User: A user is a special account which is used by a person to login on a computer.

It is usually necessary to differentiate between user accounts when a computer is used by many people so that their private data can be kept private.

 

Users:

• Local Users (non privileged user, limited powers)
  ID - Start from 500 upto 65000 (for non privileged users and group)
• Super user (admin account)
  ID = 0 (default)
• System users (not login users, service users, to activate services)
  ID – below 100

wali : x : 501 : 502  :IT Department:  /home/wali : /bin/bash
(login Name) : (Password Field): (User ID) : (Group ID) : (Description) : (Home Folder) :  (Login Shell)

 

Shell: Shell is a converter which make a communication between user and kernel.

 

Group: A collection of user accounts

 

Configuration Files:

• /etc/passwd          (Contains the database of all user accounts)
  
  Example of user entry in passwd file:
  wali : x : 501 : 502  :IT Department:  /home/wali : /bin/bash
  (login Name) : (Password Field): (User ID) : (Group ID) : (Description) : (Home Folder) :  (Login Shell)
  
  
• /etc/shadow          (contains the database of the passwords in encrypted format)
• /etc/group             (contains information of groups)
• /etc/gshadow        (contains information of group password)

Command	Description
useradd username	creates a user
useradd -c “comment” login name	to comment
passwd username	add the password
useradd -d /wali/user6 user6	to specify the home directory while creating a user
passwd -d username	remove the password
userdel -r username	remove user with home folder
userdel username	remove user but home folder
groupadd groupname	create a group
groupdel groupname	delete a group
usermod -g gid username	To change the primary group (or private group): Primary group – only 1 Secondary group – many (99)
usermod -G group name username	make a user member of a group
usermod -G group1,group2 username	(make a user member of both group
groups username	(to see which group the user is in
usermod -L username	(lock the user account
usermod -U username	unlock the user account
usermod -s /sbin/nologin username	(change the shell of a user
usermod -l newname oldname	to rename the user
groupmod -n newname oldname	to rename the group
useradd -ou userid username	more users on a single ID
chown -R:groupname foldername-or-path	to change the ownership of group only
chgrp -R user:group foldername-or-path	to change the ownership of group only

  

Making a user (wali) member of group (trainer):
# vim  /etc/group         (to see list of group and their groud id)
trainer:x:508
(exit)

 

# vim  /etc/passwd
wali:x:503:508            {change second 503 to 508 (id of trainer)}
(save & exit)

To change password of any user (for example: user=wali, password=password) in one line.

echo password | passwd wali --stdin

Creating bulk of users:

1. To create users from u10 to u60.
Run Following command to create 51 users (from u10 to u60) without password.

for i in u{10..60}; do useradd $i; passwd -d $i; done

2. To set their password:

1. Run following command to create a file pwlist in /tmp. It will contain list of users and their password p (in a format of username:password) for all users from u10 to u60 (51 users).

cut -c1-5 /etc/passwd | grep u | tail -51 | tr x p > /tmp/pwlist

3. Now run following command to set/change password to the bulk of users (mentioned in pwlist file):

chpasswd < /tmp/pwlist

 

Note: Sample of password file (In the following sample file, password is shown in bold letter).

username:password
user1:abc@123
user2:user2@123
user3:mangos

Deleting bulk of users (with their home directory)
(To delete all the users from u10 to u60, run following command):

for i in u{10..60}; do userdel -r $i; done

To see list of logged in user type who or w command:

who

OR

w

To logout user called raj, enter:

# pkill -KILL -u user1

Code to delete multiple users at a time:
#!/bin/ksh

for user in $(< dellist.txt)
do
userdel -r $user
done

Sudo (Users):
# visudo  -f  /etc/sudoers  (this file must be edited using visudo command)
(search Allow root to run any commands anywhere and type below the line of root)
wali      ALL=(ALL)       ALL
(save & exit)

 

Now logon using user (wali) and type following command:

 

vim  /etc/grub.conf                   (permission denied)
sudo  vim  /etc/grub.conf         (full permission like root)

 

Sudo (Group):
# visudo  -f  /etc/sudoers        (this file must be edited using visudo command)
(search allows people in group wheel to run all commands and type following below # %wheel.

Also check out nopasswd in order not to require password)
%trainer    ALL=(ALL)       ALL
(save & exit)

Now logon using any user (wali) of the group (trainer) and type following command:

vim  /etc/grub.conf                 (permission denied)

sudo  vim  /etc/grub.conf       (full permission like root)

su  -	Switch to root user
su  username	switch to user that you specify
sudo	command runs command as root (Requires prior configuration by a system-administrator)
id	shows information on the current user

 

To set password expiry day and all that:
chage  --help
chage  -l  u1
chage  -M  5  u1

 

To set password length and all that:
vim  /etc/pam.d/passwd
password  include  system-auth
(save & quit)

 

vim  /etc/pam.d/system-auth
password required       pam_cracklib.so try_first_pass retry=3 minlen=12 ocredit=1 dcredit=1 lcredit=1 ucredit=1
password required       pam_passwdqc.so retry=3 min=11,10,10,9,8
(save & quit)

Note:
/var/log/faillog    (for failed logs)

retry=3	means 3 attemps to set password (while changing or creating)
lcredit=1	lowercase =1 (atleast)
ucredit	means uppercase
dcredit	means digit
ocredit	other than l,u,dcredits