /etc/default/useradd

The output should look similar to this:

GROUP=100  
HOME=/home  
INACTIVE=-1  
EXPIRE=  
SHELL=/bin/bash  
SKEL=/etc/skel  
CREATE_MAIL_SPOOL=yes  

Useradd examples

  • useradd -c "Comment here" sarah -s /bin/bash sets a comment (-c) and defines the default shell (-s)
  • useradd bob -s /usr/sbin/nologin sets nologin as the users's default shell because many users don't need shell access
  • useradd -m -u 1201 -G ops,dev linda adds user, adds home directory (-m), adds user to groups ops and dev (-G), assigns _UID 1201+ (-u)
  • useradd creates a locked account until you run passwd user

The login configuration file

The /etc/login.defs file sets the configuration for the for the Shadow Password Suite. The following are some of its most significant attributes:

  • MOTD_FILE: Defines the file that is used as message of the day file. In this file, you can include messages to be displayed after the user has successfully logged into the server.

  • ENV_PATH: Defines the $PATH variable, a list of directories that should be searched for executable files after logging in.

  • PASS_MAX_DAYS, PASS_MIN_DAYS, and PASS_WARN_AGE: Define the default password expiration properties when creating new users.

  • UID_MIN: The first UID to use when creating new users.

  • CREATE_HOME: Indicates whether or not to create a home directory for new users.

  • USERGROUPS_ENAB: Set to yes to create a private group for all new users. That means that a new user has a group with the same name as the user as its default group. If set to no, all users are made a member of the group users. 1

System-wide Bash shell startup files

  • /etc/profile runs system-wide environment variables and startup scripts
  • /etc/bashrc contains system-wide aliases and functions 2

Bash shell personal startup files

While creating a user, useradd copies the /etc/skel user environment configuration files to the new user's home directory. The following are the default configuration files:

  • ~/.bash_profile contains personal environment variables and startup scripts
  • ~/.bashrc contains personal aliases and functions
  • ~/.bash_logout contains personal scripts to run on logout3

Using usermod to modify users

These are a couple common use cases for usermod:

  • usermod -g sales mike adds mike to sales as primary group
  • usermod -aG ops lisa adds lisa to ops as a secondary group

Managing password properties

Here are some example use cases for passwd and chage:

  • chage -E 2018-12-31 bob sets Bob's account to expire on a specific date
  • chage -l linda lists account aging information
  • passwd -n 30 -x 90 lori -w 3 sets minimum password age of 30 days, a maximum password age of 90 days (-w), and starts warning the user 3-days before the password expires (-w)

Linux group management

The useradd command creates a default primary group with the same name as the user.

When a user creates a file, the group owner will be set to that user's primary group. Users have access to files owned by their secondary groups.

Use the id command to list a user's group memberships:

id linda

The output should look something like this:
uid=1002(linda) gid=1003(account) groups=1003(account),1001(sales)

A common use case for secondary groups is to share documents between departments with a file server.

Creating groups

To create a new group, you can use the vigr command to directly modify the /etc/group file or you can run the groupadd command.

  • groupadd devs adds a group called dev
  • groupadd -g 404 devproject adds a group called devproject with Group ID (GUID) 404
  • grep devproject /etc/group to confirm that you successfully added a group

Modifying group membership

  • usermod -g 1003 frank changes frank's primary group to account, assigning GUID of 1003
  • usermod -aG dev lori adds account as a secondary group for lori
  • usermod -g sales anouk changes anouk's primary group to sales

  1. Excerpt from Sander van Vugt's Red Hat® RHCSA™/RHCE® 7 Cert Guide Premium Edition

  2. Derived from Linux From Scratch

  3. Also derived from Linux From Scratch